an algorithm for the t pairing calculation in
play

An Algorithm for the T Pairing Calculation in Characteristic Three - PowerPoint PPT Presentation

Apr 06, 2024 •155 likes •576 views

An Algorithm for the T Pairing Calculation in Characteristic Three and its Hardware Implementation Jean-Luc Beuchat 1 Masaaki Shirase 2 Tsuyoshi Takagi 2 Eiji Okamoto 1 1 Graduate School of Systems and Information Engineering University of

  1. An Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation Jean-Luc Beuchat 1 Masaaki Shirase 2 Tsuyoshi Takagi 2 Eiji Okamoto 1 1 Graduate School of Systems and Information Engineering University of Tsukuba, Japan 2 Future University-Hakodate, Japan Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 1 / 25

  2. Outline of the Talk Example: Three-Party Key Agreement 1 Computation of the η T Pairing 2 Hardware Architecture 3 Conclusion 4 Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 2 / 25

  3. Example: Three-Party Key Agreement Key agreement How can Alice, Bob, and Chris agree upon a shared secret key? Alice Bob ? Chris Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 3 / 25

  4. Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = � P � : additively-written group of order n DLP: given P , Q , find the integer x ∈ { 0 , . . . , n − 1 } such that Q = xP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25

  5. Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = � P � : additively-written group of order n DLP: given P , Q , find the integer x ∈ { 0 , . . . , n − 1 } such that Q = xP Diffie-Hellman problem (DHP) Given P , aP , and bP , find abP . Alice Bob a b aP bP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25

  6. Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = � P � : additively-written group of order n DLP: given P , Q , find the integer x ∈ { 0 , . . . , n − 1 } such that Q = xP Diffie-Hellman problem (DHP) Given P , aP , and bP , find abP . Alice aP Bob a b aP bP bP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25

  7. Example: Three-Party Key Agreement Discrete logarithm problem (DLP) G = � P � : additively-written group of order n DLP: given P , Q , find the integer x ∈ { 0 , . . . , n − 1 } such that Q = xP Diffie-Hellman problem (DHP) Given P , aP , and bP , find abP . Alice Bob a b abP abP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 4 / 25

  8. Example: Three-Party Key Agreement Alice Bob a b aP bP Chris c cP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25

  9. Example: Three-Party Key Agreement Alice Bob a b aP bP bP First round aP cP Chris c cP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25

  10. Example: Three-Party Key Agreement Alice Bob a b abP bcP Chris c acP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25

  11. Example: Three-Party Key Agreement Alice Bob a b abP bcP bcP Second round abP acP Chris c acP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25

  12. Example: Three-Party Key Agreement Alice Bob a b abcP abcP Chris c abcP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 5 / 25

  13. Example: Three-Party Key Agreement Three-party two-round key agreement protocol Does a three-party one-round key agreement protocol exist? Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 6 / 25

  14. Example: Three-Party Key Agreement Bilinear pairing G 1 = � P � : additively-written group G 2 : multiplicatively-written group with identity 1 A bilinear pairing on ( G 1 , G 2 ) is a map ˆ e : G 1 × G 1 → G 2 that satisfies the following conditions: Bilinearity. For all Q , R , S ∈ G 1 , 1 ˆ e ( Q + R , S ) = ˆ e ( Q , S )ˆ e ( R , S ) and ˆ e ( Q , R + S ) = ˆ e ( Q , R )ˆ e ( Q , S ). Non-degeneracy. ˆ e ( P , P ) � = 1. 2 Computability. ˆ e can be efficiently computed. 3 Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 7 / 25

  15. Example: Three-Party Key Agreement Bilinear Diffie-Hellman problem (BDHP) e ( P , P ) abc Given P , aP , bP , and cP , compute ˆ Assumption: the BDHP is difficult Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 8 / 25

  16. Example: Three-Party Key Agreement Alice Bob a b aP bP Chris c cP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 9 / 25

  17. Example: Three-Party Key Agreement bP Alice Bob a b aP bP aP aP cP bP cP Chris c cP Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 9 / 25

  18. Example: Three-Party Key Agreement Alice Bob a b ˆ e ( bP , cP ) a e ( aP , cP ) b ˆ e ( bP , cP ) a = ˆ e ( aP , cP ) b = ˆ e ( aP , bP ) c = ˆ e ( P , P ) abc ˆ Chris c e ( aP , bP ) c ˆ Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 9 / 25

