CN104579648B - A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain - Google Patents
A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain Download PDFInfo
- Publication number
- CN104579648B CN104579648B CN201310484893.7A CN201310484893A CN104579648B CN 104579648 B CN104579648 B CN 104579648B CN 201310484893 A CN201310484893 A CN 201310484893A CN 104579648 B CN104579648 B CN 104579648B
- Authority
- CN
- China
- Prior art keywords
- tate
- bilinear
- random number
- ternary
- attacker
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Complex Calculations (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain, this method is as follows:Original Tate Bilinear map calculation process is transformed, add in random number because usually resisting fault analysis.When ternary domain, Tate Bilinear maps are not attacked, then the factor of random number does not interfere with final result.When ternary domain Tate Bilinear maps since attack causes to calculate mistake, then the result that attacker finally obtains will mix the factor of random number.Since attacker can not learn the occurrence of random number, so as to which the factor that random number can not be removed from final result obtains effective information to calculate key.Therefore the method in the present invention can effectively resist the fault analysis for ternary domain Tate Bilinear maps.
Description
Technical Field
The invention relates to a public key password application method, in particular to a ternary-domain error attack resistant Tate bilinear pairing calculation method.
Background
Bilinear pairs have been extensively studied and used in recent years due to their bilinear, non-degenerate and calculable nature. The cryptosystem based on bilinear pairings has been regarded and researched by its specific advantages, and has been gradually applied in the industry. Many standards organizations are also working on the creation of bilinear pairings, such as ISO/IEC 14888-3, IEEE P1363.3, and others. Researchers have proposed many bilinear pair-based cryptographic schemes, such as identity-based encryption schemes (identity-based encryption schemes), short signature schemes (short signature schemes), identity-based key agreement schemes (identity-based authenticated key encryption schemes), and so on.
There are two algorithms for computing bilinear pairings in polynomial time, namely Weil pairs and Tate pairs on algebraic curves. The Tate pair is more computationally efficient than the Weil pair for curves of the same security level. The bilinear pairings are very complex to calculate, and can be quickly realized on a bilinear pairing-friendly curve. There are three main types of curves:
forThe calculation formula of the Tate bilinear pair in the ternary domain for the points P (α, β) and Q (x, y) above is as follows:
wherein the content of the first and second substances,twist map ψ (Q) = (ρ -x, y σ) of point Q (x, y), ρ and σ beingSatisfies the equation ρ 3 - ρ -b =0 and σ 2 +1=0. ForAll points V (x) above V ,y V ) Definition ofRational function g of V (X, Y) the divisor of which is (g) V )=3(V)+([-3]V) -4 (O). G can be eliminated due to the twist mapping psi (Q) V Operation of denominator in (X, Y), hence rational function g of point V V (X, Y) is a tangent to point V. For allCan obtain
A rational function f can be finally obtained P (ψ (Q)) is:
wherein with x (j) Represent
Due to the fact that [3 ] is being calculated i ]In P, a large number of cube root operations need to be performed, and the cube root operations in the ternary domain are very complex and have very low operation efficiency. Therefore, if the computation of Tate bilinear pairings in the ternary domain is to be rapidly implemented, the above cube-root computation formula can be converted into the following de-cube-root Tate bilinear pairings computation formula through some mathematical transformations:
A i =λ-μρ-ρ 2
wherein μ = α (2i) +x (1) +(m+1-i)b,λ=(-1) (i+1) σβ (2i) y (1) -μ 2 。
The cubic root removing Tate bilinear pairing calculation method converts cubic root operation into cubic operation, and cubic operation on a ternary field is very simple and quick, so that the realization method of the cubic root removing Tate bilinear pairing is the fastest and effective realization method of Tate bilinear pairing on the ternary field. The Tate bilinear pairing formula corresponds to the method for realizing the Tate bilinear pairing of the cubic root.
