JP2001209315A - Elliptic curve square computing device, generating polynomial generator and program recording medium therefor - Google Patents

Elliptic curve square computing device, generating polynomial generator and program recording medium therefor

Info

Publication number
JP2001209315A
JP2001209315A JP2000016019A JP2000016019A JP2001209315A JP 2001209315 A JP2001209315 A JP 2001209315A JP 2000016019 A JP2000016019 A JP 2000016019A JP 2000016019 A JP2000016019 A JP 2000016019A JP 2001209315 A JP2001209315 A JP 2001209315A
Authority
JP
Japan
Prior art keywords
generating
candidate
polynomial
generator polynomial
generator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2000016019A
Other languages
Japanese (ja)
Other versions
JP3638493B2 (en
Inventor
Tetsutaro Kobayashi
鉄太郎 小林
Kazumaro Aoki
和麻呂 青木
Fumisato Hoshino
文学 星野
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nippon Telegraph and Telephone Corp
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Priority to JP2000016019A priority Critical patent/JP3638493B2/en
Publication of JP2001209315A publication Critical patent/JP2001209315A/en
Application granted granted Critical
Publication of JP3638493B2 publication Critical patent/JP3638493B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Landscapes

  • Complex Calculations (AREA)

Abstract

PROBLEM TO BE SOLVED: To increase the speed of the computations by reducing the number of times of multiplications. SOLUTION: A squaring computation of GF(qn-1) on a quadratic extension field GF(qn)=GF(qn-12) is conducted on GF(qn-1). In a quadratic generating polynomial x2+v1x+v0 on the GF(qn-1) which has bases α and β as solutions to A=A0α+A1β and A2=C0α+C1β, A0-A1, is computed using relationships v0=u2 and u exists GF(qn-1), (u/v1) is multiplied to obtain L5, computes (L5-A0)(L5+A0)→T0, computes (L5-A1)(L5+A1)→T1, computes -v1T0→C0 and -v1T1→C1 and outputs the results.

Description

【発明の詳細な説明】DETAILED DESCRIPTION OF THE INVENTION

【0001】[0001]

【発明の属する技術分野】この発明は、例えば、情報セ
キュリティ技術(楕円曲線暗号/署名、素因数分解)を
実現するために用いられる楕円曲線上の演算装置に関す
る。BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an arithmetic device on an elliptic curve used for implementing, for example, information security technology (elliptic curve encryption / signature, prime factorization).

【0002】[0002]

【従来の技術】楕円曲線上で公開鍵暗号やデジタル署名
を実現する場合、その処理時間のほとんどは楕円曲線上
のk倍演算に費やされる。一般に、暗号や署名には有限
体GF(q)上で定義される楕円曲線を使う。これをE
/GF(q)と表記する。qは素数または素数のべき乗
である。従来の実装法ではqに素数または2m を用いる
ことが多かったが、この発明は一般の有限体の場合を考
える。2. Description of the Related Art When realizing public key cryptography and digital signatures on an elliptic curve, most of the processing time is spent for k-times operations on the elliptic curve. In general, an elliptic curve defined on a finite field GF (q) is used for encryption and signature. This is E
/ GF (q). q is a prime number or a power of a prime number. In the conventional implementation method, a prime number or 2 m is often used for q, but the present invention considers a general finite field.

【0003】楕円曲線上の点Pに対する加算を定義でき
る。通常の加算と区別するためにこれを、「楕円加算」
「楕円2倍演算」と呼ぶ。いずれも、有限体GF(q)
上の加減乗除算を組み合わせることで行うことが出来
る。通常、k倍演算を構成するために、「楕円加算」
「楕円2倍演算」を組み合わせて行なう方法が用いられ
ている。したがって、楕円曲線上の演算は、有限体GF
(q)上の加減乗除算に帰着することが出来、これらを
高速化することが、楕円曲線上の演算の高速化につなが
る。[0003] Addition to a point P on an elliptic curve can be defined. This is called "elliptical addition" to distinguish it from normal addition.
This is referred to as “ellipse doubling operation”. Both are finite fields GF (q)
It can be performed by combining the above addition, subtraction, multiplication and division. Usually, "elliptic addition" is used to compose a k-fold operation.
A method of combining "ellipse doubling operation" is used. Therefore, the operation on the elliptic curve is a finite field GF
(Q) can be reduced to addition, subtraction, multiplication and division, and speeding up these leads to speeding up operations on elliptic curves.

【0004】楕円曲線演算を、GF(qn)上の有理式
の列R(x0,x1,…)及びx0,x 1 ,…の値をGF
(qn)演算器に入力し、GF(qn-1)上の演算列とデ
ータに帰着させるGF(qn-1)演算器へ渡し、GF
(qn-1)演算器は入力をGF(q n-2)上の演算の列と
データに帰着させてGF(qn-2)演算器に渡し、以下
同様のことを繰返して、GF(q0)演算器で計算した
結果を出力するように、つまり逐次拡大させることによ
り、従来の楕円曲線演算より、乗算回数を減少すること
ができることを特願平11−230123号「逐次拡大
を用いた楕円曲線演算装置及びプログラム記録媒体」で
提案した。An elliptic curve operation is represented by GF (qnThe rational expression on
Column R (x0, X1, ...) and x0, X 1 , ... is the value of GF
(Qn) Input to the arithmetic unit and GF (qn-1) And the sequence of operations on
GF (qn-1) Hand over to arithmetic unit, GF
(Qn-1) Operator inputs GF (q n-2) And the above sequence of operations
Reduced to the data, GF (qn-2) Pass it to the computing unit and
By repeating the same, GF (q0) Calculated by the calculator
By outputting the result, that is, by successively expanding
And reduce the number of multiplications compared to the conventional elliptic curve calculation.
Japanese Patent Application No. 11-230123, "Sequential Expansion"
Elliptic curve calculation device and program recording medium using
Proposed.