  19. Example: Three-Party Key Agreement Examples of cryptographic bilinear maps Weil pairing Tate pairing η T pairing (Barreto et al. ) Ate pairing (Hess et al. ) Applications Identity based encryption Short signature Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 10 / 25

  20. Computation of the η T Pairing Elliptic curve over F 3 m Q = ( x q , y q ) P = ( x p , y p ) P η T pairing η T ( P , Q ) η T ( P , Q ) W ∈ F 3 6 m Exponentiation calculation ( F 3 6 m ) Q Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 11 / 25

  21. Computation of the η T Pairing – Tower Field ρ 2 1 ρ F 3 6 m = F 3 2 m [ ρ ] / ( ρ 3 − ρ − 1) 1 σ F 3 2 m = F 3 m [ σ ] / ( σ 2 + 1) x 2 x m − 3 x m − 2 x m − 1 1 x F 3 m = F 3 [ x ] / ( f ( x )) F 3 = Z / 3 Z = { 0, 1, 2 } Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 12 / 25

  22. Computation of the η T Pairing – Tower Field F 3 2 m F 3 2 m F 3 2 m ρ 2 σρ 2 1 σ ρ σρ 12 m bits F 3 6 m x m − 3 x m − 2 x m − 1 x 2 1 x 2 m bits F 3 m 2 bits F 3 Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 13 / 25

  23. Computation of the η T Pairing η T ( P , Q ) Addition Multiplication Cubing Cube root Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 14 / 25

  24. Computation of the η T Pairing m +1 η T ( P , Q ) 3 2 η T ( P , Q ) Addition Addition Multiplication Multiplication Cubing Cubing Cube root Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 14 / 25

  25. Computation of the η T Pairing m +1 η T ( P , Q ) 3 2 η T ( P , Q ) Addition Addition Multiplication Multiplication Cubing Cubing Cube root Bilinearity of η T ( P , Q ) W � 2 � W m +1 � � � 3 η T ( P , Q ) W = 3 m � �� m − 1 � η T 3 P , Q � 2 Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 14 / 25

  26. Computation of the η T Pairing Multiplication over F 3 6 m – Exponentiation Only one multiplication Operands: A and B ∈ F 3 6 m Cost: 18 multiplications and 58 additions over F 3 m Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 15 / 25

  27. Computation of the η T Pairing Multiplication over F 3 6 m – Exponentiation Only one multiplication Operands: A and B ∈ F 3 6 m Cost: 18 multiplications and 58 additions over F 3 m Multiplication over F 3 6 m – η T ( P , Q ) m +1 multiplications 2 Operands: A and B ∈ F 3 6 m with ρ 2 σρ 2 1 σ ρ σρ A = 0 − 1 0 a 0 a 1 a 2 a 0 , a 1 , and a 2 ∈ F 3 m Cost: 13 multiplications and 46 additions over F 3 m Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 15 / 25

  28. Hardware Architecture P = ( x p , y p ) η T ( P , Q ) η T ( P , Q ) W Exponentiation Q = ( x q , y q ) η T pairing calculation Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 16 / 25

  29. Hardware Architecture P = ( x p , y p ) η T ( P , Q ) η T ( P , Q ) W Exponentiation Q = ( x q , y q ) η T pairing calculation Multiplication over F 3 6 m New algorithm ◮ 15 multiplications and 29 additions over F 3 m ◮ Allows one to share operands between multipliers (less registers) Architecture ◮ 9 multipliers ◮ Most significant coefficient first (Horner’s rule) Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 16 / 25

  30. Hardware Architecture Prototype Field: F 3 97 = F 3 [ x ] / ( x 97 + x 12 + 2) FPGA: Cyclone II EP2C35 (Altera) η T ( P , Q ) Exponentiation (Waifi 2007) Arithmetic over F 3 97 Unified operator ◮ 9 multipliers Area: 2787 LEs ◮ 2 adders Frequency: 159 MHz ◮ 1 cubing unit Computation time: 26 µ s Area: 14895 LEs Frequency: 149 MHz Computation time: 33 µ s Jean-Luc Beuchat (University of Tsukuba) η T Pairing in Characteristic Three Arith 18 17 / 25

Recommend

A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties

A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties

Abelian Varieties and Pairing-Based Cryptography Constructing Pairing-Friendly Abelian Varieties Analyzing the Algorithm A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties David Freeman Stanford

537 views • 16 slides
Pairing Pairing is the process by which we condition ourselves, the teaching materials, and

Pairing Pairing is the process by which we condition ourselves, the teaching materials, and

