WO1999030458A1 - Transformation methods for optimizing elliptic curve cryptographic computations - Google Patents
Transformation methods for optimizing elliptic curve cryptographic computations Download PDFInfo
- Publication number
- WO1999030458A1 WO1999030458A1 PCT/US1998/025824 US9825824W WO9930458A1 WO 1999030458 A1 WO1999030458 A1 WO 1999030458A1 US 9825824 W US9825824 W US 9825824W WO 9930458 A1 WO9930458 A1 WO 9930458A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- point
- expression
- mapping
- field
- elliptic curve
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/725—Finite field arithmetic over elliptic curves
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/728—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic using Montgomery reduction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Definitions
- the present invention relates to software and hardware implementation of elliptic curve cryptographic systems, in particular, and systems that require computation of calculations involving a finite number of arbitrary field operations within a finite field, in general
- Public-key cryptographic systems provide essential capabilities needed in systems requiring secure exchange of information between entities (people or computer systems) that may have never exchanged data with one another before Most modern information systems, including the Internet, fit this description
- entities people or computer systems
- Public-key cryptosystems enable such purchases through providing capabilities such as encryption, decryption, digital signatures, and signature verification
- an entity interested in receiving secure messages from others publishes his or her "public key " Others use this public-key to encrypt messages they send to the entity These messages can be decrypted only through the use of a
- RSA public-key cryptosystem The security of a public-key cryptosystem depends on how difficult it is to derive a private key from its associated, known public key. The more complex it is to mathematically derive the private key, the more time it takes a computer to "break" a public key by "guessing" its corresponding private key.
- the relationship between RSA's public and private keys is governed by the mathematics of factorization of large composite integers.
- RSA public and private keys are large integers represented as a binary bit pattern. The longer a key, the harder it is and the longer it takes a computer to break it by deriving its private key. For example, modern advances in factorization algorithms and distributed computing have made breaking 400-bit RSA keys possible.
- ECC Elliptic Curve Cryptography
- ECC In order to be commercially viable, ECC needs to allow the same functionality as RSA at comparable speeds, as well as lower costs of implementation in hardware and software. Efficient ECC will enable implementation of many envisioned modern systems that would otherwise be economically infeasible As such, much research has been focused on achieving efficient ECC in the academia and industry. The most common approach to achieving efficient ECC is briefly described below.
- ECC methods take advantage of specific features of mathematical "groups” called “elliptic curves.”
- An elliptic curve is related to and “constructed over" a mathematical "field.” Any finite field can be chosen to construct an elliptic curve, but the exact choice of the field significantly affects the properties of the elliptic curve and the efficiency of computer implementations that represent the "operations" defined within that elliptic curve.
- One of the most computationally intense operations used in all ECC implementations is known as “elliptic curve point multiplication.” Point multiplication requires the computation of eP, where P is a "point” in the elliptic curve and e is a positive integer. This operation is central to many elliptic curve cryptography functions, including encryption, decryption, random number generation, key-exchange, digital signing, and signature verification.
- GF(p) and GF(2 k ) Two broad categories of fields, called GF(p) and GF(2 k ) have been chosen by the Institute of Electrical and Electronics Engineers (IEEE) as international standards for Elliptic Curve Cryptography. While most academic and commercial research today is concentrated on implementing ECC over either GF(p) or GF(2 k ), the exact advantages or disadvantages of each choice with respect to cryptography is not clearly understood at this point. Furthermore, both GF(p) and GF(2 k ) encompass countless particular individual member fields within them. Each individual member field has its own properties that affect the computational characteristics of an ECC implementation. Furthermore, given a particular individual member field within GF(p) or GF(2 k ), numerous elliptic "curves" can be constructed over such field. The choice of the curve, too, affects the computational characteristics of the resulting ECC implementation.
- pfx is an element of/- In mathematical shorthand, /.f ⁇ . e h, where the symbol "e” is commonly read as “belongs to” or "is a member of "
- a particular set S is a
- a “mapping” is a relationship that associates each member of a set with a particular member of another set
- n any non-negative integer
- r the integer remainder which results when n is divided by p
- r n modp
- a mapping T may be constructed between the
- T is said to
- mapping from the set N into the set R " N is referred to as the "domain” of the mapping T, while R is said to be the "range” of the mapping T
- the "image" of the set N under the mapping 7 ' is the unique subset of R where every element is an image of at least one element of N In other words, if F denotes the image of N
- member of E is an image of some element of N under T, then Tis said to map N'Onto" E.
