CN102479171A - Method for realizing Eta bilinear pairings on supersingular curve in binary field - Google Patents

Method for realizing Eta bilinear pairings on supersingular curve in binary field Download PDF

Info

Publication number
CN102479171A
CN102479171A CN2010105597167A CN201010559716A CN102479171A CN 102479171 A CN102479171 A CN 102479171A CN 2010105597167 A CN2010105597167 A CN 2010105597167A CN 201010559716 A CN201010559716 A CN 201010559716A CN 102479171 A CN102479171 A CN 102479171A
Authority
CN
China
Prior art keywords
binary field
eta
bilinearity
curve
ultra
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010105597167A
Other languages
Chinese (zh)
Inventor
柴佳晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huahong Integrated Circuit Co Ltd
Original Assignee
Shanghai Huahong Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huahong Integrated Circuit Co Ltd filed Critical Shanghai Huahong Integrated Circuit Co Ltd
Priority to CN2010105597167A priority Critical patent/CN102479171A/en
Publication of CN102479171A publication Critical patent/CN102479171A/en
Pending legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method for realizing Eta bilinear pairings on a supersingular curve in a binary field. According to the implementation method, a square root calculation is eliminated and only multiple square calculations and modular multiplication calculations with fast calculating speed are added; therefore the Eta bilinear pairings on the supersingular curve in the binary field can be substantially accelerated and the calculating efficiency can be substantially improved.

