recent advances in parallel implementations of scalar
play

Recent Advances in Parallel Implementations of Scalar Multiplication - PowerPoint PPT Presentation

Mar 15, 2023 •31 likes •781 views

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves C. Negre and J.M. Robert april 8, 2015 1 / 39 Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic

  1. Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves C. Negre and J.M. Robert april 8, 2015 1 / 39

  2. Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic curve arithmetic 3 Scalar multiplication 4 2 / 39

  3. Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic curve arithmetic 3 Scalar multiplication 4 3 / 39

  4. Diffie-Hellmann key exchange Alice and Bob agree on a group ( G , + , O ) and a generating point of the group P . Alice Bob 4 / 39

  5. Diffie-Hellmann key exchange Alice and Bob agree on a group ( G , + , O ) and a generating point of the group P . Alice Bob a ← random () b ← random () 4 / 39

  6. Diffie-Hellmann key exchange Alice and Bob agree on a group ( G , + , O ) and a generating point of the group P . Alice Bob a ← random () b ← random () Computes A = a · P Computes B = b · P 4 / 39

  7. Diffie-Hellmann key exchange Alice and Bob agree on a group ( G , + , O ) and a generating point of the group P . Alice Bob sends A a ← random () b ← random () Computes A = a · P Computes B = b · P sends B 4 / 39

  8. Diffie-Hellmann key exchange Alice and Bob agree on a group ( G , + , O ) and a generating point of the group P . Alice Bob sends A a ← random () b ← random () Computes A = a · P Computes B = b · P sends B Computes K = a · B Computes K = b · A Shared secret key K = a · b · P 4 / 39

  9. Diffie-Hellmann key exchange Alice and Bob agree on a group ( G , + , O ) and a generating point of the group P . Alice Bob sends A a ← random () b ← random () Computes A = a · P Computes B = b · P sends B Computes K = a · B Computes K = b · A Shared secret key K = a · b · P The main operation is the scalar multiplication a · P . 4 / 39

  10. Group law for an elliptic curve y 2 = x 3 − 2 x + 1 P = ( x P , y P ) x Q = ( x Q , y Q ) 5 / 39

  11. Group law for an elliptic curve y 2 = x 3 − 2 x + 1 R = P + Q P = ( x P , y P ) x Q = ( x Q , y Q ) Addition (chord): � x R = λ − x P − x Q y R = y P − λ ( x R − x P ) with λ = y P − y Q x P − x Q 5 / 39

  12. Group law for an elliptic curve y 2 = x 3 − 2 x + 1 R = P + Q P = ( x P , y P ) P = ( x P , y P ) x x Q = ( x Q , y Q ) R = 2 P Doubling (tangent): Addition (chord): � x R � x R = λ − 2 x P = λ − x P − x Q y R = y P − λ ( x R − x P ) y R = y P − λ ( x R − x P ) with λ = y P − y Q with λ = 3 x 2 P + a x P − x Q 2 y P 5 / 39

  13. Scalar multiplication : k · P P Scalar multiplication: 7 P 2 · P x 3 P = (2 P ) + P 6 P = 2 · (3 P ) 7 P = (6 P ) + P 2 P 6 / 39

  14. Scalar multiplication : k · P P Scalar multiplication: 7 P 2 · P 3 P x 3 P = (2 P ) + P 6 P = 2 · (3 P ) 7 P = (6 P ) + P 2 P 6 / 39

  15. Scalar multiplication : k · P 6 P P Scalar multiplication: 7 P 2 · P 3 P 3 P = (2 P ) + P x 6 P = 2 · (3 P ) 7 P = (6 P ) + P 6 / 39

  16. Scalar multiplication : k · P 6 P P Scalar multiplication: 7 P 2 · P 3 P = (2 P ) + P x 6 P = 2 · (3 P ) 7 P = (6 P ) + P 7 P 6 / 39

  17. Hierarchy of operations ECDSA Diffie-Hellman ← Protocols (sign) (key exchange) ← Scalar multiplication Double-and-add Halve-and-add Point Point Point ← Curve operation doubling addition halving Field Field Field Quadratic ← Field operation addition multiplication inversion solver 7 / 39

