CN102479171A - Method for realizing Eta bilinear pairings on supersingular curve in binary field - Google Patents
Method for realizing Eta bilinear pairings on supersingular curve in binary field Download PDFInfo
- Publication number
- CN102479171A CN102479171A CN2010105597167A CN201010559716A CN102479171A CN 102479171 A CN102479171 A CN 102479171A CN 2010105597167 A CN2010105597167 A CN 2010105597167A CN 201010559716 A CN201010559716 A CN 201010559716A CN 102479171 A CN102479171 A CN 102479171A
- Authority
- CN
- China
- Prior art keywords
- binary field
- eta
- bilinearity
- curve
- ultra
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method for realizing Eta bilinear pairings on a supersingular curve in a binary field. According to the implementation method, a square root calculation is eliminated and only multiple square calculations and modular multiplication calculations with fast calculating speed are added; therefore the Eta bilinear pairings on the supersingular curve in the binary field can be substantially accelerated and the calculating efficiency can be substantially improved.
Description
Technical field
The present invention relates to a kind of public key cryptography technology, relate in particular to a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes.
Background technology
Bilinearity obtains extensive studies and application to have bilinear characteristics and non degenerate characteristic owing to it in recent years.Bilinearity is to just being used for attacking elliptic curve cipher system at first in cryptography, but obtained research and utilization based on the right cipher system of bilinearity with its distinctive advantage, and also uses gradually in industry member and to be developed.Many in the world normal structures are also formulating the right standard of bilinearity, like ISO/IEC 14888-3, and IEEE P1363.3 etc.The researcher has proposed many based on the right cryptography scheme of bilinearity; For example based on the encipherment scheme (identity-based encryption schemes) of identity; Short signature scheme (short signature schemes) is based on key agreement scheme (identity-based authenticated key agreement schemes) of identity etc.
Bilinearity has distinct advantages to the cipher system of structure, and for example the short signature scheme can significantly reduce the length of signing.The signature scheme that generally uses at present has RSA signature scheme and ECDSA ellipse curve signature scheme, but the shortcoming of these two kinds of signature schemes is that its signature length is longer, and short signature more is applicable to resource-constrained applied environments such as smart card, mobile phone, PDA.
Bilinearity is to there being two kinds of algorithms in the polynomial time, and promptly the Weil on the algebraic curve is to right with Tate.Concerning the curve of same security level, high many of the counting yield that the counting yield that Tate is right is more right than Weil, based on the right mutation Ate of Tate to more significantly being optimized with the right counting yield of Eta.The right calculating of bilinearity is very complicated, can realize that bilinearity is right in bilinearity comparatively fast on to friendly curve.Mainly contain following three types of curves:
The curve that the present invention relates to is that high-efficient algorithm is that the Eta bilinearity is right on this curve of ultra singular curve
of binary field.The computing formula that the Eta bilinearity of binary field is right is:
Wherein
Mapping
Function g
P(x, y)=(x
P 2+ 1) (x
P+ x)+y
P+ y, function ψ (Q)=(x
Q+ s
2, y
Q+ sx
Q+ t), and function l (x, y)=y+ λ (x+x
P)+y
P+ δ.It is thus clear that calculating [2
-j] P ' time, need carry out a large amount of square root calculations.
To implementation method, wherein implementation method is slightly different simultaneously for binary field parameter m value to the promptly corresponding following traditional E ta bilinearity of formula for above-mentioned Eta bilinearity, and this implementation method is an example with m ≡ 3mod8, and same conclusions is also arranged under other situation:
Traditional E ta bilinearity is to implementation method: binary field
In curve y
2+ y=x
3+ x+b (b ∈ F
2), m ≡ 3mod8 wherein;
Input: P (x
P, y
P), Q (x
Q, y
Q), output: η
T(P, Q), performing step is:
1.u=x
p+1
2.f=u(u+x
Q)+y
P+y
Q+b+1+(u+x
Q+1)t+(u+x
Q)t
2
3.1.u=x
P,x
P=x
P 1/2,y
P=y
P 1/2
3.2.A=u(x
P+x
Q)+y
P+y
Q+x
P+(u+x
Q+1)t+(u+x
Q)t
2
3.3.f=fA
3.4.x
Q=x
Q 2,y
Q=y
Q 2
Need to calculate two square root calculations in above-mentioned 3.1 steps, the square root calculation on the binary field is very complicated.Below be typical implementation method:
Square root calculation implementation method on the binary field:
2、s=c
2mod?p;
If 3 s equal a, the square root calculation result is c so; If s is not equal to a, " there is not square root in output information " so.
The step 1 of the square root calculation implementation method on the binary field is a Montgomery Algorithm, and this step operation is quite consuming time, approximately needs to calculate (m-1)/2 modular multiplication and (m-1) individual square operation.And traditional E ta bilinearity is to the 3.1st of implementation method gone on foot loop computation (m+1)/2 time, and therefore whole implementation method needs could accomplish for a long time.
Summary of the invention
The object of the invention provides a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes; Adopt the square root calculation of removing in the implementation method; Only increase very fast square operation of a plurality of arithmetic speeds and modular multiplication, thereby it is right significantly to quicken on the ultra singular curve of binary field the Eta bilinearity.
A kind of right method of Eta bilinearity that realizes on the ultra singular curve of binary field comprises following content:
(2) computing function
Binary field
In the ultra singular curve y of (m is the binary field parameter)
2+ y=x
3+ x+b (b ∈ F
2) last 2 P (x
P, y
P) (x
pBe the x axial coordinate of a P, y
pY axial coordinate for a P) and Q (x
Q, y
Q) (x
QBe the x axial coordinate of a Q, y
QY axial coordinate for a Q), the Eta bilinearity to implementation method based on formula do
Function wherein
Mapping
Function g
P(x, y)=(x
P 2+ 1) (x
P+ x)+y
P+ y; Function ψ (Q)=(x
Q+ s
2, y
Q+ sx
Q+ t), s is that scale-of-two expands the territory
In element, t is that scale-of-two expands the territory
In element, satisfy s
2+ s+1=0 and t
2+ t+s=0; Function l (x, y)=y+ λ (x+x
P)+y
P+ δ, as m ≡ 1, during 5mod8, variable λ=x
P, as m ≡ 3, during 7mod8, variable λ=x
P+ 1, as m ≡ 1, during 7mod8, variable δ=b, as m ≡ 3, during 5mod8, variable δ=b+1.
The utilization Galois field
In element x satisfy
Character, remove traditional E ta bilinearity to calculation step in the implementation method [2
-j] square root calculation of P ', it is right to obtain based on the quick Eta bilinearity of removing the square root calculation formula.
The parameter m of binary field
comprises all positive odd numbers.Binary field
In ultra singular curve, comprise y
2+ y=x
3+ x+1 and y
2+ y=x
3+ x.
The formula that the Eta bilinearity is right does
The complex calculations step is the most
Wherein need a large amount of square root calculations to calculate
With
Make j=(m-1)/2-i, can original formula be optimized for
Only need square operation to calculate after then optimizing
With
The time of square operation is to be far smaller than square root calculation in the binary field, and this computing carries out again repeatedly, and then this optimization can significantly reduce whole Eta bilinearity right computing time, only need make variable
Get final product.
Embodiment
Below in conjunction with embodiment quick Eta bilinearity on the ultra singular curve of binary field provided by the invention is carried out detailed description to implementation method.Wherein its implementation is slightly different simultaneously for binary field parameter m value, realizes in the instance with m ≡ 3mod8 being example, under other numerical value situation the generation same conclusions is arranged also.
The Eta bilinearity is described the implementation method flow process as follows on the ultra singular curve of detailed binary field:
Input: ultra singular curve y
2+ y=x
3+ x+b (b ∈ F
2) last 2 P (x
P, y
P), Q (x
Q, y
Q)
Output: the Eta pairing is η as a result
T(P, Q)
1.u=x
p+1
2.f=u(u+x
Q)+y
P+y
Q+b+1+(u+x
Q+1)t+(u+x
Q)t
2
3.C=1
4.1if(i=0)v=x
p,w=y
p,else?v=v
4,w=w
4
4.2u=v
2
A=u(v+x
Q)+w+v+y
Q+u+x
Q+(u+x
Q)t+(u+x
Q+1)t
2
A=u(v+x
Q)+w+v+y
Q+1+(u+x
Q+1)t+(u+x
Q)t
2
A=u(v+x
Q)+w+v+y
Q+u+x
Q+1+(u+x
Q)t+(u+x
Q+1)t
2
else
A=u(v+x
Q)+w+v+y
Q+(u+x
Q+1)t+(u+x
Q)t
2
4.4C=C
2A
5.f=Cf
U wherein; V; W is the variable in the binary field
; F; A, C are that scale-of-two expands the variable in the territory
Following table compares for the operand of the quick Eta two-wire on the ultra singular curve of binary field of the present invention's proposition to implementation method and classic method.(since binary field in mould multiply by and square operation time be ten times even tens of times that mould adds computing; Therefore only consider mould take advantage of with square operation time; Ignore the operation time that mould adds temporarily; Wherein M representes that the mould in the binary field
takes advantage of, S represent in the binary field
square)
Table 1 classic method and fast method operand are relatively
Comparison from last table can draw; Be all a lot of greatly than the fast method that the present invention proposes at the operand of binary field
and
classic method; And when the binary field parameter m is big more (when safe class is high more), the odds for effectiveness of fast method is obvious more.
Generally speaking, in the binary field operation time of modular multiplication and square operation similar, therefore can obtain the efficient that the relative classic method of fast method in the following table 2 is promoted.
Table 2 fast method is raised the efficiency than classic method
Claims (4)
2. a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes as claimed in claim 1 is characterized in that said binary field
In ultra singular curve y
2+ y=x
3+ x+b (b ∈ F
2) last 2 P (x
P, y
P) (x
p, y
pY axial coordinate for a P) and Q (x
Q, y
Q) (x
Q, y
QY axial coordinate for a Q), the Eta bilinearity to implementation method based on formula do
Wherein
Mapping
Function g
P(x, y)=(x
P 2+ 1) (x
P+ x)+y
P+ y, function ψ (Q)=(x
Q+ s
2, y
Q+ sx
Q+ t), s is that scale-of-two expands the territory
In element, t is that scale-of-two expands the territory
In element, satisfy s
2+ s+1=0 and t
2+ t+s=0, and function l (x, y)=y+ λ (x+x
P)+y
P+ δ, as m ≡ 1, during 5mod8, variable λ=x
P, as m ≡ 3, during 7mod8, variable λ=x
P+ 1, as m ≡ 1, during 7mod8, variable δ=b, as m ≡ 3, during 5mod8, variable δ=b+1.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105597167A CN102479171A (en) | 2010-11-25 | 2010-11-25 | Method for realizing Eta bilinear pairings on supersingular curve in binary field |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105597167A CN102479171A (en) | 2010-11-25 | 2010-11-25 | Method for realizing Eta bilinear pairings on supersingular curve in binary field |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102479171A true CN102479171A (en) | 2012-05-30 |
Family
ID=46091821
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010105597167A Pending CN102479171A (en) | 2010-11-25 | 2010-11-25 | Method for realizing Eta bilinear pairings on supersingular curve in binary field |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102479171A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650078A (en) * | 2018-03-22 | 2018-10-12 | 北京中电华大电子设计有限责任公司 | A kind of accelerated method of SM9 id passwords algorithm |
CN114143005A (en) * | 2021-11-15 | 2022-03-04 | 武汉大学 | Acceleration method for Tate bilinear pairings and variants thereof |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1831754A (en) * | 2005-11-04 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Elliptic curve cipher system and implementing method |
CN101702646A (en) * | 2009-11-30 | 2010-05-05 | 中国人民解放军信息工程大学 | Data encryption method |
-
2010
- 2010-11-25 CN CN2010105597167A patent/CN102479171A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1831754A (en) * | 2005-11-04 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Elliptic curve cipher system and implementing method |
CN101702646A (en) * | 2009-11-30 | 2010-05-05 | 中国人民解放军信息工程大学 | Data encryption method |
Non-Patent Citations (3)
Title |
---|
《ETRI Journal》 20080229 Tae Hyun Kim等 Power Analysis Attacks and Countermeasures on etaT Pairing over Binary Fields 68-80 第30卷, 第1期 * |
PAULO S. L. M.BARRETO 等: "Efficient Pairing Computation on Supersingular Abelian Varieties", 《DESIGNS,CODES AND CRYPTOGRAPHY》 * |
TAE HYUN KIM等: "Power Analysis Attacks and Countermeasures on ηT Pairing over Binary Fields", 《ETRI JOURNAL》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650078A (en) * | 2018-03-22 | 2018-10-12 | 北京中电华大电子设计有限责任公司 | A kind of accelerated method of SM9 id passwords algorithm |
CN114143005A (en) * | 2021-11-15 | 2022-03-04 | 武汉大学 | Acceleration method for Tate bilinear pairings and variants thereof |
CN114143005B (en) * | 2021-11-15 | 2023-12-08 | 武汉大学 | Tate bilinear pair and accelerating method for variant thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Amara et al. | Elliptic curve cryptography and its applications | |
Khalique et al. | Implementation of elliptic curve digital signature algorithm | |
CN107040385B (en) | Method and system for realizing signature verification algorithm based on SM2 elliptic curve | |
CN101867474B (en) | Digital signature method | |
Genç et al. | Design and implementation of an efficient elliptic curve digital signature algorithm (ECDSA) | |
Renes et al. | Kummer: Efficient hyperelliptic signatures and key exchange on microcontrollers | |
CN109145616B (en) | SM2 encryption, signature and key exchange implementation method and system based on efficient modular multiplication | |
CN104184578B (en) | A kind of Elliptic Curve Scalar Multiplication method accelerating circuit and its algorithm based on FPGA | |
Dawahdeh et al. | Modified ElGamal elliptic curve cryptosystem using hexadecimal representation | |
Dongjiang et al. | The research on key generation in RSA public-key cryptosystem | |
JunLi et al. | Email encryption system based on hybrid AES and ECC | |
CN102479171A (en) | Method for realizing Eta bilinear pairings on supersingular curve in binary field | |
Jaiswal et al. | Hardware implementation of text encryption using elliptic curve cryptography over 192 bit prime field | |
CN111897578A (en) | Parallel processing method and device for scalar multiplication on elliptic curve with characteristic of 2 | |
Agibalov | ElGamal cryptosystems on Boolean functions | |
Filippone | On the discrete logarithm problem for elliptic curves over local fields | |
Liu et al. | Anti-SPA scalar multiplication algorithm on Twisted Edwards elliptic curve | |
Li et al. | A novel algorithm for scalar multiplication in ECDSA | |
CN102347840B (en) | A kind of public key encryption method based on mutual prime sequences and lever function | |
CN101877638A (en) | Cubic residue-based identity signature system | |
Brar et al. | Design and implementation of block method for computing NAF | |
CN106407631A (en) | Co-processor implementation method suitable for bilinear pairing crypto chip | |
Duursma et al. | ElGamal type signature schemes for n-dimensional vector spaces | |
Youssef et al. | A low-resource 32-bit datapath ECDSA design for embedded applications | |
Constantinescu | Elliptic curve cryptosystems and scalar multiplication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120530 |