1,844 research outputs found
Generalised Mersenne Numbers Revisited
Generalised Mersenne Numbers (GMNs) were defined by Solinas in 1999 and
feature in the NIST (FIPS 186-2) and SECG standards for use in elliptic curve
cryptography. Their form is such that modular reduction is extremely efficient,
thus making them an attractive choice for modular multiplication
implementation. However, the issue of residue multiplication efficiency seems
to have been overlooked. Asymptotically, using a cyclic rather than a linear
convolution, residue multiplication modulo a Mersenne number is twice as fast
as integer multiplication; this property does not hold for prime GMNs, unless
they are of Mersenne's form. In this work we exploit an alternative
generalisation of Mersenne numbers for which an analogue of the above property
--- and hence the same efficiency ratio --- holds, even at bitlengths for which
schoolbook multiplication is optimal, while also maintaining very efficient
reduction. Moreover, our proposed primes are abundant at any bitlength, whereas
GMNs are extremely rare. Our multiplication and reduction algorithms can also
be easily parallelised, making our arithmetic particularly suitable for
hardware implementation. Furthermore, the field representation we propose also
naturally protects against side-channel attacks, including timing attacks,
simple power analysis and differential power analysis, which is essential in
many cryptographic scenarios, in constrast to GMNs.Comment: 32 pages. Accepted to Mathematics of Computatio
Efficient Unified Arithmetic for Hardware Cryptography
The basic arithmetic operations (i.e. addition, multiplication, and inversion) in finite fields, GF(q), where q = pk and p is a prime integer, have several applications in cryptography, such as RSA algorithm, Diffie-Hellman key exchange algorithm [1], the US federal Digital Signature Standard [2], elliptic curve cryptography [3, 4], and also recently identity based cryptography [5, 6]. Most popular finite fields that are heavily used in cryptographic applications due to elliptic curve based schemes are prime fields GF(p) and binary extension fields GF(2n). Recently, identity based cryptography based on pairing operations defined over elliptic curve points has stimulated a significant level of interest in the arithmetic of ternary extension fields, GF(3^n)
Efficient unified Montgomery inversion with multibit shifting
Computation of multiplicative inverses in finite fields GF(p) and GF(2/sup n/) is the most time-consuming operation in elliptic curve cryptography, especially when affine co-ordinates are used. Since the existing algorithms based on the extended Euclidean algorithm do not permit a fast software implementation, projective co-ordinates, which eliminate almost all of the inversion operations from the curve arithmetic, are preferred. In the paper, the authors demonstrate that affine co-ordinate implementation provides a comparable speed to that of projective co-ordinates with careful hardware realisation of existing algorithms for calculating inverses in both fields without utilising special moduli or irreducible polynomials. They present two inversion algorithms for binary extension and prime fields, which are slightly modified versions of the Montgomery inversion algorithm. The similarity of the two algorithms allows the design of a single unified hardware architecture that performs the computation of inversion in both fields. They also propose a hardware structure where the field elements are represented using a multi-word format. This feature allows a scalable architecture able to operate in a broad range of precision, which has certain advantages in cryptographic applications. In addition, they include statistical comparison of four inversion algorithms in order to help choose the best one amongst them for implementation onto hardware
High Speed Hardware Architecture to Compute GF(p) Montgomery Inversion with Scalability Features
Modular inversion is a fundamental process in several cryptographic systems. It can be computed in software or hardware, but hardware computation has been proven to be faster and more secure. This research focused on improving an old scalable inversion hardware architecture proposed in 2004 for finite field GF(p). The architecture comprises two parts, a computing unit and a memory unit. The memory unit holds all the data bits of computation whereas the computing unit performs all the arithmetic operations in word (digit) by word bases such that the design is scalable. The main objective of this paper is to show the cost and benefit of modifying the memory unit to include shifting, which was previously one of the tasks of the scalable computing unit. The study included remodeling the entire hardware architecture removing the shifter from the scalable computing part and embedding it in the non-scalable memory unit instead. This modification resulted in a speedup to the complete inversion process with an area increase due to the new memory shifting unit. Several design schemes have been compared giving the user the complete picture to choose from depending on the application need
Speeding up a scalable modular inversion hardware architecture
The modular inversion is a fundamental process in several cryptographic systems.