- transformation is used to refer to a mapping.
- An "ordered pair” is a mathematical notion that references pairs of objects under circumstances where one needs to keep track of which object is the "first" element of the pair and which object is the "second” element of the pair.
- the set of all pairs of husbands and wife is a set of ordered pairs, whose members can be represented by the notation (x, y), where x is an element of the set of all husbands, and_ is an element of the set of all wife.
- X and Y be any arbitrary sets.
- the "cross product" of X and Y is the set of all ordered pairs whose first elements come from X and whose second elements come from Y.
- cross product o ⁇ X and Y is written as X x Y and is defined by the set of all ordered pairs (x, y),
- x e X may e Y.
- X ⁇ 0,1 ⁇ and 7- ⁇ 0,1,2 ⁇
- X ⁇ Y ⁇ (0, 0), (0, 1), (0, 2), (1, 0), (1, 1), (1, 2) ⁇
- T F xF —> F as follows: given any ordered pair (x, y) e F x F, where x e F and v e /- ' , let the image of (x, y) under The the integer that is the result of calculating the expression (x + y) mod 7.
- T( (x, y) ) (x + y) mod 7.
- T((x, y)) is often written as x ⁇ y.
- the symbol "•” is called the "binary operator” and is used to
- a “group” is a set G together with a binary operation "•" defined within the set G such
- element / is referred to as the "identity" element in G.
- G is said to be group under the •
- a "field” is a set E together with two binary set operations + and • defined within E such
- E is an Abelian group under the + operation.
- the + operation is referred to as the "addition operation" of the field.
- the • operation is referred to as the "multiplication operation" of the field.
- the identity element of the field under the multiplication operation is denoted as 1, which is an element of F distinct from 0.
- x ⁇ l which is referred to as the "multiplicative inverse" of x.
- a field F is a "finite field" if it has a finite number of elements.
- the field F above is a specific example of a family of finite fields known as GF(p), where/, is any prime number. Given a particular prime number/?, GF(p) is defined as the set ⁇ 0, 1, ..., p ⁇ l ⁇ of non-negative integers less than ., together with the addition operation + given by integer addition modp, and the
- example is the field GF(7) .
- the equation itself is a valid equation in GF(7), too.
- the set of all “solutions” to this equation i.e. the set of all ordered pairs that satisfy the equation in GF(7), is equal to ⁇ (0, 1), (1, 3), (2, 5), (3, 0), (4, 2), (5, 4), (6,
- x k represents that unique element of E which results when x is multiplied by itself k
- x° is defined to be equal to 1.
- kx represents that unique element of E which results when x is added to itself k many times using the addition operation in F.
- kx x ⁇ x ... + x, where there are k-1 many + operators in the expression.
- x's multiplicative inverse, x ⁇ ' may be computationally intense. It is possible to view the task of computing the inverse of x as a set operation.
- a "unary set operation" T defined within a set S is a mapping from S onto S. The word unary underscores the fact that unlike binary set operations, the domain of T is made up of single, individual members of S. Given any element x of S, let T
- x is a variable in F, meaning that before the expression is evaluated, some particular element of E must be substituted for x in the expression.
- the particular member of E which is substituted for x is the
- the set of all polynomials of degree k defined over GF(2) is referred to as GF(2 k ). It is known that given any k greater than 1, specific addition and multiplication operations can be defined within GF(2 k ) in such a way so that GF(2 k ) forms a field under such operations.
- the set GF(2 k ) is the set of all polynomials of order k whose polynomial coefficients are either 0 or 1.
- the expression/ can and will be assumed to be in fully reduced form, in which all calculations in the expression that involve only constants have already been performed, and the resulting constants substituted into the expression.
- G GF(p) and • is the multiplication operation in E Since 1985, some work in industry and academia has been focused on extending the use of the Montgomery algorithm to expressions of a
- This section describes a particular substitution technique that is often used to manipulate expressions involving elements and operations defined within a field F.
- the technique involves replacing all instances of a specific pattern of operations and/or operands in/ with another specific pattern.
- x and y represent any member of E and let a, b, c, and r be specific
- the source expression s is given by 5 -" x, where x stands for any single variable within the expression/
- the substitution technique simply replaces all occurrences of the variable represented by the source expression s by the pattern given by the target expression t.
- the substitution technique calls for constructing the set S of all subexpressions of/that "match" the source expression .v.
- the substitution technique works by replacing each member of the set S by the corresponding pattern given by the target expression t, except that before the substitution technique is applied to any member s of the set S, it is first applied to any other members of S that s is a subexpression of.
- the substitution technique calls for constructing the set S of all subexpressions of/ that "match" the source expression s.
- the set S is given by the set of all subexpressions s of the expression/ which are of the
- substitution technique works by replacing each member of the set S by the corresponding pattern given by the target expression t, except that before the substitution technique is applied to any member 5 of the set S, it is first applied to any other members of S that 5 is a subexpression of.
- G is a mathematical group that is constructed over a specific field F, according to a specific set of rules that depend on the exact nature of E. In general, G is a subset
- x, y are members of GF(p) together with an extra point O, usually named as the point at infinity. It is assumed that/? is a prime number greater than 3 and a, b in GF ⁇ ) are selected such
- Equation A Equation A
- a non-supersingular elliptic curve over the field GF(2 ) is defined by the parameters a and
- x 3 (L ⁇ L) - L -t- X ⁇ - x 2 - 1 - a
- y 3 x, ⁇ x, + (x, + y, ⁇ x, '1 ) • x -r x 3
- An elliptic curve cryptographic operation whether it is an encryption, a decryption, a signature, or a key-pass operation, always involves the computation of eR given e and R, where P is a point on the curve and e is a positive integer
- 1 e the computation of e given P and eR is known to be very difficult
- This is called the elliptic curve discrete logarithm problem, for which no efficient algorithm is currently known
- the addition operation in the elliptic curve group, G is defined using a series of field operations from the underlying field, F, given two points P and 0 in G, computation of R - O or
- equations 4 above show that computation of R 0 requires one field inversion, three field multiplications, and nine field additions
- the computation ofP P requires one field inversion, three field multiplications and five field additions, as demonstrated by equations 5
- 18(3,10) is (6,19).
- the elliptic curve discrete logarithm problem then becomes: knowing (3,10) and (6, 19) and that (6, 19) is an integer multiple of (3,10), what is this integer?
- the integer used for this example is equal to 18.
- the present invention optimizes the calculation of Elliptic Curve Cryptography computations through a transformation method that permits the use of any elliptic curve defined over any field F in a secure and efficient manner.
- the invention utilizes an arbitrary integer e, and a point P on an elliptic curve group G defined over a field E, where the group G is a subset of the field F crossed with the field E.
- the present invention constructs a set
- G' a mapping from G into the set G .
- the present invention also includes a method for optimizing the calculation of cryptographic operations involving arbitrary expressions in finite field arithmetic through a transformation method that permits the use of any field F in an efficient manner.
- the invention includes a method for transforming any arbitrary finite calculation in any finite field into a canonical form in which other previously known algorithms can be applied, thereby achieving increased calculation speed and efficiency.
- the present invention teaches a set of transformations of the cryptographic calculations that allows the use of other known techniques that have only been applicable to certain limited special cases prior to this invention. DETAILED DESCRIPTION OF THE INVENTION
- the present invention provides a method for optimizing ECC computations for any curve in any field through focusing on one of the most computationally intense operations used in all ECC implementations, known as "elliptic curve point multiplication."
- Point multiplication requires the computation of eR, where R is a point in the elliptic curve and e is a positive integer.
- This operation is central to many elliptic curve cryptography functions, including encryption, decryption, random number generation, key-exchange, digital signing, and signature verification.
- the present invention achieves efficient ECC by providing a methodology for optimizing the implementation of the elliptic curve point multiplication operation.
- the present invention can be utilized to implement ECC over any curve in any field, including all individual member fields in GF ⁇ ) and GF(2 k ).
- the present invention further provides a methodology for optimizing computation of calculations involving a finite number of arbitrary field operations within any finite field. These calculations play a key role in computer implementations of numerous systems, including elliptic curve crypto systems.
- the present invention provides a "transformation method" which can be used to enable optimized implementations of elliptic curve cryptographic systems in hardware and software.
- the present invention because it employs a reversible transformation applied to the elements of the elliptic group, does not in any way alter the fundamental security properties of the mathematical algorithm used to perform the elliptic curve cryptography.
- the security of the overall ECC algorithm is determined by the choice of elliptic curve equations, number representation, arithmetic algorithms and other implementation aspects.
- the present invention can be used in any and all potential ECC applications, ranging from software for secure distribution of digital products such as movies and songs to hardware chips embedded in consumer electronic products such as cellular phones and smart cards
- ECC applications ranging from software for secure distribution of digital products such as movies and songs to hardware chips embedded in consumer electronic products such as cellular phones and smart cards
- the cost- saving potential of the present invention can significantly enhance existing commercial applications and make previously infeasible business opportunities economically viable.
- the present invention provides an improved method to optimize the computation of eR, where e is an integer and R is an element
- the present invention includes.
- T 1 T(P,) ⁇ T(P 2 ) ⁇ ... 9 T(I J) is in general more optimized than computation of P, - P 2 - ... - R l .
- the additional cost of transforming the elements of G may or may not
- the present invention further provides a particular method for construction of G' T, and
- G is a subset of E xF
- points in G can be written as ordered pairs (x, y), where x and_v are elements of the field E.
- the present invention provides that a particular member r of E is first selected.
- the element r may be selected to be any member of the field F. Let t be the
- G' is the set of all elements of E xEthat have a point in G mapped to
- the present invention further provides that T ⁇ s the transformation from G onto G'such
- map 0' (u v , any element of G' to (u' ⁇ A ' , v' • r ⁇ ! ).
- this more detailed embodiment of the present invention includes the steps of:
- eR may through careful definition of a ⁇ operation in G'and careful selection of r. Certain values
- r may provide faster software implementations, while others may enable more algorithmic parallelism.
- a new transformed operation ⁇ is constructed such that conditions (i), (ii), and (iii)
- the present invention includes a method for optimizing calculations of eR when E is an
- G is an elliptic curve group over E e
- GF ⁇ GF ⁇
- G' T, T 1 are constructed in accordance with the method of the invention described in
- Equations A' above give the coordinates for O ' As such, it can be shown that,
- the present invention has provided a method for the selection of ' 7 ' , ⁇ , and A and their corresponding algorithms in a manner such that given P,, P 2 , ... , R. v e G, where N is
- T(P,) ⁇ T(P ) ⁇ ... ⁇ T(Psj) involves repeated application of the expressions in
- a new transformed operation ⁇ is constructed such that conditions (i), (ii), and (iii)
- the present invention further includes a method for optimizing calculations of eR when F
- G is an individual member field o ⁇ GF(2 k ).
- G is an elliptic curve group over F e
- GF(2 k ), and G', T, 1 are constructed in accordance with the method of the invention described in Section B, above, through choosing an arbitrary element r of F.
- the present invention
- present invention derives the following set of field equations for the operation of "doubling a
- Equations A' above give the coordinates for 0'.
- the present invention has provided a method for the selection of G ' T, ⁇ , and T ⁇ ' and
- T(P,) ⁇ T(P 2 ) ⁇ ... ⁇ T(P N ) involves repeated application of the expressions in
- the present invention further provides a method for achieving higher efficiencies when utilizing the methods of Sections C and D above by providing specific choices of r
- the present invention works with any element r in the field F over which the elliptic curve group G is defined.
- the exact choice of the element r affects the computational characteristics of the resulting calculations.
- the present invention teaches that the selection of r can optimize specific aspects of a software and/or hardware implementation within specific computer environments For instance, choosing r to be a multiple of 32 can have beneficial effects
- Field GF(2 k ) r is selected as x k modnfa, where n(x) is the irreducible polynomial generating the field GF(2 )
- n(x) is the irreducible polynomial generating the field GF(2 )
- Other selections of r for different fields are also possible
- the transformation algorithms work independently of this selection.
- the present invention further provides a method for optimizing calculation of a finite number of arbitrary field operations over any finite field Let/be a valid expression defined within
- the present invention provides a method for optimizing computation of/ which includes carrying out the following steps in sequence (1) Select r to be any single element of the field F
- the element r a constant
- the element r will be used to transform the expression / into a new expression/' through applying a series of substitutions in accordance with the substitution technique described earlier in this document
- the expression/ may coincidentally contain constants or variables that may have the same field value as the selected element r, without affecting this procedure
- Subsequent steps of this procedure will rely on the expression/being initially free of "primed" symbols such as d' or j ' ' If the expression/ initially contains any variables or constants which are denoted by "primed" symbols, then replace each primed variable or constant symbol with
- this step is to label as ® all of the original • operators occurring in the expression/ to
- x ' denotes a primed variable or primed constant occurring in the expression/ ⁇ , specifically excluding all instances of the unprimed constant r.
- the effect of this step is to replace every primed symbol with its unprimed form multiplied by r.
- the present invention has carefully specified the preceding steps in such a way as to ensure that
- the present invention provides a method to transform any expression/ involving a
- the Montgomery Algorithm can be applied to the expression/' • r ⁇ ' to
- the present invention may also be used with "projective coordinates," which are used to eliminate the need for performing inversion
- projective coordinates a point on the elliptic curve group G has 3 coordinate values, (xi, y ⁇ i) while the affine coordinates requires only two values: (x it yi).
- the present invention can also be used in conjunction with projective coordinates.
- the present invention may be implemented on any conventional or general purpose PC computer system. It may also be used in conjunction with any network system, including the Internet.
- a preferred embodiment of a computer system for implementing this invention is an Intel Pentium II PC 233 MHz, running Windows NT 4.0.
- the present invention can be implemented in any programming language including C and Java.
- the following are examples of pseudo code suitable for implementing the present invention.
- T' (y) Multiply (lambda' , (P 1 (x) + T" (x) ) ) + T' (x) + P' (y) return T end
- DoublePoint Input P' : Transformed Point on the EC
- Output T' : Transformed Point on the EC
- references describe the mathematical background for the present invention Those references include P L Montgomery, Modular multiplication without trial division,
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2000524894A JP2001526416A (en) | 1997-12-05 | 1998-12-04 | Conversion method for optimization of elliptic curve encryption operation |
CA002310588A CA2310588A1 (en) | 1997-12-05 | 1998-12-04 | Transformation methods for optimizing elliptic curve cryptographic computations |
BR9815161-4A BR9815161A (en) | 1997-12-05 | 1998-12-04 | Method for producing an elliptically curved multiplication product; method for optimizing the calculation of an expression, method for producing an elliptically curved addition product; apparatus for producing an elliptically curve point multiplication product |
AU21983/99A AU758621B2 (en) | 1997-12-05 | 1998-12-04 | Transformation methods for optimizing elliptic curve cryptographic computations |
EP98965973A EP1038371A4 (en) | 1997-12-05 | 1998-12-04 | Transformation methods for optimizing elliptic curve cryptographic computations |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US6931497P | 1997-12-05 | 1997-12-05 | |
US60/069,314 | 1997-12-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999030458A1 true WO1999030458A1 (en) | 1999-06-17 |
Family
ID=22088145
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1998/025824 WO1999030458A1 (en) | 1997-12-05 | 1998-12-04 | Transformation methods for optimizing elliptic curve cryptographic computations |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP1038371A4 (en) |
JP (1) | JP2001526416A (en) |
CN (1) | CN1280726A (en) |
AU (1) | AU758621B2 (en) |
BR (1) | BR9815161A (en) |
CA (1) | CA2310588A1 (en) |
WO (1) | WO1999030458A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6307935B1 (en) * | 1991-09-17 | 2001-10-23 | Apple Computer, Inc. | Method and apparatus for fast elliptic encryption with direct embedding |
US6343305B1 (en) | 1999-09-14 | 2002-01-29 | The State Of Oregon Acting By And Through The State Board Of Higher Education On Behalf Of Oregon State University | Methods and apparatus for multiplication in a galois field GF (2m), encoders and decoders using same |
FR2821944A1 (en) * | 2001-03-12 | 2002-09-13 | Gemplus Card Int | Method for protecting a scalar multiplication algorithm against attacks by measurement of current, comprises introduction of random feature which affects method of calculation but not result |
FR2821945A1 (en) * | 2001-03-12 | 2002-09-13 | Gemplus Card Int | Method for protecting cryptographic procedures against attacks through current and electromagnetic radiation measurements, comprises random selection of second group isomorphic to first group |
FR2824210A1 (en) * | 2001-04-27 | 2002-10-31 | Gemplus Card Int | COUNTER-MEASUREMENT METHOD IN AN ELECTRONIC COMPONENT USING A CRYPTOGRAPHIC ALGORITHM OF THE PUBLIC KEY TYPE ON AN ELLIPTICAL CURVE |
FR2824653A1 (en) * | 2001-05-11 | 2002-11-15 | Gemplus Card Int | Elliptic curve cryptography method, particularly for chip card use, where it is intrinsically secure against attacks that try to discover data during processing |
US7209555B2 (en) * | 2001-10-25 | 2007-04-24 | Matsushita Electric Industrial Co., Ltd. | Elliptic curve converting device, elliptic curve converting method, elliptic curve utilization device and elliptic curve generating device |
US7499544B2 (en) | 2003-11-03 | 2009-03-03 | Microsoft Corporation | Use of isogenies for design of cryptosystems |
US7664957B2 (en) | 2004-05-20 | 2010-02-16 | Ntt Docomo, Inc. | Digital signatures including identity-based aggregate signatures |
CN103078732A (en) * | 2013-01-08 | 2013-05-01 | 武汉大学 | Prime field elliptic curve crypto dot product accelerating circuit |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100440776C (en) * | 2002-11-29 | 2008-12-03 | 北京华大信安科技有限公司 | Elliptic curve signature and signature verification method and apparatus |
WO2006056234A1 (en) * | 2004-11-24 | 2006-06-01 | Hewlett-Packard Development Company, L.P. | Smartcard with cryptographic functionality and method and system for using such cards |
US7602907B2 (en) * | 2005-07-01 | 2009-10-13 | Microsoft Corporation | Elliptic curve point multiplication |
CN100414492C (en) * | 2005-11-04 | 2008-08-27 | 北京浦奥得数码技术有限公司 | Elliptic curve cipher system and implementing method |
US8311214B2 (en) * | 2006-04-24 | 2012-11-13 | Motorola Mobility Llc | Method for elliptic curve public key cryptographic validation |
CN101079701B (en) * | 2006-05-22 | 2011-02-02 | 北京华大信安科技有限公司 | Highly secure ellipse curve encryption and decryption method and device |
US8548160B2 (en) * | 2010-01-13 | 2013-10-01 | Microsoft Corporation | Determination of pairings on a curve using aggregated inversions |
CN104601322A (en) * | 2013-10-31 | 2015-05-06 | 上海华虹集成电路有限责任公司 | Montgomery step algorithm for ternary extension field in cryptographic chip |
CN104267926B (en) * | 2014-09-29 | 2018-03-09 | 北京宏思电子技术有限责任公司 | The method and apparatus for obtaining elliptic curve cipher data |
CN108337091A (en) * | 2018-03-22 | 2018-07-27 | 北京中电华大电子设计有限责任公司 | P times of point calculating method of specified point on a kind of SM9 elliptic curves line of torsion |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5159632A (en) * | 1991-09-17 | 1992-10-27 | Next Computer, Inc. | Method and apparatus for public key exchange in a cryptographic system |
US5373560A (en) * | 1991-12-06 | 1994-12-13 | Schlafly; Roger | Partial modular reduction method |
US5442707A (en) * | 1992-09-28 | 1995-08-15 | Matsushita Electric Industrial Co., Ltd. | Method for generating and verifying electronic signatures and privacy communication using elliptic curves |
US5463690A (en) * | 1991-09-17 | 1995-10-31 | Next Computer, Inc. | Method and apparatus for public key exchange in a cryptographic system |
US5497423A (en) * | 1993-06-18 | 1996-03-05 | Matsushita Electric Industrial Co., Ltd. | Method of implementing elliptic curve cryptosystems in digital signatures or verification and privacy communication |
US5577124A (en) * | 1995-03-09 | 1996-11-19 | Arithmetica, Inc. | Multi-purpose high speed cryptographically secure sequence generator based on zeta-one-way functions |
US5854759A (en) * | 1997-05-05 | 1998-12-29 | Rsa Data Security, Inc. | Methods and apparatus for efficient finite field basis conversion |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
UA57827C2 (en) * | 1998-02-18 | 2003-07-15 | Інфінеон Текнолоджіз Аг | Method and device for cryptographic data processing by using an elliptic curve |
-
1998
- 1998-12-04 JP JP2000524894A patent/JP2001526416A/en active Pending
- 1998-12-04 BR BR9815161-4A patent/BR9815161A/en not_active Application Discontinuation
- 1998-12-04 CA CA002310588A patent/CA2310588A1/en not_active Abandoned
- 1998-12-04 WO PCT/US1998/025824 patent/WO1999030458A1/en not_active Application Discontinuation
- 1998-12-04 EP EP98965973A patent/EP1038371A4/en not_active Withdrawn
- 1998-12-04 CN CN98811822A patent/CN1280726A/en active Pending
- 1998-12-04 AU AU21983/99A patent/AU758621B2/en not_active Ceased
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5159632A (en) * | 1991-09-17 | 1992-10-27 | Next Computer, Inc. | Method and apparatus for public key exchange in a cryptographic system |
US5463690A (en) * | 1991-09-17 | 1995-10-31 | Next Computer, Inc. | Method and apparatus for public key exchange in a cryptographic system |
US5581616A (en) * | 1991-09-17 | 1996-12-03 | Next Software, Inc. | Method and apparatus for digital signature authentication |
US5805703A (en) * | 1991-09-17 | 1998-09-08 | Next Software, Inc. | Method and apparatus for digital signature authentication |
US5373560A (en) * | 1991-12-06 | 1994-12-13 | Schlafly; Roger | Partial modular reduction method |
US5442707A (en) * | 1992-09-28 | 1995-08-15 | Matsushita Electric Industrial Co., Ltd. | Method for generating and verifying electronic signatures and privacy communication using elliptic curves |
US5497423A (en) * | 1993-06-18 | 1996-03-05 | Matsushita Electric Industrial Co., Ltd. | Method of implementing elliptic curve cryptosystems in digital signatures or verification and privacy communication |
US5577124A (en) * | 1995-03-09 | 1996-11-19 | Arithmetica, Inc. | Multi-purpose high speed cryptographically secure sequence generator based on zeta-one-way functions |
US5751808A (en) * | 1995-03-09 | 1998-05-12 | Anshel; Michael M. | Multi-purpose high speed cryptographically secure sequence generator based on zeta-one-way functions |
US5854759A (en) * | 1997-05-05 | 1998-12-29 | Rsa Data Security, Inc. | Methods and apparatus for efficient finite field basis conversion |
Non-Patent Citations (1)
Title |
---|
See also references of EP1038371A4 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6307935B1 (en) * | 1991-09-17 | 2001-10-23 | Apple Computer, Inc. | Method and apparatus for fast elliptic encryption with direct embedding |
US6343305B1 (en) | 1999-09-14 | 2002-01-29 | The State Of Oregon Acting By And Through The State Board Of Higher Education On Behalf Of Oregon State University | Methods and apparatus for multiplication in a galois field GF (2m), encoders and decoders using same |
FR2821944A1 (en) * | 2001-03-12 | 2002-09-13 | Gemplus Card Int | Method for protecting a scalar multiplication algorithm against attacks by measurement of current, comprises introduction of random feature which affects method of calculation but not result |
FR2821945A1 (en) * | 2001-03-12 | 2002-09-13 | Gemplus Card Int | Method for protecting cryptographic procedures against attacks through current and electromagnetic radiation measurements, comprises random selection of second group isomorphic to first group |
FR2824210A1 (en) * | 2001-04-27 | 2002-10-31 | Gemplus Card Int | COUNTER-MEASUREMENT METHOD IN AN ELECTRONIC COMPONENT USING A CRYPTOGRAPHIC ALGORITHM OF THE PUBLIC KEY TYPE ON AN ELLIPTICAL CURVE |
WO2002088933A1 (en) * | 2001-04-27 | 2002-11-07 | Gemplus | Countermeasure method in an electronic component using a public key cryptographic algorithm on an elliptic curve |
FR2824653A1 (en) * | 2001-05-11 | 2002-11-15 | Gemplus Card Int | Elliptic curve cryptography method, particularly for chip card use, where it is intrinsically secure against attacks that try to discover data during processing |
WO2002093411A1 (en) * | 2001-05-11 | 2002-11-21 | Gemplus | Device used to perform exponentiation calculations applied to points on an elliptical curve |
US7209555B2 (en) * | 2001-10-25 | 2007-04-24 | Matsushita Electric Industrial Co., Ltd. | Elliptic curve converting device, elliptic curve converting method, elliptic curve utilization device and elliptic curve generating device |
US7499544B2 (en) | 2003-11-03 | 2009-03-03 | Microsoft Corporation | Use of isogenies for design of cryptosystems |
US7664957B2 (en) | 2004-05-20 | 2010-02-16 | Ntt Docomo, Inc. | Digital signatures including identity-based aggregate signatures |
CN103078732A (en) * | 2013-01-08 | 2013-05-01 | 武汉大学 | Prime field elliptic curve crypto dot product accelerating circuit |
Also Published As
Publication number | Publication date |
---|---|
BR9815161A (en) | 2000-10-10 |
EP1038371A1 (en) | 2000-09-27 |
JP2001526416A (en) | 2001-12-18 |
CA2310588A1 (en) | 1999-06-17 |
EP1038371A4 (en) | 2002-01-30 |
AU758621B2 (en) | 2003-03-27 |
AU2198399A (en) | 1999-06-28 |
CN1280726A (en) | 2001-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Galbraith | Elliptic curve Paillier schemes | |
Gordon | A survey of fast exponentiation methods | |
Khalique et al. | Implementation of elliptic curve digital signature algorithm | |
Wiener et al. | Faster attacks on elliptic curve cryptosystems | |
Blake et al. | Elliptic curves in cryptography | |
US6876745B1 (en) | Method and apparatus for elliptic curve cryptography and recording medium therefore | |
WO1999030458A1 (en) | Transformation methods for optimizing elliptic curve cryptographic computations | |
US7961874B2 (en) | XZ-elliptic curve cryptography with secret key embedding | |
Ciet et al. | (Virtually) free randomization techniques for elliptic curve cryptography | |
US20080044013A1 (en) | Koblitz Exponentiation with Bucketing | |
US7483533B2 (en) | Elliptic polynomial cryptography with multi x-coordinates embedding | |
US20030059043A1 (en) | Elliptic curve signature verification method and apparatus and a storage medium for implementing the same | |
Robshaw et al. | Elliptic curve cryptosystems | |
Pelzl et al. | Low cost security: Explicit formulae for genus-4 hyperelliptic curves | |
Lange et al. | Efficient doubling on genus two curves over binary fields | |
EP0952697B1 (en) | Elliptic curve encryption method and system | |
Smart | A comparison of different finite fields for elliptic curve cryptosystems | |
Gong et al. | The GH public-key cryptosystem | |
Menezes | Evaluation of security level of cryptography: The elliptic curve discrete logarithm problem (ECDLP) | |
Lange | Koblitz curve cryptosystems | |
Shankar et al. | Cryptography with elliptic curves | |
Kirlar | Efficient message transmission via twisted Edwards curves | |
Brumley | Efficient three-term simultaneous elliptic scalar multiplication with applications | |
Kovalenko et al. | Asymmetric cryptographic algorithms | |
KR100341507B1 (en) | Elliptic Curve Cryptography and Digital Signature Method using fast finite field operations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 98811822.X Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref document number: 2310588 Country of ref document: CA Ref document number: 2310588 Country of ref document: CA Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2000/005375 Country of ref document: MX |
|
ENP | Entry into the national phase |
Ref document number: 2000 524894 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1998965973 Country of ref document: EP Ref document number: 21983/99 Country of ref document: AU |
|
WWP | Wipo information: published in national office |
Ref document number: 1998965973 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09763520 Country of ref document: US |
|
WWG | Wipo information: grant in national office |
Ref document number: 21983/99 Country of ref document: AU |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998965973 Country of ref document: EP |