  18. The considered elliptic curves E ( F 2 m ) Binary field: F 2 = Z / 2 Z . Extended binary field: F 2 m = F 2 [ t ] / ( f ( t )) where f ( t ) is irreducible. For A = � m − 1 i =0 a i t i and B = � m − 1 i =0 b i t i in F 2 m m − 1 � ( a i + b i ) · t i , addition : A + B = i =0 multiplication : A × B = A · B mod f ( t ) . Binary elliptic curve: the set of points P = ( x , y ) ∈ F 2 2 m satisfying E : y 2 + xy = x 3 + ax 2 + b , a , b ∈ F 2 m . 8 / 39

  19. Curve and field implemented NIST curve B233: defined over F 2 [ t ] / ( t 233 + t 74 + 1) with equation E : y 2 + xy = x 3 + x 2 + b where b =0 x 066647 ede 6 c 332 c 7 f 8 c 0923 bb 58213 b 333 b 20 e 9 ce 4281 fe 115 f 7 d 8 f 90 ad , N =6901746346790563787434755862277025555839812737345013555379383634485463 . GHS curve E ( F 2 2 · 127 ): defined over the field F 2 2 · 127 constructed as F [ t ] / ( t 127 + t 63 + 1) = F 2 127 F 2 127 [ u ] / ( u 2 + u + 1) = F 2 2 · 127 with curve equation E : y 2 + xy = x 3 + ux 2 + b √ b = 0 xE 2 DA 921 E 91 E 38 DD 1 and admitting an endomorphism. 9 / 39

  20. Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic curve arithmetic 3 Scalar multiplication 4 10 / 39

  21. F 2 m arithmetic over Intel Cores Intel Core i3,i5 and i7 offer: Logical instructions XOR, AND over 128 and 256 bits. PCLMUL instruction computing the product of two degree 64 binary polynomials. PSHUFB a byte shuffling instructions . Shifting instruction (vector 64 bit shifts and full 128 bit shifts). 11 / 39

  22. F 2 m arithmetic over Intel Cores Intel Core i3,i5 and i7 offer: Logical instructions XOR, AND over 128 and 256 bits. PCLMUL instruction computing the product of two degree 64 binary polynomials. PSHUFB a byte shuffling instructions . Shifting instruction (vector 64 bit shifts and full 128 bit shifts). We will see how to implement arithmetic over F 2 233 : 1 Polynomial multiplication with PCLMUL. 2 Polynomial squaring with PSHUFB. 3 Reduction with shift, 128-bit XOR and AND. 4 Look up table for quadratic-solver. 11 / 39

  23. Multiplication in F 2 233 with Karatsuba Karatsuba formula For A ( x ) = A h + t m / 2 A l and B ( x ) = B h + t m / 2 B l A × B = A h B h t m + (( A h + A l )( B h + B l ) + A h B h + A l B l ) t m / 2 + A l B l 12 / 39

  24. Multiplication in F 2 233 with Karatsuba Karatsuba formula For A ( x ) = A h + t m / 2 A l and B ( x ) = B h + t m / 2 B l A × B = A h B h t m + (( A h + A l )( B h + B l ) + A h B h + A l B l ) t m / 2 + A l B l Two recursions for degree m = 233: 128 bits A [3] A [2] A [1] A [0] × B [3] B [2] B [1] B [0] PCLMUL PCLMUL PCLMUL PCLMUL PCLMUL PCLMUL PCLMUL PCLMUL PCLMUL C [7] C [6] C [5] C [4] C [3] C [2] C [1] C [0] 12 / 39

  25. Squaring with PSHUFB Let a and b be two 128-bits data = 16 bytes. The PSHUFB instruction permute the bytes of a as specified by b b = 14 15 12 13 10 11 8 9 6 7 4 5 2 3 0 1 a = a[15] a[14] a[13] a[12] a[11] a[10] a[9] a[8] a[7] a[6] a[5] a[4] a[3] a[2] a[1] a[0] PSHUFB( b , a ) outputs c = a[14] a[15] a[12] a[13] a[10] a[11] a[8] a[9] a[6] a[7] a[4] a[5] a[2] a[3] a[0] a[1] In other words c [ i ] = a [ b [ i ]] 13 / 39

  26. Squaring with PSHUFB Squaring a polynomial b ( t ) = � m − 1 i =0 b i t i ∈ F 2 [ t ]: m − 1 � b ( t ) 2 = b i t 2 i . i =0 Aranha et al. 2010: Use PSHUFB for simultaneous look-up table: ◮ We store in a [ j ] the squaring of j (seen as an element of F 2 [ t ]) a [ j ] = j 2 for j = 0 , . . . , 16 . ◮ PSHUFB( b , a ) computes c [ i ] = a [ b [ i ]] = ( b [ i ]) 2 . Squaring 128 bits = 2 PSHUFB + 1 Masking + 3 shifts. 14 / 39