It can be computed in software or hardware, but hardware computation proven to be
faster and more secure. This research focused on improving an old scalable inversion
hardware architecture proposed in 2004 for finite field GF(p). The architecture has
been made of two parts, a computing unit and a memory unit. The memory unit is to
hold all the data bits of computation whereas the computing unit performs all the
arithmetic operations in word (digit) by word bases known as scalable method.
The main objective of this project was to investigate the cost and benefit of
modifying the memory unit to include parallel shifting, which was one of the tasks of
the scalable computing unit. The study included remodeling the entire hardware
architecture removing the shifter from the scalable computing part embedding it in
the memory unit instead. This modification resulted in a speedup to the complete
inversion process with an area increase due to the new memory shifting unit.
Quantitative measurements of the speed area trade-off have been investigated. The
results showed that the extra hardware to be added for this modification compared to
the speedup gained, giving the user the complete picture to choose from depending on
the application need.the British council in Saudi Arabia, KFUPM, Dr. Tatiana Kalganova at the Electrical &
Computer Engineering Department of Brunel University in Uxbridg
Improved quantum circuits for elliptic curve discrete logarithms
We present improved quantum circuits for elliptic curve scalar
multiplication, the most costly component in Shor's algorithm to compute
discrete logarithms in elliptic curve groups. We optimize low-level components
such as reversible integer and modular arithmetic through windowing techniques
and more adaptive placement of uncomputing steps, and improve over previous
quantum circuits for modular inversion by reformulating the binary Euclidean
algorithm. Overall, we obtain an affine Weierstrass point addition circuit that
has lower depth and uses fewer gates than previous circuits. While previous
work mostly focuses on minimizing the total number of qubits, we present
various trade-offs between different cost metrics including the number of
qubits, circuit depth and -gate count. Finally, we provide a full
implementation of point addition in the Q# quantum programming language that
allows unit tests and automatic quantum resource estimation for all components.Comment: 22 pages, to appear in: Int'l Conf. on Post-Quantum Cryptography
(PQCrypto 2020
Efficient Implementations of Pairing-Based Cryptography on Embedded Systems
Many cryptographic applications use bilinear pairing such as identity based signature, instance identity-based key agreement, searchable public-key encryption, short signature scheme, certificate less encryption and blind signature. Elliptic curves over finite field are the most secure and efficient way to implement bilinear pairings for the these applications. Pairing based cryptosystems are being implemented on different platforms such as low-power and mobile devices. Recently, hardware capabilities of embedded devices have been emerging which can support efficient and faster implementations of pairings on hand-held devices. In this thesis, the main focus is optimization of Optimal Ate-pairing using special class of ordinary curves, Barreto-Naehring (BN), for different security levels on low-resource devices with ARM processors. Latest ARM architectures are using SIMD instructions based NEON engine and are helpful to optimize basic algorithms. Pairing implementations are being done using tower field which use field multiplication as the most important computation. This work presents NEON implementation of two multipliers (Karatsuba and Schoolbook) and compare the performance of these multipliers with different multipliers present in the literature for different field sizes. This work reports the fastest implementation timing of pairing for BN254, BN446 and BN638 curves for ARMv7 architecture which have security levels as 128-, 164-, and 192-bit, respectively. This work also presents comparison of code performance for ARMv8 architectures
Interacting Bose and Fermi gases in low dimensions and the Riemann hypothesis
We apply the S-matrix based finite temperature formalism to non-relativistic
Bose and Fermi gases in 1+1 and 2+1 dimensions. In the 2+1 dimensional case,
the free energy is given in terms of Roger's dilogarithm in a way analagous to
the relativistic 1+1 dimensional case. The 1d fermionic case with a
quasi-periodic 2-body potential provides a physical framework for understanding
the Riemann hypothesis.Comment: version 3: additional appendix explains how the to
duality of Riemann's follows from a special modular
transformation in a massless relativistic theor
- …