The implementation method of the Tate bilinear pairing comprises the following steps: ternary fieldCurve of (1)
Inputs P = (α, β), Q = (x, y)
Output the output
1.C=1
2.x=x 3 ,y=y 3 ,d=mb
3.For i=1to m do
3.1.α=α 9 ,β=β 9
3.2.μ=α+x+d,λ=σβy-μ 2
3.3.A=λ-μρ-ρ 2
3.4.C=C 3 ·A
3.5.y=-y,d=d-b
4. Return to
Page and Vercauteren first propose a false attack against Tate bilinear pairs. When an attacker has the ability to introduce temporary or permanent errors and thus change the number m of loops of the Tate bilinear pair, the attacker can reverse-deduce the private key point P = (α, β).
Aiming at a Tate bilinear pair implementation method, a specific error attack method is as follows: assuming that point P = (α, β) is private key and point Q = (x, y) is clear text can be chosen by attacker. The final modular exponentiation operation of step 4 is not considered, i.e. it is assumed that the attacker can skip the final modular exponentiation. When the number of cycles changes from m to delta due to error attack, the method usesError results of step 3.4 are shown byIndicating the correct result of step 3.4. The simplest attack model is to assume that the attacker can make Δ = m ± 1. Taking Δ = m +1 as an example, we can obtain:
when a correct result is obtainedAnd a result of an errorThe intermediate result A of the (m + 1) th step can be calculated m+1 And the private keys alpha and beta are deduced from the private keys.
Since the probability of Δ = m ± 1 is made smaller and the probability of Δ = m ± r is made larger, a pair of offensive results can also be found by a plurality of attacks:
i.e. when two erroneous results are obtainedAndthe (m + -r) th can be calculatedIntermediate result A of + 1) step m±r+1 And the private keys alpha and beta are deduced from the private keys. Since the execution time of each loop is the same, the value of r can be obtained by observing the time of the calculation run.
And the final modular exponentiation may prove its factorization by the method of solving the equivalent matrix. Therefore, the error attack of the Tate bilinear pair proposed by Page and Vercauteren can effectively obtain the private key point.
Aiming at the error attack methods of Page and Vercauteren, ghosh et al provides an error attack resisting method, and the error attack is resisted by a method of blinding cycle times. The specific implementation method is as follows.
A method for realizing a Tate bilinear pair proposed by Ghosh comprises the following steps: ternary fieldCurve of (5)
Inputs P = (α, β), Q = (x, y)
Output of
1. Generating random numbersGenerating a random positive integer r 2 ≤m
2.C 0 =r 1 ,C 1 =1
3.m'=m+r 2
4.x=x 3 ,y=y 3 ,d=mb
5.For i=1to m’do
5.1.α=α 9 ,β=β 9
5.2.μ=α+x+d,λ=σβy-μ 2
5.3.A=λ-μρ-ρ 2
5.4.C 1 =C 1 3 ·A
5.5j=(i==m)
5.6C 0 =C j
5.7.y=-y,d=d-b
6. Return to
When an attacker changes m ', due to the assignment of the 5.5 step and the 5.6 step, if the attack makes m' larger than m, the final result obtained by the attack is still the correct result; if the attack makes m' smaller than m, the final result of the attack is the 2 nd step and is given to C 0 And thus the false attack is not effective in any case. When an attacker changes m, it changes m to m ± r. The calculation will now be a round-robin operation (m + -r + r) 2 ) Round, and the error result R of the (m + -R) round to be effectively operated m±r And (6) outputting. Ghosh et al analyzed that although the attacker could get the final error result R m±r However, if the attacker can only obtain the cycle times m 'after the blinding through the operation time analysis or the power consumption curve analysis, m' is equal to (m +/-r + r) 2 ). Due to r 2 The error attack methods of Page and Vercauteren require accurate knowledge of the effective number of error cycles, so the attacker cannot implement the error attack.