Pairing & Manding Vincent J. Carbone Ed.D., BCBA-D NYS Licensed Behavior Analyst Carbone Clinic New York Boston Dubai www.CarboneClinic.com www.TheCarboneclinic.ae IESCUM Parma, Italy December 1,2 & 3, 2016 1 Pairing

622 views • 35 slides
Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is device pairing? What is the problem? The wireless communica8on channel is rela8vely easy to

298 views • 9 slides
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan Luo, Tongbo Luo CCS 2020 IoT Pairing Pairing is supposed to establish a secure communication channel IoT pairing is important for adding

345 views • 21 slides
Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear Bilinear Pairing Two (or three) groups with an

1.67k views • 118 slides
Pairing-Based Cryptography & Generic Groups Lecture 22 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 22 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 22 Bilinear Pairing Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear Bilinear Pairing Two (or three) groups with an

1.44k views • 105 slides
Pairing time-reversal states J = 0 + (a) +m -m k F k F K k F + L.N.

Pairing time-reversal states J = 0 + (a) +m -m k F k F K k F + L.N.

Nuclear pairing from microscopic forces (with applications) Paolo Finelli Dept. of Physics and Astronomy, University of Bologna paolo. fj nelli@bo.infn.it Based on Phys. Rev. C 90, 044003 Published 21 October 2014 Pairing time-reversal

674 views • 22 slides
Pairing-Based Cryptography & Generic Groups Lecture 22 1 Bilinear Pairing 2 Bilinear

Pairing-Based Cryptography & Generic Groups Lecture 22 1 Bilinear Pairing 2 Bilinear

Pairing-Based Cryptography & Generic Groups Lecture 22 1 Bilinear Pairing 2 Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear 2 Bilinear Pairing Two (or three) groups

1.06k views • 102 slides
Calculation of Periodic Travelling Wave Stability: A Users Guide Jonathan A. Sherratt

Calculation of Periodic Travelling Wave Stability: A Users Guide Jonathan A. Sherratt

Case Study: Mussel Bed Patterns in the Wadden Sea Calculation of Wavetrain Existence Applications of Wavetrains Calculation of Wavetrain Stability Objective of Talk Calculation of Stability Boundaries in Parameter Space Conclusions

959 views • 50 slides
Computer Programming II Algorithm Analysis and Sorting Techniques Algorithm A sequence of

Computer Programming II Algorithm Analysis and Sorting Techniques Algorithm A sequence of

Computer Programming II Algorithm Analysis and Sorting Techniques Algorithm A sequence of well-defined instructions, which with a finite number of steps solves a problem or calculation. Components Sequence: a succession of instructions

654 views • 38 slides
Exponentiating in Pairing Groups Joppe W. Bos, Craig Costello, and Michael Naehrig SAC 2013

Exponentiating in Pairing Groups Joppe W. Bos, Craig Costello, and Michael Naehrig SAC 2013

Exponentiating in Pairing Groups Joppe W. Bos, Craig Costello, and Michael Naehrig SAC 2013 Vancouver, Canada August 16, 2013 Exponentiating in Pairing Groups The pairing explosion The big (bilinear) bang: [Jou00] , [SOK00] , [BF01] . . . . .

311 views • 16 slides
Another Approach to Pairing Computation in Edwards Coordinates Sorina Ionica PRISM, Universit

Another Approach to Pairing Computation in Edwards Coordinates Sorina Ionica PRISM, Universit

Another Approach to Pairing Computation in Edwards Coordinates Sorina Ionica PRISM, Universit e de Versailles joint work with Antoine Joux Sorina Ionica Pairing Computation in Edwards Coordinates What is a pairing? A pairing is a map

361 views • 25 slides
Example The sorting problems is defined as follows: n Input set: sequence of numbers <a 1 ,

Example The sorting problems is defined as follows: n Input set: sequence of numbers <a 1 ,

Advanced Programming Complexity Algorithms and Complexity Algorithm An algorithm is a calculation procedure (composed by a finite number of steps) which solves a certain problem, working on a set of input values and producing a set of output

381 views • 15 slides
Secure Pairing Getting from nothing to something Johannes Gilger

Secure Pairing Getting from nothing to something Johannes Gilger

Secure Pairing Getting from nothing to something Johannes Gilger <Gilger@UMIC.RWTH-Aachen.de> RWTH Aachen University Smart Object Security Workshop, 23 March 2012 Introduction Definition / Terminology Secure Pairing:

711 views • 4 slides
Further Together: Curated Pairing Culture @Pivotal Neha Batra @nerdneha

Further Together: Curated Pairing Culture @Pivotal Neha Batra @nerdneha

Further Together: Curated Pairing Culture @Pivotal Neha Batra @nerdneha #furtherpairingtogether #qconsf Goals 1. Failed Attempts 2. Pairing @ Pivotal Labs 3. Pair Programming & You 4. Good times 5. War Stories 6. Lessons Learned

1.07k views • 95 slides
Experiments to probe the pairing properties of double-beta decay candidates. Speculations from

Experiments to probe the pairing properties of double-beta decay candidates. Speculations from

Experiments to probe the pairing properties of double-beta decay candidates. Speculations from an experimentalist point of view on pairing- related effects that might be important for 0 matrix element. Sean J Freeman TRIUMF Workshop

625 views • 26 slides
Semi-Inclusive Reactions: N, Z, Nucleon momenta, and Pairing Lawrence Weinstein Old Dominion

Semi-Inclusive Reactions: N, Z, Nucleon momenta, and Pairing Lawrence Weinstein Old Dominion

Semi-Inclusive Reactions: N, Z, Nucleon momenta, and Pairing Lawrence Weinstein Old Dominion University N, Z and high momentum nucleons: 54-40 or Fight aka The CaFe Experiment Goal: understand pairing mechanisms in symmetric and

181 views • 16 slides
Functions (subprograms) - 1 of 4 Often you would like to do the same calculation in several

Functions (subprograms) - 1 of 4 Often you would like to do the same calculation in several

Functions (subprograms) - 1 of 4 Often you would like to do the same calculation in several different places inside a program, without involving the user. One way is to copy the code. When you update the calculation later you must do it in

334 views • 4 slides
Best of Both Worlds: Remote Pairing in Action Joel Friedman Alex Rutkowski Overview what is

Best of Both Worlds: Remote Pairing in Action Joel Friedman Alex Rutkowski Overview what is

Best of Both Worlds: Remote Pairing in Action Joel Friedman Alex Rutkowski Overview what is Outpace? pros and cons of traditional work settings benefits of remote pairing developer setup and tools process with videos q

415 views • 25 slides
Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of

Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of

Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of light-cone correlation functions So Use Operator-Product-Expansion to formulate in terms of Mellin Moments with respect to Bjorken x . Z d

317 views • 10 slides
Algorithm Analysis, Asymptotic notations CISC4080 CIS, Fordham Univ. Instructor: X. Zhang

Algorithm Analysis, Asymptotic notations CISC4080 CIS, Fordham Univ. Instructor: X. Zhang

Algorithm Analysis, Asymptotic notations CISC4080 CIS, Fordham Univ. Instructor: X. Zhang Last class Introduction to algorithm analysis: fibonacci seq calculation counting number of computer steps recursive formula for

1.1k views • 32 slides
Comparing the Pairing Efficiency over Composite-Order and Prime-Order Elliptic Curves Aurore

Comparing the Pairing Efficiency over Composite-Order and Prime-Order Elliptic Curves Aurore

Introduction BGN protocol with a symmetric pairing BGN conversions Our implementation Conclusion Comparing the Pairing Efficiency over Composite-Order and Prime-Order Elliptic Curves Aurore Guillevic C2, Dinard, France C2 2012 1/23 grid

558 views • 23 slides
Rank-Pairing Heaps Bernard Haeupler Siddhartha Sen Robert E. Tarjan Presentation by Alexander

Rank-Pairing Heaps Bernard Haeupler Siddhartha Sen Robert E. Tarjan Presentation by Alexander

Introduction Related Data Structures Rank-Pairing Heaps Conclusion Rank-Pairing Heaps Bernard Haeupler Siddhartha Sen Robert E. Tarjan Presentation by Alexander Pokluda Cheriton School of Computer Science, University of Waterloo, Canada SIAM

515 views • 24 slides
Usability Analysis of Secure Pairing Methods 12 , 3 , 23 Ersin Uzun Kristiina Karvonen N.

Usability Analysis of Secure Pairing Methods 12 , 3 , 23 Ersin Uzun Kristiina Karvonen N.

Usability Analysis of Secure Pairing Methods 12 , 3 , 23 Ersin Uzun Kristiina Karvonen N. Asokan 1 University Of California, Irvine 2 Nokia Research Center 3 Helsinki University of Technology Outline What is secure pairing and why is it

533 views • 31 slides

More recommend