  27. Square root We express the square root of A ( t ) = � m − 1 i =0 a i t i as: even degree odd degree � �� � � �� � m − 1 m − 1 2 2 � � a 2 i t 2 i + a 2 i +1 t 2 i +1 )) 1 / 2 ( A ( t )) 1 / 2 = ( ( i =0 i =0 �� m − 1 � �� m − 1 � + √ x i =0 a 2 i t i i =0 a 2 i +1 t i 2 2 = Masking: We separate A as A odd and A even . PSHUB: We suppress zeros in A odd and A even . Shift and XOR: we multiply A odd by √ x = and XOR it to A even . 15 / 39

  28. Reduction modulo f ( t ) = t 233 + t 74 + 1 c 464 · · · c 384 c 383 · · · · · · c 256 c 255 · · · · · · c 128 c 127 · · · · · · c 1 c 0 0 · · · · · · 0 16 / 39

  29. Reduction modulo f ( t ) = t 233 + t 74 + 1 c 464 · · · c 384 c 383 · · · · · · c 256 c 255 · · · · · · c 128 c 127 · · · · · · c 1 c 0 0 · · · · · · 0 t 384 = t 225 + t 151 c 464 · · · c 384 0 · · · · · · 0 c 464 · · · c 384 0 · · · · · · 0 16 / 39

  30. Reduction modulo f ( t ) = t 233 + t 74 + 1 c 383 · · · · · · c 256 c 255 · · · · · · c 128 c 127 · · · · · · c 1 c 0 c 464 · · · c 384 0 · · · · · · 0 c 464 · · · c 384 0 · · · · · · 0 c r , 383 · · · · · · c r , 256 c r , 255 · · · · · · c r , 128 c r , 127 · · · · · · c r , 1 c r , 0 16 / 39

  31. Reduction modulo f ( t ) = t 233 + t 74 + 1 c 383 · · · · · · c 256 c 255 · · · · · · c 128 c 127 · · · · · · c 1 c 0 c 464 · · · c 384 0 · · · · · · 0 c 464 · · · c 384 0 · · · · · · 0 c r , 383 · · · · · · c r , 256 c r , 255 · · · · · · c r , 128 c r , 127 · · · · · · c r , 1 c r , 0 t 256 = t 97 + t 23 c r , 383 · · · · · · c r , 256 c r , 383 · · · · · · c r , 256 16 / 39

  32. Reduction modulo f ( t ) = t 233 + t 74 + 1 c 383 · · · · · · c 256 c 255 · · · · · · c 128 c 127 · · · · · · c 1 c 0 c 464 · · · c 384 0 · · · · · · 0 c 464 · · · c 384 0 · · · · · · 0 c r , 255 · · · · · · c r , 128 c r , 127 · · · · · · c r , 1 c r , 0 c r , 383 · · · · · · c r , 256 c r , 383 · · · · · · c r , 256 c r , 255 .. c r , 233 · · · c r , 128 c r , 127 · · · · · · c r , 1 c r , 0 16 / 39

Recommend

Recent Advances in Photonic Recent Advances in Photonic effect employing IP- based distributed

Recent Advances in Photonic Recent Advances in Photonic effect employing IP- based distributed

Development of Photonic Network Optical burst switching Next Generation Enhancement of Networks Dynamic (Adaptive) Optical Path Control statistical >10Tb/s multiplexing Photonic MPLS Network Recent Advances in Photonic Recent Advances

762 views • 8 slides
Recent Advances in Biomolecular NMR Lucia Banci CERM University of Florence Recent Advances

Recent Advances in Biomolecular NMR Lucia Banci CERM University of Florence Recent Advances

Recent Advances in Biomolecular NMR Lucia Banci CERM University of Florence Recent Advances in Biomolecular NMR Protonless NMR for the characterization of Unfolded proteins, Large protein assemblies, Paramagnetic systems I n cell

635 views • 42 slides
Recent Advances in Biomolecular NMR Lucia Banci CERM University of Florence Recent Advances

Recent Advances in Biomolecular NMR Lucia Banci CERM University of Florence Recent Advances