However, this analysis is not very accurate, and although this defense method can increase the cost of an attacker's attack, it is not exhaustive. The error attack method proposed by Page and Vercauteren can pass a correct resultAnd a false resultTo attack. The attacker can completely analyze the operation result by using an exhaustive attack method. The attacker can first derive the number of cycles m' (equal to (m ± r + r) after blinding from the power consumption curve 2 ) Due to r) of 2 M is less than or equal to m, excluding m' -m&And gt + 1), the rest of the cases assume that the effective cycle number of the attack is changed from m to m +1, and then the calculated private key result is checked until the case meeting the attack assumption is found. Because the operation complexity of the private keys alpha and beta calculated by the error result is polynomial time each time, even if a plurality of attacks are needed to change the effective cycle number from m to m +1, the total time cost is very small.
Furthermore, the authors do not consider the threat of temporary errors to the implementation. Since the attacker can analyze the loop operation through the power consumption curve and go to the round, the moment of the temporary error to be introduced can be controlled more accurately. An attacker can accurately control the attack on the 5.5-step at the (m + 1) -th wheel so that the variable j =0, which can directly change the value in the memory that holds the variable j by the attack, or attack the judgment result of the judgment statement (i = = m). All this will cause the variable C 0 The error result of the (m + 1) th round is saved, so that the attacker obtains the finally available error result. It can be seen that the blinded cycle number defense is completely ineffective against this type of attack.
In addition, the defense method cannot completely defend against error attacks, and the operation efficiency is very low. Due to r 2 Is a random number less than m, so the average value of the number m' of cycles after the blinding is 1.5m, which means that the average operation time of the Tate bilinear pair realized by Ghosh et al is increased by 50%.
Disclosure of Invention
The invention aims to provide a ternary-domain error attack resistant Tate bilinear pairing calculation method, which can effectively resist error attack aiming at ternary-domain Tate bilinear pairing.
In order to solve the technical problems, the ternary-domain error attack resistant Tate bilinear pairwise calculation method is realized by adopting the following technical scheme:
ternary fieldLower super singular curveThe above two points P (α, β) and Q (x, y), the cubed root calculation formula of the Tate bilinear pair is as follows:
wherein A is i =λ-μρ-ρ 2 ,μ=α (2i) +x (1) +(m+1-i)b,λ=(-1) (i+1) σβ (2i) y (1) -μ 2 (ii) a ρ and σ areSatisfies the equation ρ 3 - ρ -b =0 and σ 2 +1=0;
Adding a factor of random number into the calculation flow of the Tate bilinear pairwise cubed root calculation formula to resist error attack; if the number m of rounds of circulation is not changed, the factor of the random number is eliminated after the final modular exponentiation; if the cycle number m is changed by wrong attack, the result finally obtained by the attacker is mixed with the factors of the random number, and the attacker cannot know the specific value of the random number, so that the factors of the random number cannot be removed from the final result to obtain effective information to calculate the private key; the method comprises the following specific steps:
step one, selecting random numbers
Step two, calculating rational function
Step three, calculating the Tate bilinear pairings
In a finite fieldThe element R in (A) satisfiesProperty of (2) can be obtainedThereby obtaining by calculation
The ternary field in step oneThe super-singular curve of (1), including y 2 =x 3 -x +1 and y 2 =x 3 -x-1。
The invention improves the original Tate bilinear pair calculation process and adds the factor of random number to resist error attack. When the ternary field Tate bilinear pair is not attacked, the factors of the random number cannot influence the final result. When the ternary field Tate bilinear pair causes calculation errors due to attacks, the final result obtained by an attacker is doped with the factors of random numbers. Since the attacker cannot know the specific value of the random number, the attacker cannot remove the factor of the random number from the final result to obtain effective information to calculate the key. Therefore, the invention can effectively resist the error attack aiming at the ternary field Tate bilinear pairing.
The time cost increased by the invention is very little; under the condition of hardly increasing time cost, the ternary-domain error attack resistant Tate bilinear pairwise calculation can be rapidly and safely realized.