【0005】この場合のGF(qn-1)のm次拡大体G
F(qn)=GF(qn-1 m)上のGF(qn-1)演算器に
おける自乗器として、入力A=(A0,A1)、出力A2
=(C0 ,C1)を正規基底によるGF(qn)=GF
(qn-1 m)上の元のGF(qn- 1)上の元により表現
し、基底をαおよびβ(ただしα+β=−v1)とする
とA=A0α+A1β,A2=C0α+C1βを意味し、全
ての基底を解にもつGF(qn -1)上m次既約多項式を
f(x)=x2+v1x+v0とし、 A2=(−A0 21+(A0−A12(v0/v1))α+
(−A1 21+(A0−A12(v0/v1))β の演算を行うことが提案されている。つまり図9に示す
ようにGF(qn-1)自乗器27BでA0 2→L0を演算
し、GF(qn-1)減算器27CでA0−A1→L1を演算
し、GF(qn-1)自乗器27DでA1 2→L2を演算し、
GF(qn-1)自乗器27EでL1 2→L3を演算し、GF
(qn-1)定数倍器27Fで−v10→L 4を演算し、G
F(qn-1)定数倍器27Gで(−v1-1(−v0)L3
→L5を演算し、GF(qn-1)定数倍器27Hで−v1
2 →L6 を演算し、GF(qn-1)加算器27IでL4
+L5→C0を演算し、GF(qn-1)加算器27JでL5
+L6→C1を演算してA2=(C0,C1)を得る。In this case, GF (qn-1) Of the m-th extension field G
F (qn) = GF (qn-1 m) On GF (qn-1) To the computing unit
Input A = (A0, A1), Output ATwo 
= (C0 , C1) With GF (qn) = GF
(Qn-1 m) On the original GF (qn- 1) Expressed by the above element
And bases are α and β (where α + β = −v1)
And A = A0α + A1β, ATwo= C0α + C1β means all
GF (qn -1) Above m-order irreducible polynomial
f (x) = xTwo+ V1x + v0And ATwo= (-A0 Twov1+ (A0-A1)Two(V0/ V1)) Α +
(-A1 Twov1+ (A0-A1)Two(V0/ V1It has been proposed to perform the operation of β). That is, as shown in FIG.
GF (qn-1) A in the squarer 27B0 Two→ L0Calculate
GF (qn-1) A in the subtractor 27C0-A1→ L1Calculate
GF (qn-1) A in the squarer 27D1 Two→ LTwo, And
GF (qn-1) L on the squarer 27E1 Two→ LThreeAnd GF
(Qn-1) -V with constant multiplier 27F1L0→ L Four, And G
F (qn-1) In the constant multiplier 27G, (-v1)-1(-V0) LThree
→ LFiveAnd GF (qn-1) -V with constant multiplier 27H1
LTwo → L6 And GF (qn-1) L at the adder 27IFour
+ LFive→ C0And GF (qn-1) L at adder 27JFive
+ L6→ C1To calculate ATwo= (C0, C1Get)

【0006】このようにすれば3回の自乗演算と3回の
倍数演算で済む。また前記逐次拡大を用いた楕円曲線演
算ではGF(qn-1)のm次拡大GF(qn)=GF(q
n-1 m)を多項式基底を用いて行うが、その多項式基底に
用いる生成多項式は既約でなければならない。また正規
基底の場合は逐次的に拡大する時に、拡大ごとに高速演
算に適した正規基底の生成元が定義されることによっ
て、全ての基底を解に持つ既約多項式を定義して既約多
項式の列を作る。従って、既約多項式を作る際、この解
が正規基底になるものでなくてはならない。In this way, only three square operations and three multiple operations are required. In the elliptic curve calculation using the sequential expansion, an m-order expansion of GF (q n-1 ) GF (q n ) = GF (q
n-1 m ) is performed using a polynomial basis, and the generator polynomial used for the polynomial basis must be irreducible. In the case of normal bases, when successively expanding, a generator of normal bases suitable for high-speed operation is defined for each expansion, so that an irreducible polynomial having all bases as solutions is defined and an irreducible polynomial is defined. Make a row of Therefore, when creating an irreducible polynomial, this solution must be a normal basis.

【0007】[0007]

【発明が解決しようとする課題】この発明の1目的はG
F(qn-1)のm次拡大体GF(qn)=GF(qn-1 m
上の自乗器のGF(qn-1)演算器の乗算回数を更に減
らし、より高速な演算を行うことができる楕円曲線自乗
演算装置を提供することにある。この発明の他の目的は
逐次拡大を用いた楕円曲線演算装置において、逐次拡大
に適した基底を得るための生成多項式を生成する装置を
提供することにある。One object of the present invention is to provide a G
F (q n-1) of the m-th extension field GF (q n) = GF ( q n-1 m)
An object of the present invention is to provide an elliptic curve square arithmetic device capable of further reducing the number of multiplications of the GF (q n-1 ) arithmetic unit of the above squarer and performing higher-speed arithmetic. It is another object of the present invention to provide a device for generating a generator polynomial for obtaining a basis suitable for successive expansion in an elliptic curve calculation device using successive expansion.

【0008】[0008]

【課題を解決するための手段】この発明の楕円曲線自乗
演算装置においては全ての基底を解にもつGF
(qn- 1)上m次既約多項式をf(x)=x2+v1x+
0とし、特にv0=u2,u∈GF(qi-1)と表わせる
ものを用い、 A2=C0α+C1β =v1((A0−A1)(u/v1)−A0)((A0−A1)(u/
1)+A0)α+v1((A0−A1)(u/v1)−A1)((A0
1)(u/v1)+A1)β を演算する装置である。According to the elliptic curve square operation device of the present invention, a GF having all bases as solutions is provided.
(Q n− 1 ) The upper m-order irreducible polynomial is expressed as f (x) = x 2 + v 1 x +
v 0 , in particular v 0 = u 2 , u∈GF (q i-1 ) is used, and A 2 = C 0 α + C 1 β = v 1 ((A 0 −A 1 ) (u / v 1 ) −A 0 ) ((A 0 −A 1 ) (u /
v 1 ) + A 0 ) α + v 1 ((A 0 −A 1 ) (u / v 1 ) −A 1 ) ((A 0
A 1 ) (u / v 1 ) + A 1 ).

【0009】またこの発明による生成多項式生成装置
は、生成多項式の候補を選び、その生成多項式候補が既
約であるか検査し、既約でなければ次の生成多項式候補
を選び同様のことを行い、既約であれば、これを用い、
GF(qi)からGF(qi+1)への拡大ごとに同様にし
て生成多項式を生成する。Further, the generator polynomial generator according to the present invention selects a generator polynomial candidate, checks whether the generator polynomial candidate is irreducible, and if not, selects the next generator polynomial candidate and performs the same operation. , If irreducible, use this,
A generator polynomial is generated in a similar manner for each expansion from GF (q i ) to GF (q i + 1 ).

【0010】[0010]

【発明の実施の形態】自乗器(正規基底) この装置はGF(qn-1)のm次拡大GF(qn)=GF
(qn-1 m)上の自乗器のGF(qn-1)上演算装置によ
る一構成例である。この構成例はm=2であり、全ての
基底を解にもつGF(qn-1)上m次生成多項式をf
(x)=x2+v1x+v0とした場合にv0=u2なるu
∈GF(qn-1)が存在する場合の装置である。DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Squarer (Normal Basis) This apparatus is an m-th order expansion of GF (q n -1 ) GF (q n ) = GF
This is an example of a configuration of a squarer on (q n-1 m ) by an arithmetic unit on GF (q n-1 ). In this configuration example, m = 2, and an m- th generation polynomial on GF (q n-1 ) having all bases as solutions is represented by f
When (x) = x 2 + v 1 x + v 0 , u such that v 0 = u 2
This is an apparatus when -1GF (q n-1 ) exists.

【0011】この説明および、図1においてA=
(A0,A1)およびA2 =(C0,C1)は正規基底によ
るGF(qn)=GF(qn-1 m)上の元のGF(qn-1
上の元による表現であり、基底をαおよびβとするとそ
れぞれA=A0α+A1βおよびA2=C0α+C1βを意
味している。図に示す装置100はGF(qn)=GF
(qn-1 m)上の元A=(A0,A1)の入力に対してGF
(qn)上の元A2を出力する装置の構成の一例を表して
いる。In this explanation and FIG.
(A 0 , A 1 ) and A 2 = (C 0 , C 1 ) are the original GF (q n-1 ) on GF (q n ) = GF (q n-1 m ) by the normal basis.
This is an expression based on the above element, and when the basis is α and β, it means A = A 0 α + A 1 β and A 2 = C 0 α + C 1 β, respectively. The device 100 shown in the figure has GF (q n ) = GF
GF for the input of the element A = (A 0 , A 1 ) on (q n-1 m )
(Q n ) shows an example of the configuration of a device that outputs the element A 2 on (q n ).

【0012】この装置の動作をプログラムで実現する場
合は、図5に示すフローに従って実行する。このGF
(qn)自乗算器100はGF(qn-1)定数倍器と、G
F(qn-1)加算器と、GF(qn-1)減算器と、GF
(qn-1)乗算器とこれらを制御する制御器111と、
メモリ112とで構成される。GF(qn-1)減算器1
01はA0とA1を入力とし、GF(qn-1)定数倍器1
02は減算器101の出力L1を入力とし、GF
(qn-1)加算器103はA0と定数倍器102の出力L
5を入力し、GF(qn-1)減算器104はA0とL5を入
力とし、GF(qn-1)加算器105はL5 とA1 を入
力とし、GF(qn-1)減算器106はL5とA1を入力
とし、GF(qn-1)乗算器107は加算器103の出
力と減算器104の出力を入力とし、GF(qn-1)定
数倍器108は乗算器107を入力とし、GF
(qn-1)乗算器109は加算器105の出力と減算器
106の出力とを入力とし、GF(qn-1)定数倍器1
10は乗算器109の出力を入力とする。When the operation of this apparatus is realized by a program, it is executed according to the flow shown in FIG. This GF
The (q n ) self-multiplier 100 includes a GF (q n-1 ) constant multiplier and G
F (q n-1 ) adder, GF (q n-1 ) subtractor, GF
(Q n-1 ) multipliers and a controller 111 for controlling them,
And a memory 112. GF (q n-1 ) subtractor 1
01 receives A 0 and A 1 as inputs and GF (q n-1 ) constant multiplier 1
02 receives the output L 1 of the subtractor 101, GF
The (q n-1 ) adder 103 outputs A 0 and the output L of the constant multiplier 102.
5 , the GF (q n-1 ) subtractor 104 receives A 0 and L 5 as inputs, the GF (q n-1 ) adder 105 receives L 5 and A 1 as inputs, and GF (q n− 1) the subtractor 106 inputs the L 5 and a 1, GF (q n- 1) multiplier 107 receives the output of the output subtracter 104 of the adder 103, GF (q n-1 ) constant multiple The multiplier 108 receives the multiplier 107 as an input, and
The (q n-1 ) multiplier 109 receives the output of the adder 105 and the output of the subtractor 106 as inputs, and outputs a GF (q n-1 ) constant multiplier 1
10 receives the output of the multiplier 109 as an input.

【0013】この自乗器100は以下のように動作す
る。入力値A=(A0,A1)を入力し、メモリ112に
一時格納され、以下において特に述べないが演算に必要
なデータはメモリ112から読出され、演算結果はメモ
リ112に記憶される。 Step1:GF(qn-1)減算器101は入力のA0
およびA1 に対して L1 ←A0−A1 を計算してL1 を出力する。This squarer 100 operates as follows. An input value A = (A 0 , A 1 ) is input and temporarily stored in the memory 112. Data required for the operation is read out from the memory 112, although not described below, and the operation result is stored in the memory 112. Step 1: The GF (q n-1 ) subtractor 101 receives the input A 0
Calculate the L 1 ← A 0 -A 1 outputs an L 1 against and A 1.

【0014】Step2:GF(qn-1)定数倍器10
2は入力のL1 に対して L5 ←(u/v1)L1 を計算してL5 を出力する。 Step3:GF(qn-1)加算器103は入力のL5
0に対して L5 +A0 を計算して出力する。 Step4:GF(qn-1)減算器104は入力のL5
0に対して L5−A0を計算して出力する。Step 2: GF (q n-1 ) constant multiplier 10
2 calculates the L 5 ← (u / v 1 ) L 1 with respect to L 1 in the input to output an L 5. Step 3: GF (q n-1 ) adder 103 receives input L 5 ,
By calculating L 5 + A 0 output to the A 0. Step 4: The GF (q n-1 ) subtractor 104 receives the input L 5 ,
Calculate the L 5 -A 0 and outputs it to A 0.

【0015】Step5:GF(qn-1)加算器105
は入力のL5,A1に対して L5 +A1 を計算して出力する。 Step6:GF(qn-1)減算器106は入力のL5
1に対して L5 −A1 を計算して出力する。 Step7:GF(qn-1)乗算器107は入力の(L5
+A0),(L5 −A0)に対して T0←(L5+A0)(L5−A0)を計算して出力する。Step 5: GF (q n-1 ) adder 105
Calculates L 5 + A 1 with respect to the input L 5 and A 1 and outputs the result. Step 6: The GF (q n-1 ) subtractor 106 receives the input L 5 ,
Calculate the L 5 -A 1 outputs to A 1. Step 7: The GF (q n-1 ) multiplier 107 receives the input (L 5
+ A 0 ), (L 5 −A 0 ), and calculates and outputs T 0 ← (L 5 + A 0 ) (L 5 −A 0 ).

【0016】Step8:GF(qn-1)定数倍器10
8は入力の(L5+A0)(L5−A0)に対して −v1(L5+A0)(L5−A0)を計算してC0 として
出力する。 Step9:GF(qn-1)乗算器109は入力の(L5
+A1),(L5−A1)に対して T1←(L5+A1)(L5−A1)を計算して出力する。Step 8: GF (q n-1 ) constant multiplier 10
8 calculates the input (L 5 + A 0) ( L 5 -A 0) -v 1 against (L 5 + A 0) ( L 5 -A 0) is output as C 0. Step 9: The GF (q n-1 ) multiplier 109 receives the input (L 5
+ A 1), and calculates and outputs (L 5 -A 1) with respect to T 1 ← (L 5 + A 1) (L 5 -A 1).

【0017】Step10:GF(qn-1)定数倍器1
10は入力の(L5+A1)(L5−A 1)に対して −v1(L5 +A1)(L5 −A1)を計算してC1 とし
て出力する。 Step11:(C0,C1)をA2として出力する。 生成多項式生成装置 図2に示す生成多項式生成装置はGF(qn-1)のm次
拡大GF(qn)=GF(qn-1 m) を多項式基底を用い
て行なうのに用いる生成多項式を求める装置の一構成例
である。この装置200は制御装置201にメモリ20
2と既約性判定装置203とが接続されて構成される。Step 10: GF (qn-1) Constant multiplier 1
10 is the input (LFive+ A1) (LFive-A 1) For -v1(LFive + A1) (LFive -A1) To calculate C1 age
Output. Step11: (C0, C1) To ATwoOutput as Generator Polynomial Generator The generator polynomial generator shown in FIG.n-1M) order
Expanded GF (qn) = GF (qn-1 m) Using a polynomial basis
Configuration example of a device for obtaining a generator polynomial used for performing
It is. This device 200 has a memory 20
2 and the irreducibility determination device 203 are connected to each other.

【0018】この装置の動作をプログラムで実現する場
合は、図6に示すフローに従って実行する。 Step0:制御装置201は入力有限体GF
(qn-1)と拡大次数mを入力する。またj個の生成多
項式候補fi(x),(i=1,…,j)を生成する。
iを0に初期化する。i=jかを調べiがjでなければ Step1:iを+1して入力された有限体GF(q
n-1)上の生成多項式候補fi(x)を選ぶ。When the operation of this apparatus is realized by a program, it is executed according to the flow shown in FIG. Step 0: The control device 201 receives the input finite field GF
(Q n-1 ) and the extension degree m are input. Also, j generator polynomial candidates f i (x), (i = 1,..., J) are generated.
Initialize i to 0. It is checked whether i = j, and if i is not j, Step1: i is incremented by 1 and the input finite field GF (q
n-1 ) Select the generator polynomial candidate f i (x) above.

【0019】Step2:既約性判定装置203を用い
てそのfi(x)が既約であるか検査する。 Step3:既約であれば、生成多項式g(x)として
i(x)を出力。既約でなければStep1へもどっ
てやりなおし。既約性判定装置203の構成は後で述べ
る。また、この装置の構成としては、以下のような構
成、およびその組合せによる構成をすることもできる。Step 2: Using the irreducibility judging device 203, it is checked whether or not f i (x) is irreducible. Step 3: If irreducible, output f i (x) as a generator polynomial g (x). If not, return to Step 1 and start over. The configuration of the irreducibility determination device 203 will be described later. Further, the configuration of this device may be the following configuration or a combination thereof.

【0020】f(x)が2次多項式x2+v1x+v0
場合に多項式基底を用いた乗算を高速に行なうことを目
的として、Step0においてv1=−1となる候補fi
(x)を生成する。f(x)が2次多項式x2+v1x+
0の場合に多項式基底を用いた逆元や自乗を高速に行
なうことを目的として、Step0においてv1=0と
なる候補fi(x)を生成する。When f (x) is a quadratic polynomial x 2 + v 1 x + v 0 , in order to perform multiplication using a polynomial basis at high speed, candidates f i in which v 1 = −1 in Step 0
(X) is generated. f (x) is a quadratic polynomial x 2 + v 1 x +
v The inverse or squared with polynomial basis in the case of 0 for the purpose of performing a high speed, to produce a candidate f i (x) to be v 1 = 0 in Step 0.

【0021】f(x)が2次多項式x2+v1x+v0
場合に多項式基底を用いた自乗を高速に行なうことを目
的として、Step0においてv1=0,v0=u2とあ
らわすことができる候補fi(x)を生成する。 正規多項式生成装置 図3に示す正規多項式生成装置はGF(qn-1)のm次
拡大GF(qn)=GF(qn-1 m)を正規基底を用いて
行なうのに用いる正規多項式を求める装置の一構成例で
ある。この装置300は制御装置301にメモリ30
2、既約性判定装置303、正則判定装置304が接続
されて構成される。In the case where f (x) is a quadratic polynomial x 2 + v 1 x + v 0 , v 1 = 0 and v 0 = u 2 are expressed in Step 0 for the purpose of quickly squaring using the polynomial basis. generating a candidate f i (x) which can. Normal Polynomial Generating Apparatus The normal polynomial generating apparatus shown in FIG. 3 is a normal polynomial used for performing an m-order expansion of GF (q n-1 ) GF (q n ) = GF (q n-1 m ) using a normal basis. 1 is a configuration example of an apparatus for obtaining the following. This device 300 includes a memory 30 in the control device 301.
2. The irreducibility determination device 303 and the regularity determination device 304 are connected and configured.

【0022】この装置の動作をプログラムで実現する場
合は、図7に示すフローに従って実行する。 Step0:有限体GF(qn-1)、拡大次数mを入力
する。生成多項式候補fi(x),(i=1,…,j)
を生成し、iを0に初期化した後、i=jかを判定し、
iがjでなければ、 Step1:iを+1して入力された有限体GF(q
n-1)上の生成多項式候補fi(x)を選ぶ。When the operation of this apparatus is realized by a program, it is executed according to the flow shown in FIG. Step 0: Input a finite field GF (q n-1 ) and an expansion degree m. Generator polynomial candidate f i (x), (i = 1,..., J)
Is generated, i is initialized to 0, and it is determined whether i = j.
If i is not j, Step1: a finite field GF (q
n-1 ) Select the generator polynomial candidate f i (x) above.

【0023】Step2:既約性判定装置303を用い
てfi(x)が既約であるか検査する。 Step3:既約でなければStep1へもどってやり
なおし。 Step4:既約であれば正則判定装置304を用いて
i(x)が正則であるか検査する。(この検査の方法
は、例えば「暗号・ゼロ知識証明・数論」岡本龍明・太
田和夫著、共立出版pp.167などに述べられてい
る) Step5:正則でなければStep1へもどってやり
なおし。正則であれば、生成多項式f(x)としてfi
(x)を出力。Step 2: Using the irreducibility judging device 303, it is checked whether f i (x) is irreducible. Step 3: If the contract has not been made, return to Step 1 and start over. Step 4: If irreducible, the regularity determination device 304 is used to check whether f i (x) is regular. (This checking method is described in, for example, "Cryptography / Zero Knowledge Proof / Number Theory", written by Tatsuaki Okamoto and Kazuo Ota, Kyoritsu Shuppan, pp. 167) Step 5: If not regular, return to Step 1 and start over. If it is regular, f i as a generator polynomial f (x)
Output (x).

【0024】また、この装置の構成としては、以下のよ
うな構成をすることもできる。f(x)が2次多項式x
2+v1x+v0の場合に多項式基底を用いた自乗を高速
に行なうことを目的として、Step0においてv0
2と表わすことができるf(x)を生成する。 既約性判定装置 図4に示す既約性判定装置は図2,3に示した装置にお
ける、既約性判定装置203,303の一構成例であ
る。この装置400は制御装置401と多項式ユークリ
ッド(Euclid)互除装置402とよりなる。The configuration of this device may be as follows. f (x) is a quadratic polynomial x
In the case of 2 + v 1 x + v 0 , in order to quickly perform the square using the polynomial basis, v 0 =
Generate f (x), which can be represented as u 2 . Irreducibility determining device The irreducibility determining device shown in FIG. 4 is a configuration example of the irreducibility determining devices 203 and 303 in the devices shown in FIGS. The device 400 comprises a control device 401 and a polynomial Euclid reciprocal device 402.

【0025】この装置の動作をプログラムで実現する場
合は、図8に示すフローに従って実行する。定義体GF
(qn-1)と候補f(x)、拡大次数mを入力する。g
(x)=(x^qn-1 m-1)−xを作る。ここでA^Bは
Bを表わす。次に多項式Euclid互除法を用い
て、入力された多項式f(x)とg(x)=(x^q
n-1 m-1)−xとの最大公約多項式を求め、その最大公約
多項式が0次式ならば、「既約」を、1次以上ならば
「可約」を出力する。When the operation of this apparatus is realized by a program, it is executed according to the flow shown in FIG. Definition field GF
(Q n−1 ), the candidate f (x), and the expansion order m are input. g
(X) = (x ^ q n-1 m-1 ) -x Here A ^ B represents the A B. Next, the input polynomials f (x) and g (x) = (x ^ q
The greatest common divisor polynomial with ( n-1 m-1 ) -x is obtained, and if the greatest common polynomial is a zero-order expression, "irreducible" is output.

【0026】上述において各装置をコンピュータにより
プログラムを解読実行させて機能させることもできる。In the above, each device can be made to function by causing a computer to decode and execute a program.

【0027】[0027]

【発明の効果】以上述べたようにこの発明の自乗演算装
置によれば、2回の乗算と3回の定数倍演算とで済み、
図9に示したものよりも、乗算回数が1回少なくて済
み、それだけ高速に演算することができる。また逐次拡
大楕円曲線演算においてその拡大に利用する多項式基底
の生成多項式を生成することができる。As described above, according to the square operation device of the present invention, only two multiplication operations and three constant multiplication operations are required.
The number of times of multiplication is one less than that shown in FIG. 9, and the calculation can be performed at a higher speed. In addition, it is possible to generate a generator polynomial of a polynomial basis used for the expansion in the successive expansion elliptic curve calculation.

【図面の簡単な説明】[Brief description of the drawings]

【図1】この発明のGF(qn)自乗器の実施例を示す
ブロック図。FIG. 1 is a block diagram showing an embodiment of a GF (q n ) squarer of the present invention.

【図2】この発明の多項式基底の生成多項式生成装置を
示すブロック図。FIG. 2 is a block diagram showing a polynomial basis generator polynomial generator according to the present invention.

【図3】この発明の正規多項式生成装置を示すブロック
図。FIG. 3 is a block diagram showing a normal polynomial generating apparatus according to the present invention.

【図4】図2、図3に用いた既約性判定装置の構成を示
すブロック図。FIG. 4 is a block diagram showing a configuration of an irreducibility determination device used in FIGS. 2 and 3;

【図5】図1に示した実施例におけるGF(qn)自乗
処理手順を示す流れ図。FIG. 5 is a flowchart showing a GF (q n ) square processing procedure in the embodiment shown in FIG. 1;

【図6】図2に示した実施例における多項式基底の生成
多項式生成処理手順を示す流れ図。FIG. 6 is a flowchart showing a generating polynomial generating procedure of a polynomial basis in the embodiment shown in FIG. 2;

【図7】図3に示した実施例における正規多項式生成処
理手順を示す流れ図。FIG. 7 is a flowchart showing a normal polynomial generation processing procedure in the embodiment shown in FIG. 3;

【図8】図4に示した装置の既約性判定処理手順を示す
流れ図。FIG. 8 is a flowchart showing an irreducibility determination processing procedure of the apparatus shown in FIG. 4;

【図9】先に提案したGF(qn)自乗器の機能構成を
示す図。FIG. 9 is a diagram showing a functional configuration of a previously proposed GF (q n ) squarer.

───────────────────────────────────────────────────── フロントページの続き (72)発明者 星野 文学 東京都千代田区大手町二丁目3番1号 日 本電信電話株式会社内 Fターム(参考) 5B056 FF01 FF02 HH00 5J104 AA25 JA25 NA16 NA27  ────────────────────────────────────────────────── ─── Continuation of the front page (72) Hoshino Literature 2-3-1 Otemachi, Chiyoda-ku, Tokyo Nippon Telegraph and Telephone Corporation F-term (reference) 5B056 FF01 FF02 HH00 5J104 AA25 JA25 NA16 NA27

Claims (14)

【特許請求の範囲】[Claims] 【請求項1】 有限体GF(qn-1)(qn-1は素数又は
素数のべき乗である)の2次拡大GF(qn)=GF
(qn-1 2)上の楕円曲線自乗演算装置であって、 入力A=(A0,A1)、出力A2=(C0,C1)は正規
基底α,βによるGF(qn)=GF(qn-1 2)上の元
が二つのGF(qn-1)上の元より表現され、 A=A0α+A1β、A2=C0α+C1βであり、α,β
を解にもつGF(qn-1)上の2次生成多項式をf
(x)=x2+v1x+v0とし、v0=u2,u∈GF
(qn-1)であって、 A0とA1を入力してA0−A1→L1を演算するGF(q
n-1)減算手段と、 L1を入力して(u/v1)L1→L2を演算するGF(q
n-1)定数倍手段と、 A0とL2を入力してA0+L2→L3を演算するGF(q
n-1)加算手段と、 A0とL2を入力してL2−A0→L4を演算するGF(q
n-1)減算手段と、 A1とL2を入力してA1+L2 →L5を演算するGF(q
n-1)加算手段と、 A1とL2を入力してL2−A1→L6を演算するGF(q
n-1)減算手段と、 L3とL4を入力してL3×L4→L7を演算するGF(q
n-1)乗算手段と、 L5とL6を入力してL5×L6→L8を演算するGF(q
n-1)乗算手段と、 L7を入力して−v17→C0を演算して出力するGF
(qn-1)定数倍手段と、 L8を入力して−v18→C1を演算して出力するGF
(qn-1)定数倍手段と、 を具備する楕円曲線自乗演算装置。1. A second-order extension GF (q n ) = GF of a finite field GF (q n-1 ) (q n-1 is a prime number or a power of a prime number)
An elliptic curve square arithmetic device on (q n-1 2 ), wherein an input A = (A 0 , A 1 ) and an output A 2 = (C 0 , C 1 ) are GF (q n ) = an element on GF (q n-1 2 ) is represented by two elements on GF (q n-1 ), A = A 0 α + A 1 β, A 2 = C 0 α + C 1 β, α, β
Is a quadratic generator polynomial on GF (q n-1 )
(X) = x 2 + v 1 x + v 0 , v 0 = u 2 , u∈GF
A (q n-1), by entering the A 0 and A 1 calculates the A 0 -A 1 → L 1 GF (q
n-1) for computing a subtraction unit, type L 1 a (u / v 1) L 1 → L 2 GF (q
n-1 ) A constant multiplying means, and GF (q which calculates A 0 + L 2 → L 3 by inputting A 0 and L 2
n-1 ) Addition means, GF (q which inputs A 0 and L 2 and calculates L 2 −A 0 → L 4
n-1 ) subtraction means, GF (q which calculates A 1 + L 2 → L 5 by inputting A 1 and L 2
n-1 ) Addition means, GF (q which inputs A 1 and L 2 and calculates L 2 −A 1 → L 6
n-1 ) subtraction means, and GF (q which calculates L 3 × L 4 → L 7 by inputting L 3 and L 4
n-1 ) Multiplying means, GF (q which calculates L 5 × L 6 → L 8 by inputting L 5 and L 6
n-1) multiplication means and, GF which enter the L 7 calculates and outputs the -v 1 L 7 → C 0
(Q n-1) constant factor means and inputs the L 8 calculates and outputs the -v 1 L 8 → C 1 GF
(Q n-1 ) constant multiplying means; 【請求項2】 有限体GF(qi)(qiは素数又は素数
のべき乗である)からGF(qi+1)へのm次拡大を行
うために用いる生成多項式を生成する装置であって、 生成多項式候補を生成する手段と、 生成多項式候補f(x)の1つを選択する選択手段と、 選択された候補f(x)が、既約であるか検査する検査
手段と、 その検査手段が既約であると判定すると、生成多項式と
して上記選択された候補f(x)を出力する手段と、 上記検査手段が既約でないと判定すると上記選択手段と
上記検査手段とを繰返させる手段とを備えることを特徴
とする多項式基底の生成多項式生成装置。2. An apparatus for generating a generator polynomial used for performing an m-order expansion from a finite field GF (q i ) (q i is a prime number or a power of a prime number) to GF (q i + 1 ). Means for generating a generator polynomial candidate; selecting means for selecting one of the generator polynomial candidates f (x); checking means for checking whether the selected candidate f (x) is irreducible; If the checking means determines that it is irreducible, means for outputting the selected candidate f (x) as a generator polynomial, and if the checking means determines that it is not irreducible, the selecting means and the checking means are repeated. Means for generating a polynomial basis generating polynomial. 【請求項3】 請求項2記載の生成多項式生成装置にお
いて、 GF(qi)からGF(qi+1)への2次拡大に用いら
れ、 上記生成多項式候補を生成する手段はv1が−1(ただ
し、v0,v1はGF(qi)の元)であるx2+v1x+
0なる生成多項式候補を生成する手段であることを特
徴とする多項式基底の生成多項式生成装置。3. A generator polynomial generation apparatus according to claim 2 wherein is used from GF (q i) on the secondary expansion of the GF (q i + 1), the means for generating the generator polynomial candidate v 1 is X 2 + v 1 x + which is −1 (where v 0 and v 1 are elements of GF (q i ))
An apparatus for generating a polynomial basis generating polynomial, which is means for generating a generating polynomial candidate of v 0 . 【請求項4】 請求項2記載の生成多項式生成装置にお
いて、 GF(qi)からGF(qi+1)への2次拡大に用いら
れ、 上記生成多項式候補を生成する手段はv1が0(ただ
し、v0,v1はGF(qi)の元)であるx2+v1x+
0なる生成多項式候補を生成する手段であることを特
徴とする多項式基底の生成多項式生成装置。4. A generator polynomial generation apparatus according to claim 2 wherein is used from GF (q i) on the secondary expansion of the GF (q i + 1), the means for generating the generator polynomial candidate v 1 is 0 (where v 0 and v 1 are elements of GF (q i )) x 2 + v 1 x +
An apparatus for generating a polynomial basis generating polynomial, which is means for generating a generating polynomial candidate of v 0 . 【請求項5】 請求項4記載の生成多項式生成装置にお
いて、 上記生成多項式候補を生成する手段はv0がu2(ただ
し、uはGF(qi)の元)と表すことが出来る生成多
項式候補を生成する手段であることを特徴とする多項式
基底の生成多項式生成装置。5. The generator polynomial generator according to claim 4, wherein the means for generating the generator polynomial candidate is such that v 0 can be expressed as u 2 (where u is an element of GF (q i )). An apparatus for generating a polynomial basis generating polynomial, which is means for generating a candidate. 【請求項6】 有限体GF(qi)(qiは素数又は素数
のべき乗である)からGF(qi+1)へのm次拡大を行
うために用いる生成多項式を生成する装置であって、 生成多項式候補を生成する手段と、 生成多項式候補f(x)の1つを選ぶ選択手段と、 上記選んだ候補f(x)が、既約であるか否か検査する
第1検査手段と、 その第1検査手段が既約でないと判定すると上記選択手
段に選択のやりなおしをさせる手段と、 上記第1検査手段が既約と判定すると、上記選んだ候補
f(x)が、正則であるか検査する第2検査手段と、 第2検査手段が正則でないと判定すると上記選択手段に
選択のやりなおしをさせる手段と、 上記第2検査手段が正則であると判定するとその候補f
(x)を出力する手段とを備えていることを特徴とする
正規基底の生成多項式生成装置。6. An apparatus for generating a generator polynomial used for performing an m-order expansion from a finite field GF (q i ) (q i is a prime number or a power of a prime number) to GF (q i + 1 ). Means for generating a generator polynomial candidate; selecting means for selecting one of the generator polynomial candidates f (x); first checking means for checking whether the selected candidate f (x) is irreducible When the first checking means determines that it is not irreducible, means for causing the selecting means to make a selection again, and when the first checking means determines that it is irreducible, the selected candidate f (x) is formed in a regular manner. A second inspection means for inspecting whether there is, a means for causing the selection means to make a selection again when the second inspection means determines that it is not regular, and a candidate f for which the second inspection means determines that it is irregular.
A generator for generating a normal basis. 【請求項7】 請求項6記載の生成多項式生成装置にお
いて、 GF(qi)からGF(qi+1)への2次拡大に用いら
れ、 上記生成多項式候補を生成する手段はv0=u2(ただ
し、uはGF(qi)の元)であり、x2+v1x+v0
あらわすことができる生成多項式候補を生成する手段で
あることを特徴とする多項式基底の生成多項式生成装
置。7. The generator polynomial generating apparatus according to claim 6, GF (q i) used in second expansion to GF (q i + 1) from the means for generating the generator polynomial candidate v 0 = u 2 (where u is an element of GF (q i )), which is a means for generating a generator polynomial candidate that can be expressed as x 2 + v 1 x + v 0 , wherein a generator polynomial generator for a polynomial base is provided. . 【請求項8】 入力A=(A0,A1)、出力A2
(C0,C1)が正規基底α,βによるGF(qn)=G
F(qn-1 2)上の元が二つのGF(qn-1)上の元によ
り表現され(qnは素数又は素数のべき乗である)、A
=A0α+A1β,A2=C0α+C1βであり、α,βを
解にもつGF(qn-1)上の2次生成多項式をf(x)
=x2+v1x+v0とし、v0=u2,u∈GF(qn-1
であってAを入力し、A2 を出力する有限体GF(q
n-1)の2次拡大GF(qn)=GF(qn- 1)上の楕円
曲線自乗演算装置のコンピュータに、 A0及びA1を入力する処理と、 A0とA1からA0−A1→L1を演算する処理と、 v0とv1とL1とから(u/v1)L1→L2を演算する処
理と、 L2とAとからL2+A0→L3を演算する処理と、 L2とAからL2−A0→L4を演算する処理と、 A1とL2とからL2+A1→L5を演算する処理と、 A1とL2とからL2−A1→L6を演算する処理と、 L3とL4からL34→L7を演算する処理と、 L5とL6からL56→L8を演算する処理と、 L7と−v1から−v17→C0を演算して出力する処理
と、 L8と−v1から−v18→C1を演算して出力する処理
と、 を実行させるプログラムを記録した記録媒体。8. An input A = (A 0 , A 1 ) and an output A 2 =
(C 0 , C 1 ) is GF (q n ) = G by the normal basis α, β
An element on F (q n-1 2 ) is represented by two elements on GF (q n-1 ) (q n is a prime number or a power of a prime number), and A
= A 0 α + A 1 β, A 2 = C 0 α + C 1 β, and a second-order generator polynomial on GF (q n−1 ) having α and β as solutions is f (x)
= X 2 + v 1 x + v 0 , v 0 = u 2 , u∈GF (q n-1 )
And input A and output A 2 finite field GF (q
to n-1) of the quadratic extension GF (q n) = GF ( q n- 1) of the elliptic curve squaring device on a computer, a process of inputting A 0 and A 1, from the A 0 and A 1 A 0− A 1 → L 1 , v 0 , v 1, and L 1 (u / v 1 ) L 1 → L 2 , L 2 , A and L 2 + A 0 → a process of calculating L 3 , a process of calculating L 2 −A 0 → L 4 from L 2 and A, a process of calculating L 2 + A 1 → L 5 from A 1 and L 2 , A 1 a process of calculating the L 2 -A 1 → L 6 from L 2 Prefecture and, L 3 and from L 4 and the process of calculating the L 3 L 4 → L 7, L 5 and from L 6 L 5 L 6 → L 8 and the process of calculating the a process of outputting the L 7 and -v 1 calculates the -v 1 L 7 → C 0, to compute the -v 1 L 8 → C 1 from L 8 and -v 1 A recording medium on which a process for outputting and a program for executing are executed. 【請求項9】 有限体GF(qi)(qiは素数又は素数
のべき乗である)からGF(qi+1 m)へm次拡大を行う
ために用いる生成多項式を生成する多項式基底の生成多
項式生成装置のコンピュータに、 生成多項式候補を生成する生成多項式候補生成処理と、 生成多項式候補f(x)を選択入力する選択入力処理
と、 選択入力された候補f(x)が、既約であるか否かを検
査する検査処理と、 その検査処理の結果が既約であれば、生成多項式として
その候補f(x)を出力し、検査処理結果が既約でなけ
れば上記選択入力処理へもどってやりなおす処理とを実
行させるプログラムを記録した記録媒体。9. A polynomial basis for generating a generator polynomial used to perform m-order expansion from a finite field GF (q i ) (q i is a prime number or a power of a prime number) to GF (q i + 1 m ) Generating polynomial candidate generating processing for generating a generating polynomial candidate, selecting input processing for selecting and inputting a generating polynomial candidate f (x), and selecting and inputting the candidate f (x) Inspection processing for inspecting whether or not the above is satisfied. If the result of the inspection processing is irreducible, the candidate f (x) is output as a generator polynomial. A recording medium on which is recorded a program for executing a process of returning to and executing. 【請求項10】 請求項9記載の記録媒体において、 GF(qi)からGF(qi+1)への2次拡大に用いら
れ、 上記生成多項式候補生成処理はv1=1であるx2+v1
x+v0(ただし、v0,v1はGF(qi)の元)なる生
成多項式候補を生成する処理であることを特徴とする記
録媒体。10. A recording medium according to claim 9, used from GF (q i) on the secondary expansion of the GF (q i + 1), the generator polynomial candidate generation processing is v 1 = 1 x 2 + v 1
x + v 0 (where v 0 and v 1 are elements of GF (q i )), which is a process for generating a generator polynomial candidate. 【請求項11】 請求項9記載の記録媒体において、 GF(qi)からGF(qi+1)への2次拡大に用いら
れ、 上記生成多項式候補生成処理はv1=0であるx2+v1
x+v0(ただし、v0,v1はGF(qi)の元)なる生
成多項式候補を生成する処理であることを特徴とする記
録媒体。11. The recording medium according to claim 9, which is used for quadratic expansion from GF (q i ) to GF (q i + 1 ), and wherein the generator polynomial candidate generation processing is performed by x where v 1 = 0. 2 + v 1
x + v 0 (where v 0 and v 1 are elements of GF (q i )), which is a process for generating a generator polynomial candidate. 【請求項12】 請求項11記載の記録媒体において、 上記生成多項式候補生成処理はv0=u2(ただし、
1,v0,uはGF(qi)の元)と表すことの出来る
2+v1x+v0なる生成多項式候補を生成する処理で
あることを特徴とする記録媒体。12. The recording medium according to claim 11, wherein the generating polynomial candidate generating process includes v 0 = u 2 (where,
v 1, v 0, u is a recording medium which is a process of generating a x 2 + v 1 x + v 0 becomes generator polynomial candidates that can be expressed as the original) of GF (q i). 【請求項13】 有限体GF(qi)(qiは素数又は素
数のべき乗である)からGF(qi+1)へm次拡大を行
うために用いる生成多項式を生成する正規基底の生成多
項式生成装置のコンピュータに、 生成多項式候補を生成する生成多項式候補生成処理と、 生成多項式候補f(x)を選択入力する選択入力処理
と、 選択入力した候補f(x)が、既約であるか否かを検査
する第1検査処理と、 第1検査処理の結果が既約でなければ上記選択入力処理
へもどり、既約であれば上記候補f(x)が、正則であ
るか否か検査する第2検査処理と、 第2検査処理の結果が正則ならばその候補f(x)を出
力し、正則でなければ上記選択入力処理にもどる処理
と、 を実行させるプログラムを記録した記録媒体。13. Generation of a normal basis for generating a generator polynomial used for performing m-order expansion from a finite field GF (q i ) (q i is a prime number or a power of a prime number) to GF (q i + 1 ). The computer of the polynomial generation apparatus generates a generator polynomial candidate, generates a generator polynomial candidate, selects and inputs a generator polynomial candidate f (x), and selects and inputs the selected candidate f (x). A first check process for checking whether or not the candidate f (x) is regular if the result of the first check process is not irreducible; A second inspection process to be inspected, a candidate f (x) is output if the result of the second inspection process is irregular, and if not, the process returns to the selection input process. . 【請求項14】 請求項13記載の記録媒体において、 GF(qi)からGF(qi+1)への2次拡大に用いら
れ、 上記生成多項式候補生成処理はv0=u2と表わせる生成
多項式候補x2+v1x+v0(ただし、uはGF(qi
の元)を生成する処理であることを特徴とする記録媒
体。14. The recording medium according to claim 13, which is used for quadratic expansion from GF (q i ) to GF (q i + 1 ), and wherein the generator polynomial candidate generation processing is expressed as v 0 = u 2. Generator polynomial candidate x 2 + v 1 x + v 0 (where u is GF (q i )
A recording medium characterized by processing for generating
JP2000016019A 2000-01-25 2000-01-25 Elliptic curve square computing device and program recording medium Expired - Lifetime JP3638493B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2000016019A JP3638493B2 (en) 2000-01-25 2000-01-25 Elliptic curve square computing device and program recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2000016019A JP3638493B2 (en) 2000-01-25 2000-01-25 Elliptic curve square computing device and program recording medium

Related Child Applications (2)

Application Number Title Priority Date Filing Date
JP2004262980A Division JP3935902B2 (en) 2004-09-09 2004-09-09 Generator polynomial generator and program recording medium thereof
JP2004262981A Division JP3935903B2 (en) 2004-09-09 2004-09-09 Generator polynomial generator and program recording medium thereof

Publications (2)

Publication Number Publication Date
JP2001209315A true JP2001209315A (en) 2001-08-03
JP3638493B2 JP3638493B2 (en) 2005-04-13

Family

ID=18543228

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2000016019A Expired - Lifetime JP3638493B2 (en) 2000-01-25 2000-01-25 Elliptic curve square computing device and program recording medium

Country Status (1)

Country Link
JP (1) JP3638493B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005284111A (en) * 2004-03-30 2005-10-13 Japan Science & Technology Agency Method and device for high speed arithmetic processing of elliptic curve cryptosystem

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005284111A (en) * 2004-03-30 2005-10-13 Japan Science & Technology Agency Method and device for high speed arithmetic processing of elliptic curve cryptosystem

Also Published As

Publication number Publication date
JP3638493B2 (en) 2005-04-13

Similar Documents

Publication Publication Date Title
US6876745B1 (en) Method and apparatus for elliptic curve cryptography and recording medium therefore
US7254600B2 (en) Masking of factorized data in a residue number system
US7904498B2 (en) Modular multiplication processing apparatus
US20210243006A1 (en) Integrated circuit for modular multiplication of two integers for a cryptographic method, and method for the cryptographic processing of data based on modular multiplication
Kaihara et al. A hardware algorithm for modular multiplication/division
JP6629466B2 (en) Security calculation system, security calculation device, security calculation method, program
US8300810B2 (en) Method for securely encrypting or decrypting a message
US6430588B1 (en) Apparatus and method for elliptic-curve multiplication and recording medium having recorded thereon a program for implementing the method
Abdulrahman et al. High-speed hybrid-double multiplication architectures using new serial-out bit-level mastrovito multipliers
Adikari et al. A new algorithm for double scalar multiplication over Koblitz curves
JP4354609B2 (en) Simultaneous equation solving apparatus and inverse element computing apparatus on finite field
US20060274894A1 (en) Method and apparatus for cryptography
KR101128505B1 (en) method and apparatus for modular multiplication
JP2001209315A (en) Elliptic curve square computing device, generating polynomial generator and program recording medium therefor
US20170026178A1 (en) Computational method, computational device andcomputer software product for montgomery domain
US7526518B2 (en) Galois field multiplication system and method
CN113467752B (en) Division operation device, data processing system and method for private calculation
KR101707334B1 (en) Apparatus for efficient elliptic curve cryptography processor and method for the same
JP4543143B2 (en) Elliptic curve encryption device, elliptic curve cryptography calculation method
JP3329440B2 (en) Arithmetic device for multiple generators using pre-calculation and its program recording medium
JP4629972B2 (en) Vector computing device, divided value computing device, elliptic curve scalar multiplication device, elliptic cryptography computing device, vector computing method, program, and computer-readable recording medium recording the program
WO2022009384A1 (en) Final exponentiation calculation device, pairing calculation device, code processing unit, final exponentiation calculation method, and final exponentiation calculation program
JP3966714B2 (en) Cryptographic processing method, program thereof, and recording medium thereof
JP2004355031A (en) Generator polynomial generating device and program recording medium therefor
JP2022134466A (en) Multiplication device, multiplication method, and multiplication program

Legal Events

Date Code Title Description
A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20040713

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20040909

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20041005

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20041112

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20041214

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20050111

R151 Written notification of patent or utility model registration

Ref document number: 3638493

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R151

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20080121

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090121

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090121

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20100121

Year of fee payment: 5

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110121

Year of fee payment: 6

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110121

Year of fee payment: 6

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120121

Year of fee payment: 7

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130121

Year of fee payment: 8

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

EXPY Cancellation because of completion of term