Description

A kind ofly realize the right method of Eta bilinearity on the ultra singular curve of binary field
Technical field
The present invention relates to a kind of public key cryptography technology, relate in particular to a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes.
Background technology
Bilinearity obtains extensive studies and application to have bilinear characteristics and non degenerate characteristic owing to it in recent years.Bilinearity is to just being used for attacking elliptic curve cipher system at first in cryptography, but obtained research and utilization based on the right cipher system of bilinearity with its distinctive advantage, and also uses gradually in industry member and to be developed.Many in the world normal structures are also formulating the right standard of bilinearity, like ISO/IEC 14888-3, and IEEE P1363.3 etc.The researcher has proposed many based on the right cryptography scheme of bilinearity; For example based on the encipherment scheme (identity-based encryption schemes) of identity; Short signature scheme (short signature schemes) is based on key agreement scheme (identity-based authenticated key agreement schemes) of identity etc.
Bilinearity has distinct advantages to the cipher system of structure, and for example the short signature scheme can significantly reduce the length of signing.The signature scheme that generally uses at present has RSA signature scheme and ECDSA ellipse curve signature scheme, but the shortcoming of these two kinds of signature schemes is that its signature length is longer, and short signature more is applicable to resource-constrained applied environments such as smart card, mobile phone, PDA.
Bilinearity is to there being two kinds of algorithms in the polynomial time, and promptly the Weil on the algebraic curve is to right with Tate.Concerning the curve of same security level, high many of the counting yield that the counting yield that Tate is right is more right than Weil, based on the right mutation Ate of Tate to more significantly being optimized with the right counting yield of Eta.The right calculating of bilinearity is very complicated, can realize that bilinearity is right in bilinearity comparatively fast on to friendly curve.Mainly contain following three types of curves:
E ( F p m ) : y 2 = x 3 + Ax + B ;
E ( F 2 m ) : y 2 + y = x 3 + x + b ;
E ( F 3 m ) : y 2 = x 3 - x + b
The curve that the present invention relates to is that high-efficient algorithm is that the Eta bilinearity is right on this curve of ultra singular curve
Figure BDA0000034243800000023
of binary field.The computing formula that the Eta bilinearity of binary field is right is:
Figure BDA0000034243800000024
Wherein
Figure BDA0000034243800000025
Mapping
Figure BDA0000034243800000026
Function g P(x, y)=(x P 2+ 1) (x P+ x)+y P+ y, function ψ (Q)=(x Q+ s 2, y Q+ sx Q+ t), and function l (x, y)=y+ λ (x+x P)+y P+ δ.It is thus clear that calculating [2 -j] P ' time, need carry out a large amount of square root calculations.
To implementation method, wherein implementation method is slightly different simultaneously for binary field parameter m value to the promptly corresponding following traditional E ta bilinearity of formula for above-mentioned Eta bilinearity, and this implementation method is an example with m ≡ 3mod8, and same conclusions is also arranged under other situation:
Traditional E ta bilinearity is to implementation method: binary field
Figure BDA0000034243800000027
In curve y 2+ y=x 3+ x+b (b ∈ F 2), m ≡ 3mod8 wherein;
Input: P (x P, y P), Q (x Q, y Q), output: η T(P, Q), performing step is:
1.u=x p+1
2.f=u(u+x Q)+y P+y Q+b+1+(u+x Q+1)t+(u+x Q)t 2
3 . Fori = 0 to m - 1 2 do
3.1.u=x P,x P=x P 1/2,y P=y P 1/2
3.2.A=u(x P+x Q)+y P+y Q+x P+(u+x Q+1)t+(u+x Q)t 2
3.3.f=fA
3.4.x Q=x Q 2,y Q=y Q 2
4 . Return f ( 2 2 m - 1 ) ( 2 m - 2 ( m + 1 ) / 2 + 1 )
Need to calculate two square root calculations in above-mentioned 3.1 steps, the square root calculation on the binary field is very complicated.Below be typical implementation method:
Square root calculation implementation method on the binary field:
Input: binary field
Figure BDA0000034243800000031
In irreducible function p and element a, output: s=a 1/2Modp.
1 , c = a 2 m - 1 mod p ;
2、s=c 2mod?p;
If 3 s equal a, the square root calculation result is c so; If s is not equal to a, " there is not square root in output information " so.
The step 1 of the square root calculation implementation method on the binary field is a Montgomery Algorithm, and this step operation is quite consuming time, approximately needs to calculate (m-1)/2 modular multiplication and (m-1) individual square operation.And traditional E ta bilinearity is to the 3.1st of implementation method gone on foot loop computation (m+1)/2 time, and therefore whole implementation method needs could accomplish for a long time.
Summary of the invention
The object of the invention provides a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes; Adopt the square root calculation of removing in the implementation method; Only increase very fast square operation of a plurality of arithmetic speeds and modular multiplication, thereby it is right significantly to quicken on the ultra singular curve of binary field the Eta bilinearity.
A kind of right method of Eta bilinearity that realizes on the ultra singular curve of binary field comprises following content:
(1) makes variable i=(m-1)/2-j, computing function
Figure BDA0000034243800000033
(2) computing function g [ 2 - j ] P ′ ( ψ ( Q ) ) ;
(3) make variable
Figure BDA0000034243800000035
calculate
Π j = 0 ( m - 1 ) / 2 ( g [ 2 - j ] p ′ ( ψ ( Q ) ) ) 2 j = Π j = 0 ( m - 1 ) / 2 A j 2 j = ( Λ ( ( A ( m - 1 ) / 2 ) 2 A ( m - 3 ) / 2 ) 2 Λ ) 2 A 0 ;
(4) the Eta pairing result in the calculating binary field
Figure BDA0000034243800000037
f T , P ( ψ ( Q ) ) = l ( ψ ( Q ) ) Π j = 0 ( m - 1 ) / 2 ( g [ 2 - j ] p ′ ( ψ ( Q ) ) ) 2 j .
Binary field
Figure BDA0000034243800000042
In the ultra singular curve y of (m is the binary field parameter) 2+ y=x 3+ x+b (b ∈ F 2) last 2 P (x P, y P) (x pBe the x axial coordinate of a P, y pY axial coordinate for a P) and Q (x Q, y Q) (x QBe the x axial coordinate of a Q, y QY axial coordinate for a Q), the Eta bilinearity to implementation method based on formula do
Figure BDA0000034243800000043
Function wherein
Figure BDA0000034243800000044
Mapping
Figure BDA0000034243800000045
Function g P(x, y)=(x P 2+ 1) (x P+ x)+y P+ y; Function ψ (Q)=(x Q+ s 2, y Q+ sx Q+ t), s is that scale-of-two expands the territory
Figure BDA0000034243800000046
In element, t is that scale-of-two expands the territory
Figure BDA0000034243800000047
In element, satisfy s 2+ s+1=0 and t 2+ t+s=0; Function l (x, y)=y+ λ (x+x P)+y P+ δ, as m ≡ 1, during 5mod8, variable λ=x P, as m ≡ 3, during 7mod8, variable λ=x P+ 1, as m ≡ 1, during 7mod8, variable δ=b, as m ≡ 3, during 5mod8, variable δ=b+1.
The utilization Galois field
Figure BDA0000034243800000048
In element x satisfy
Figure BDA0000034243800000049
Character, remove traditional E ta bilinearity to calculation step in the implementation method [2 -j] square root calculation of P ', it is right to obtain based on the quick Eta bilinearity of removing the square root calculation formula.
The parameter m of binary field comprises all positive odd numbers.Binary field
Figure BDA00000342438000000411
In ultra singular curve, comprise y 2+ y=x 3+ x+1 and y 2+ y=x 3+ x.
The formula that the Eta bilinearity is right does
Figure BDA00000342438000000412
The complex calculations step is the most
Figure BDA00000342438000000413
Wherein need a large amount of square root calculations to calculate
Figure BDA00000342438000000414
With
Figure BDA00000342438000000415
Make j=(m-1)/2-i, can original formula be optimized for
Figure BDA00000342438000000416
Only need square operation to calculate after then optimizing
Figure BDA00000342438000000417
With The time of square operation is to be far smaller than square root calculation in the binary field, and this computing carries out again repeatedly, and then this optimization can significantly reduce whole Eta bilinearity right computing time, only need make variable A j = g [ 2 - j ] P ′ ( ψ ( Q ) ) Get final product.
Embodiment
Below in conjunction with embodiment quick Eta bilinearity on the ultra singular curve of binary field provided by the invention is carried out detailed description to implementation method.Wherein its implementation is slightly different simultaneously for binary field parameter m value, realizes in the instance with m ≡ 3mod8 being example, under other numerical value situation the generation same conclusions is arranged also.
The Eta bilinearity is described the implementation method flow process as follows on the ultra singular curve of detailed binary field:
Input: ultra singular curve y 2+ y=x 3+ x+b (b ∈ F 2) last 2 P (x P, y P), Q (x Q, y Q)
Output: the Eta pairing is η as a result T(P, Q)
1.u=x p+1
2.f=u(u+x Q)+y P+y Q+b+1+(u+x Q+1)t+(u+x Q)t 2
3.C=1
4 . Fori = 0 to m - 1 2 do
4.1if(i=0)v=x p,w=y p,else?v=v 4,w=w 4
4.2u=v 2
4.3 if ( ( 7 m + 1 2 + i ) % 4 = 1 )
A=u(v+x Q)+w+v+y Q+u+x Q+(u+x Q)t+(u+x Q+1)t 2
elseif ( ( 7 m + 1 2 + i ) % 4 = 2 )
A=u(v+x Q)+w+v+y Q+1+(u+x Q+1)t+(u+x Q)t 2
elseif ( ( 7 m + 1 2 + i ) % 4 = 3 )
A=u(v+x Q)+w+v+y Q+u+x Q+1+(u+x Q)t+(u+x Q+1)t 2
else
A=u(v+x Q)+w+v+y Q+(u+x Q+1)t+(u+x Q)t 2
4.4C=C 2A
5.f=Cf
6 . Return f ( 2 2 m - 1 ) ( 2 m - 2 ( m + 1 ) / 2 + 1 )
U wherein; V; W is the variable in the binary field
Figure BDA0000034243800000062
; F; A, C are that scale-of-two expands the variable in the territory
Figure BDA0000034243800000063
Following table compares for the operand of the quick Eta two-wire on the ultra singular curve of binary field of the present invention's proposition to implementation method and classic method.(since binary field in mould multiply by and square operation time be ten times even tens of times that mould adds computing; Therefore only consider mould take advantage of with square operation time; Ignore the operation time that mould adds temporarily; Wherein M representes that the mould in the binary field
Figure BDA0000034243800000064
takes advantage of, S represent in the binary field
Figure BDA0000034243800000065
square)
Figure BDA0000034243800000066
Table 1 classic method and fast method operand are relatively
Comparison from last table can draw; Be all a lot of greatly than the fast method that the present invention proposes at the operand of binary field and classic method; And when the binary field parameter m is big more (when safe class is high more), the odds for effectiveness of fast method is obvious more.
Generally speaking, in the binary field operation time of modular multiplication and square operation similar, therefore can obtain the efficient that the relative classic method of fast method in the following table 2 is promoted.
Figure BDA0000034243800000071
Table 2 fast method is raised the efficiency than classic method

Claims (4)

1. realize the right method of Eta bilinearity on the ultra singular curve of binary field for one kind, it is characterized in that comprising following content:
(1) makes variable i=(m-1)/2-j, calculate
Figure FDA0000034243790000011
(2) calculate
Figure FDA0000034243790000012
(3) order A j = g [ 2 - j ] P ′ ( ψ ( Q ) ) , Calculate
Π j = 0 ( m - 1 ) / 2 ( g [ 2 - j ] p ′ ( ψ ( Q ) ) ) 2 j = Π j = 0 ( m - 1 ) / 2 A j 2 j = ( Λ ( ( A ( m - 1 ) / 2 ) 2 A ( m - 3 ) / 2 ) 2 Λ ) 2 A 0 ;
(4) calculate f T , P ( ψ ( Q ) ) = l ( ψ ( Q ) ) Π j = 0 ( m - 1 ) / 2 ( g [ 2 - j ] p ′ ( ψ ( Q ) ) ) 2 j .
2. a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes as claimed in claim 1 is characterized in that said binary field
Figure FDA0000034243790000016
In ultra singular curve y 2+ y=x 3+ x+b (b ∈ F 2) last 2 P (x P, y P) (x p, y pY axial coordinate for a P) and Q (x Q, y Q) (x Q, y QY axial coordinate for a Q), the Eta bilinearity to implementation method based on formula do
Figure FDA0000034243790000017
Wherein
Figure FDA0000034243790000018
Mapping Function g P(x, y)=(x P 2+ 1) (x P+ x)+y P+ y, function ψ (Q)=(x Q+ s 2, y Q+ sx Q+ t), s is that scale-of-two expands the territory
Figure FDA00000342437900000110
In element, t is that scale-of-two expands the territory In element, satisfy s 2+ s+1=0 and t 2+ t+s=0, and function l (x, y)=y+ λ (x+x P)+y P+ δ, as m ≡ 1, during 5mod8, variable λ=x P, as m ≡ 3, during 7mod8, variable λ=x P+ 1, as m ≡ 1, during 7mod8, variable δ=b, as m ≡ 3, during 5mod8, variable δ=b+1.
3. a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes as claimed in claim 1 is characterized in that the parameter m of said binary field
Figure FDA00000342437900000112
comprises all positive odd numbers.
4. a kind of right method of Eta bilinearity on the ultra singular curve of binary field that realizes as claimed in claim 1 is characterized in that said binary field
Figure FDA00000342437900000113
In ultra singular curve, comprise y 2+ y=x 3+ x+1 and y 2+ y=x 3+ x.
CN2010105597167A 2010-11-25 2010-11-25 Method for realizing Eta bilinear pairings on supersingular curve in binary field Pending CN102479171A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010105597167A CN102479171A (en) 2010-11-25 2010-11-25 Method for realizing Eta bilinear pairings on supersingular curve in binary field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105597167A CN102479171A (en) 2010-11-25 2010-11-25 Method for realizing Eta bilinear pairings on supersingular curve in binary field

Publications (1)

Publication Number Publication Date
CN102479171A true CN102479171A (en) 2012-05-30

Family

ID=46091821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105597167A Pending CN102479171A (en) 2010-11-25 2010-11-25 Method for realizing Eta bilinear pairings on supersingular curve in binary field

Country Status (1)

Country Link
CN (1) CN102479171A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650078A (en) * 2018-03-22 2018-10-12 北京中电华大电子设计有限责任公司 A kind of accelerated method of SM9 id passwords algorithm
CN114143005A (en) * 2021-11-15 2022-03-04 武汉大学 Acceleration method for Tate bilinear pairings and variants thereof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831754A (en) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 Elliptic curve cipher system and implementing method
CN101702646A (en) * 2009-11-30 2010-05-05 中国人民解放军信息工程大学 Data encryption method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831754A (en) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 Elliptic curve cipher system and implementing method
CN101702646A (en) * 2009-11-30 2010-05-05 中国人民解放军信息工程大学 Data encryption method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
《ETRI Journal》 20080229 Tae Hyun Kim等 Power Analysis Attacks and Countermeasures on etaT Pairing over Binary Fields 68-80 第30卷, 第1期 *
PAULO S. L. M.BARRETO 等: "Efficient Pairing Computation on Supersingular Abelian Varieties", 《DESIGNS,CODES AND CRYPTOGRAPHY》 *
TAE HYUN KIM等: "Power Analysis Attacks and Countermeasures on ηT Pairing over Binary Fields", 《ETRI JOURNAL》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650078A (en) * 2018-03-22 2018-10-12 北京中电华大电子设计有限责任公司 A kind of accelerated method of SM9 id passwords algorithm
CN114143005A (en) * 2021-11-15 2022-03-04 武汉大学 Acceleration method for Tate bilinear pairings and variants thereof
CN114143005B (en) * 2021-11-15 2023-12-08 武汉大学 Tate bilinear pair and accelerating method for variant thereof

Similar Documents

Publication Publication Date Title
Amara et al. Elliptic curve cryptography and its applications
Khalique et al. Implementation of elliptic curve digital signature algorithm
CN107040385B (en) Method and system for realizing signature verification algorithm based on SM2 elliptic curve
CN101867474B (en) Digital signature method
Genç et al. Design and implementation of an efficient elliptic curve digital signature algorithm (ECDSA)
Renes et al. Kummer: Efficient hyperelliptic signatures and key exchange on microcontrollers
CN109145616B (en) SM2 encryption, signature and key exchange implementation method and system based on efficient modular multiplication
CN104184578B (en) A kind of Elliptic Curve Scalar Multiplication method accelerating circuit and its algorithm based on FPGA
Dawahdeh et al. Modified ElGamal elliptic curve cryptosystem using hexadecimal representation
Dongjiang et al. The research on key generation in RSA public-key cryptosystem
JunLi et al. Email encryption system based on hybrid AES and ECC
CN102479171A (en) Method for realizing Eta bilinear pairings on supersingular curve in binary field
Jaiswal et al. Hardware implementation of text encryption using elliptic curve cryptography over 192 bit prime field
CN111897578A (en) Parallel processing method and device for scalar multiplication on elliptic curve with characteristic of 2
Agibalov ElGamal cryptosystems on Boolean functions
Filippone On the discrete logarithm problem for elliptic curves over local fields
Liu et al. Anti-SPA scalar multiplication algorithm on Twisted Edwards elliptic curve
Li et al. A novel algorithm for scalar multiplication in ECDSA
CN102347840B (en) A kind of public key encryption method based on mutual prime sequences and lever function
CN101877638A (en) Cubic residue-based identity signature system
Brar et al. Design and implementation of block method for computing NAF
CN106407631A (en) Co-processor implementation method suitable for bilinear pairing crypto chip
Duursma et al. ElGamal type signature schemes for n-dimensional vector spaces
Youssef et al. A low-resource 32-bit datapath ECDSA design for embedded applications
Constantinescu Elliptic curve cryptosystems and scalar multiplication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120530