Detailed Description
The principle of the ternary-domain error attack resistant Tate bilinear pairing calculation method is explained below. Firstly, the method for calculating the ternary-domain error attack resistant Tate bilinear pairings proves the correctness of the operation result under the condition that the cycle number is not wrong:
original ternary field Tate bilinear pairing calculation rational function f P The formula for (ψ (Q)) is as follows:
F 1 =f P (ψ(Q))=(…(((A 1 ) 3 A 2 ) 3 A 3 ) 3 …) 3 A m
ternary-domain error attack resistant Tate bilinear pairing calculation rational function f P The formula for (ψ (Q)) is as follows:
when the cycle number m is not changed, after m rounds of calculation, the method can be obtainedDue to finite fieldThe element R in (A) satisfiesProperty of (2) can be obtainedThereby obtaining by calculationThus, after the final modular exponentiationThen, the factor of the random number R is eliminated, and the correct result of the blinded bilinear pair can be obtained.
The capability of the ternary-domain error attack resistant Tate bilinear pairing calculation method for resisting error attacks is analyzed as follows:
when the number of cycles is changed by an attacker, the number of cycles is changed to m ± Δ by the attack. After m +/-delta round operation, recording the rational function f without adding error attack resisting measures P The result of the operation of (ψ (Q)) isRecording rational function f of anti-error attack measure P The result of the operation of (ψ (Q)) isThenAfter the final modular exponentiation, the final result isThe attacker hopes to obtain a valid error result ofAfter the anti-error attack measures are added, an attacker can only obtain error results after blindingDue to random numbersWhen in useWhen the error value is not equal to 1, an attacker cannot remove the random number factor from the final blind error result to obtain an effective error result, so that the attacker cannot calculate the real error resultError result of (2)In addition, most values of Δ will result in the final erroneous result still being blinded, only if Δ%6m =0 is satisfied,the attacker can only obtain the error result after blindness removal.
It is first demonstrated below that if and only if Δ%6m =0 is satisfied,
if it is usedThen it is availableAccording to the nature of the finite field: finite field if and only if Δ =6mn (n is a non-negative integer)Wherein x satisfies x = x 3Δ Finally, Δ%6m =0 is obtained. This means that the blinded random number factor can only be removed when the attacker changes Δ exactly to 6m or a multiple of 6m, resulting in the error result after blinding that is needed for attack analysis.
However, existing error attack levels cannot change Δ exactly to 6m or multiples of 6 m. The cycle number is attacked by a false attack method, and the most common methods are two methods: first oneThe method introduces errors in the process of loop operation, so that when the loop end judgment generates temporary errors, the loop times can be smaller than m or equal to m +1; or skip the loop variable increment operation, possibly making the number of loops equal to m +1. However, this kind of method cannot change the cycle number to 7m or more, so this attack method does not pose a threat to the method proposed by the present invention. The second method causes permanent errors in the memory or register holding the variable m by attack, but this method can generally only change a single bit of the variable, and if the variable m is changed to m +6nm (n is a positive integer) exactly, and m is generally a number with 0 and 1 evenly distributed, the existing attack capability is almost impossible to achieve. In addition, even if an attacker has the ability to accurately change Δ to 6m or multiples of 6m in the future, such a false attack is still ineffective for the proposed method. Because the error attack method proposed by Page and Vercauteren needs a pair of bilinear pairings to calculate the resultAndand from previous analysis, onlyAre not blinded. An attacker cannot obtain a pair of unblinded results with adjacent cycle times to calculate the private key, so the error attack method proposed by Page and Vercauteren is ineffective for the method proposed by the invention.
Through the analysis, if the error attack occurs, after the final modular exponentiation, the factor of the random number R cannot be eliminated, and an attacker can only obtain the error result after blindingSince the random number R is unknown, an attacker cannot remove the random number factor from the final blinded error result to obtain a valid error result.
Therefore, the realization method provided by the invention can effectively resist error attacks.
In addition, the added time cost of the calculation method provided by the invention is very small, and the added calculation is two items compared with the original calculation method. The first term being an initial random number operationIn which the calculation is carried outThe method can be realized by Frobenius mapping, and the time cost is hardly increased; and subsequent ternary extension fieldThe cubic operation needs only 6 finite fieldsThe following modulo cubic operation can be completed. The second term is the final iteration resultAnd random number R in a ternary extension fieldThe modular multiplication operation needs only 15 finite fieldsThe next modular multiplication operation is completed. Therefore, the time cost added by the calculation method of the invention is almost negligible compared with the total time of the original calculation method.