Recent Advances in Biomolecular NMR Lucia Banci CERM University of Florence Recent Advances in Biomolecular NMR Protonless NMR for the characterization of Unfolded proteins, Large protein assemblies, Paramagnetic systems I n cell

1.23k views • 70 slides
Confl flict and Development: Recent Advances and Future Agendas Professor Patricia Justino

Confl flict and Development: Recent Advances and Future Agendas Professor Patricia Justino

Confl flict and Development: Recent Advances and Future Agendas Professor Patricia Justino Institute of Development Studies, UK Where we are Three main advances in recent research on conflict and violence: shift from state-level to more

323 views • 9 slides
On Parallel Processing of Aggregate and Scalar Functions in Object-Relational DBMS Michael

On Parallel Processing of Aggregate and Scalar Functions in Object-Relational DBMS Michael

On Parallel Processing of Aggregate and Scalar Functions in Object-Relational DBMS Michael Jaedicke, Bernhard Mitschang ACM SIGMOD 1998, 06/04/1998 Overview: Introduction to user-defined functions Parallel processing of UDFs a

505 views • 18 slides
Recent Advances Aly Khawaja Outline STAR- CCM+: a complete simulation workflow Emphasis on

Recent Advances Aly Khawaja Outline STAR- CCM+: a complete simulation workflow Emphasis on

Meshing in STAR-CCM+: Recent Advances Aly Khawaja Outline STAR- CCM+: a complete simulation workflow Emphasis on pre-processing technology Recent advances in surface preparation and meshing Continue to enhance flexibility, control,

1.13k views • 30 slides
Performance Issues for Parallel Implementations of Bootstrap Simulation Algorithm 22 nd

Performance Issues for Parallel Implementations of Bootstrap Simulation Algorithm 22 nd

Performance Issues for Parallel Implementations of Bootstrap Simulation Algorithm 22 nd International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD 2010) Ricardo M. Czekster, Paulo Fernandes, Afonso Sales and Thais

964 views • 37 slides
Parallel Programming Libraries and Implementations Reusing this material This work is licensed

Parallel Programming Libraries and Implementations Reusing this material This work is licensed

Parallel Programming Libraries and Implementations Reusing this material This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. http://creativecommons.org/licenses/by-nc-sa/4.0/deed.en_US

589 views • 28 slides
Parallel Programming Libraries and implementations Reusing this material This work is licensed

Parallel Programming Libraries and implementations Reusing this material This work is licensed

Parallel Programming Libraries and implementations Reusing this material This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. http://creativecommons.org/licenses/by-nc-sa/4.0/deed.en_US

612 views • 30 slides
Parallel Programming Libraries and implementations Funding Partners bioexcel.eu Reusing this

Parallel Programming Libraries and implementations Funding Partners bioexcel.eu Reusing this

Parallel Programming Libraries and implementations Funding Partners bioexcel.eu Reusing this material This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License.

411 views • 23 slides
Recent advances in Mandelbrot martingales theory Julien Barral, Universit e Paris Nord

Recent advances in Mandelbrot martingales theory Julien Barral, Universit e Paris Nord

Recent advances in Mandelbrot martingales theory Julien Barral, Universit e Paris Nord Advances in Fractals and Related Topics, CUHK, September 2012 J. Barral Recent advances in Mandelbrot martingales theory Mandelbrot martingales Let = {

736 views • 54 slides
Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte

Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte

Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte Carlo Rendering Deriva've Analysis Wojciech Jarosz wjarosz@disneyresearch.com Thursday, July 16, 15 Path tracing -

1.36k views • 99 slides
Recent Advances in Adaptive Sampling and Reconstruction for Monte

Recent Advances in Adaptive Sampling and Reconstruction for Monte

Recent Advances in Adaptive Sampling and Reconstruction for Monte Carlo Rendering M. Zwicker W. Jarosz J. Lehtinen B. Moon R. Ramamoorthi Univ. of Bern Disney Research Aalto

543 views • 13 slides
Recent Advances in Two-loop Superstrings Eric DHoker Institut des Hautes Etudes Scientifiques,

Recent Advances in Two-loop Superstrings Eric DHoker Institut des Hautes Etudes Scientifiques,

Recent Advances in Two-loop Superstrings Eric DHoker Institut des Hautes Etudes Scientifiques, 2014 May 6 Eric DHoker Recent Advances in Two-loop Superstrings Outline 1. Overview of two-loop superstring methods, including global issues;

627 views • 31 slides
Distributed Aggregation for Data- Parallel Computing Interfaces and Implementations Yuan Yu

Distributed Aggregation for Data- Parallel Computing Interfaces and Implementations Yuan Yu

Distributed Aggregation for Data- Parallel Computing Interfaces and Implementations Yuan Yu Pradeep Kumar Gunda Michael Isard Microsoft Research Silicon Valley Dryad and DryadLINQ Automatic query plan generation by DryadLINQ Automatic

721 views • 30 slides
Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent

Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent

Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent Advances in Adversarial (Examples in) Machine Learning Nicholas Carlini Google Research The Year is 2014 Someone tells you they have a new algorithm to

1.52k views • 139 slides
Recent advances on the acceleration of first-order methods in convex optimization . Juan

Recent advances on the acceleration of first-order methods in convex optimization . Juan

Recent advances on the acceleration of first-order methods in convex optimization . Recent advances on the acceleration of first-order methods in convex optimization . Juan PEYPOUQUET Universidad T ecnica Federico Santa Mar a Second

1.05k views • 86 slides
Recent Theoretical Advances in Sparse Approximation Joel A. Tropp

Recent Theoretical Advances in Sparse Approximation Joel A. Tropp

Recent Theoretical Advances in Sparse Approximation Joel A. Tropp <jtropp@ices.utexas.edu> Institute for Computational Engineering and Sciences The University of Texas at Austin Includes joint work with A. C. Gilbert, S.

1.17k views • 80 slides
Thank you for joining us. The program will commence momentarily. Recent Advances in Medical

Thank you for joining us. The program will commence momentarily. Recent Advances in Medical

Thank you for joining us. The program will commence momentarily. Recent Advances in Medical Oncology: Targeted Therapy for Lung Cancer Wednesday, July 15, 2020 5:00 PM 6:30 PM ET Faculty Alexander E Drilon, MD Professor Solange Peters,

1.54k views • 111 slides
Some Recent Advances in Nonnegative Matrix Factorization and their Applications to Hyperspectral

Some Recent Advances in Nonnegative Matrix Factorization and their Applications to Hyperspectral

Some Recent Advances in Nonnegative Matrix Factorization and their Applications to Hyperspectral Unmixing Nicolas Gillis https://sites.google.com/site/nicolasgillis/ Universit e de Mons Department of Mathematics and Operational Research

1.15k views • 72 slides
Accuracy and Stability: recent advances in C.A.G.D. J.M. Pe na* *University of Zaragoza, Spain

Accuracy and Stability: recent advances in C.A.G.D. J.M. Pe na* *University of Zaragoza, Spain

Accuracy and Stability: recent advances in C.A.G.D. J.M. Pe na* *University of Zaragoza, Spain M.A.I.A. 2013 , Erice 1 Effects of finite precision arithmetic on numerical algorithms: Roundoff errors. Data uncertainty. Key concepts:

485 views • 44 slides
Thank you for joining us. The program will commence momentarily. Recent Advances in Medical

Thank you for joining us. The program will commence momentarily. Recent Advances in Medical

Thank you for joining us. The program will commence momentarily. Recent Advances in Medical Oncology: Melanoma Wednesday, July 22, 2020 5:00 PM 6:00 PM ET Faculty Michael B Atkins, MD Professor Georgina Long, AO, BSc, PhD, MBBS Jason J

1.53k views • 107 slides
From Declarative Signatures to Misuse IDS 4th International Symposium on Recent Advances in

From Declarative Signatures to Misuse IDS 4th International Symposium on Recent Advances in

From Declarative Signatures to Misuse IDS 4th International Symposium on Recent Advances in Intrusion Detection (RAID'01) October 10-12, 2001 - Davis, CA, USA Jean-Philippe P OUZOL Mireille D UCASS IRISA / INSA de Rennes (France)

412 views • 24 slides
Thank you for joining us. The program will commence momentarily. Recent Advances in Medical

Thank you for joining us. The program will commence momentarily. Recent Advances in Medical

Thank you for joining us. The program will commence momentarily. Recent Advances in Medical Oncology: Urothelial Bladder Carcinoma Monday, August 3, 2020 5:00 PM 6:00 PM ET Faculty Arjun Balar, MD Thomas Powles, MBBS, MRCP, MD Arlene

1.55k views • 106 slides

More recommend