The following is an implementation example of a ternary-domain error attack resistant Tate bilinear pairings calculation method.
The specific ternary-domain error attack resistant Tate bilinear pairing implementation method flow is described as follows:
the implementation method of the error attack resistant Tate bilinear pair comprises the following steps: ternary fieldCurve E (F) in (1) 3m ):y 2 =x 3 -x+b
Inputs P = (α, β), Q = (x, y)
Output the output
1. GeneratingR=r 0 +r 1 σ+r 2 ρ+r 3 σρ+r 4 ρ 2 +r 5 σρ 2 ,
Satisfy r i (0≤i≤5)≠0。
GeneratingR'=r 0 '+r 1 'σ+r 2 'ρ+r' 3 σρ+r 4 'ρ 2 +r 5 'σρ 2 ,
R 'is satisfied' i (0≤i≤5)≠0。
GeneratingR”=r 0 ”+r 1 ”σ+r 2 ”ρ+r 3 ”σρ+r 4 ”ρ 2 +r 5 ”σρ 2 ,
Satisfy r i ”(0≤i≤5)≠0。
2.C=R'
3.F=R”
4.
5.x=x 3 ,y=y 3 ,d=mb
6.For i=1to m do
6.1.α=α 9 ,β=β 9
6.2.μ=α+x+d,λ=σβy-μ 2
6.3.A=λ-μρ-ρ 2
6.4.C=C 3 ·A
6.5.y=-y,d=d-b
7.F=C·R
8. Return to
Table 1 below shows the Ghosh method and the method proposed by the present invention in the ternary domainComparison of increased time cost and anti-error attack effect of lower Tate bilinear pairings (where M represents binary extension field)Modulo multiplication of the lower, C representing a binary extensionModulo cubic operation):
| increased time cost | Resistance to DFA effects | |
| Ghosh method | m(7M+5C) | Can not resist |
| The method of the invention | 15M+6C | Can resist |
TABLE 1
The time cost increased by the Ghosh method is an average value, and changes according to different blinded random numbers. The added time penalty of the present invention is a fixed value. As can be seen from the above table, neither from the point of view of increased time cost nor from the point of view of the effect of combating DFA, the Ghosh method is as proposed in the present invention.
The time cost increase comparison of the Ghosh method and the method proposed by the present invention in several typical finite domains is shown in table 2 below:
TABLE 2
It can be seen that the method provided by the invention hardly increases the running time, and the time cost of the method is far less than that of the Ghosh method.
The present invention has been described in detail with reference to the specific embodiments, but these embodiments are not intended to limit the present invention. Many variations and modifications may be made by one of ordinary skill in the art without departing from the principles of the present invention, which should also be considered as within the scope of the present invention.
Claims (2)
1. A ternary domain error attack resistant Tate bilinear pairings calculation method,
ternary fieldLower super singular curveThe calculation formula of the last two points P (α, β) and Q (x, y), tate bilinear pair is as follows:
wherein A is i =λ-μρ-ρ 2 ,μ=α (2i) +x (1) +(m+1-i)b,λ=(-1) (i+1) σβ (2i) y (1) -μ 2 (ii) a ρ and σ areSatisfies the equation ρ 3 - ρ -b =0 and σ 2 +1=0; the method is characterized in that:
adding a factor of random number into the calculation flow of the Tate bilinear pairwise cubed root calculation formula to resist error attack; if the number m of rounds of rotation is not changed, then the factor of the random number is eliminated after the final modular exponentiation; if the cycle number m is changed by error attack, the result finally obtained by the attacker is doped with the factor of the random number, and the attacker cannot know the specific value of the random number, so that the factor of the random number cannot be removed from the final result to obtain effective information to calculate the private key; the method comprises the following specific steps:
step one, selecting random numbers
Step two, calculating rational function
Step three, calculating Tate bilinear pairings
In a finite fieldThe element R in (A) satisfiesProperty of (2) can be obtainedThereby obtaining by calculation
2. The method of claim 1, wherein: the ternary field in step oneThe super-singular curve of (1), including y 2 =x 3 -x +1 and y 2 =x 3 -x-1。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310484893.7A CN104579648B (en) | 2013-10-16 | 2013-10-16 | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310484893.7A CN104579648B (en) | 2013-10-16 | 2013-10-16 | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104579648A CN104579648A (en) | 2015-04-29 |
| CN104579648B true CN104579648B (en) | 2018-06-05 |
Family
ID=53094935
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310484893.7A Active CN104579648B (en) | 2013-10-16 | 2013-10-16 | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104579648B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106100844B (en) * | 2016-05-24 | 2020-08-18 | 天津大学 | Optimized automatic bilinear pairing encryption method and device based on point blinding method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8023647B2 (en) * | 2008-05-29 | 2011-09-20 | Cheman Shaik | Password self encryption method and system and encryption by keys generated from personal secret information |
| CN102355353A (en) * | 2011-08-12 | 2012-02-15 | 无锡城市云计算中心有限公司 | Encrypted input method and encrypted communication method and device |
-
2013
- 2013-10-16 CN CN201310484893.7A patent/CN104579648B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8023647B2 (en) * | 2008-05-29 | 2011-09-20 | Cheman Shaik | Password self encryption method and system and encryption by keys generated from personal secret information |
| CN102355353A (en) * | 2011-08-12 | 2012-02-15 | 无锡城市云计算中心有限公司 | Encrypted input method and encrypted communication method and device |
Non-Patent Citations (1)
| Title |
|---|
| 《密码芯片中二院扩域ETa双线性对安全算法》;柴佳晶、顾海华、包斯刚;《计算机应用》;20130101;第33卷(第1期);1全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104579648A (en) | 2015-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Goubin et al. | DES and differential power analysis the “Duplication” method | |
| Ciet et al. | Elliptic curve cryptosystems in the presence of permanent and transient faults | |
| Hess et al. | Information leakage attacks against smart card implementations of cryptographic algorithms and countermeasures–a survey | |
| EP1840732A1 (en) | Protection against side channel attacks | |
| CN104836670B (en) | A kind of SM2 signature algorithm security verification method unknown based on random number | |
| CN106452789B (en) | A kind of endorsement method of multi-faceted anti-side-channel attack | |
| EP3096488B1 (en) | Hypersphere-based multivariable public key encryption/decryption system and method | |
| Feix et al. | Side-channel analysis on blinded regular scalar multiplications | |
| WO2012041942A1 (en) | Protecting modular exponentiation in cryptographic operations | |
| CN102970132A (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
| CN101911009B (en) | Countermeasure method and devices for asymmetrical cryptography with signature diagram | |
| CN101925875A (en) | Countermeasure method and devices for asymmetric cryptography | |
| El Mrabet | What about vulnerability to a fault attack of the Miller’s algorithm during an identity based protocol? | |
| CN106339204A (en) | Method, Device And Non-Transitory Computer-Readable Medium For Cryptographic Computation | |
| CN107896142B (en) | Method and device for executing modular exponentiation and computer readable storage medium | |
| Daniels et al. | Differential properties of the HFE cryptosystem | |
| US8014520B2 (en) | Exponentiation ladder for cryptography | |
| US20070058800A1 (en) | Transition between masked representations of a value during cryptographic calculations | |
| CN103888245A (en) | S box randomized method and system for smart card | |
| Jager | The generic composite residuosity problem | |
| CN105740730B (en) | Safe dot product implementation method in chip | |
| CN104579648B (en) | A kind of anti-fault analysis Tate Bilinear map computational methods in ternary domain | |
| CN105119929A (en) | Safe mode index outsourcing method and system under single malicious cloud server | |
| Leadbitter et al. | Attacking DSA under a repeated bits assumption | |
| Zhang et al. | A novel template attack on wnaf algorithm of ECC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |