JP4341889B2 - Elliptical product-sum operation calculation method, elliptic product-sum operation calculation device, program, and recording medium - Google Patents
Elliptical product-sum operation calculation method, elliptic product-sum operation calculation device, program, and recording medium Download PDFInfo
- Publication number
- JP4341889B2 JP4341889B2 JP2003020546A JP2003020546A JP4341889B2 JP 4341889 B2 JP4341889 B2 JP 4341889B2 JP 2003020546 A JP2003020546 A JP 2003020546A JP 2003020546 A JP2003020546 A JP 2003020546A JP 4341889 B2 JP4341889 B2 JP 4341889B2
- Authority
- JP
- Japan
- Prior art keywords
- case
- order
- executed
- operation executed
- operations
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Description
【0001】
【発明の属する技術分野】
本発明は、暗号技術などに用いられる、素体Fp上の3次関数の複数の点の楕円積和演算を高速に実現する方法及び装置、プログラム、並びに、そのプログラムを記録した記録媒体に関する。
【0002】
【従来の技術】
楕円暗号では、素体(有限体)上の楕円曲線EP
Ep:y2≡x3+αx+β(mod p),α,β∈Fp,4α3+27β2≠0
上の整数点(x,y)の解集合をメッセージ空間とみなす。つまり、楕円曲線上の点を有限の整数値(0以上p未満)に限定し、演算はこの上限値pで割った余りとする(mod演算)。
【0003】
いま、素体FP上の楕円曲線EP上の2点をP(x1,y1),Q(x2,y2)とし、T=aP+bQを求める値とする。T(x3,y3)も楕円曲線EP上の点である。図12に、従来の算出手順のフローチャートを示す。ただし、aとbは
【0004】
【数10】
のように2進表現し、a,bの第iビット目の係数を各々cI,di(∈{0,1})とする。kはak≠0、またはbk≠0となる最大の整数である。また、楕円曲線上の各種演算の定義を以下の通りとする。
【0006】
楕円2倍演算T=2Pは、
1.P=(0,0)の場合は、x3=0,y3=0
2.P≠(0,0)の場合は、
【0007】
【数11】
【0008】
また、楕円加算演算T=P+Qは、
3.P=(0,0)の場合は、x3=x2,y3=y2
4.P≠(0,0)、かつQ=(0,0)の場合は、x3=x1,y3=y1
5.P≠(0,0)、かつQ=(0,0)、かつP+Q=(0,0)の場合は、x3=0,y3=0
6.P≠(0,0)、かつQ≠(0,0)かつP+Q≠(0,0)の場合は、
【0009】
【数12】
【0010】
図12のフローチャートは、次の処理を実行するものである。
T←0
for(i=k;i≧0;i−−){
if((ci==0)&&(di==0))then{T←2T}
if((ci==1)&&(di==0))then{T←2T;T←T+P}
if((ci==0)&&(di==1))then{T←2T;T←T+Q}
if((ci==1)&&(di==1))then{T←2T;T←T+(P+Q)}
}
Return T
初期値としてTに0を設定し、i=k,k−1,…,2,1,0の順番に、(ai,bi)の値(00)、(01)、(10)、(11)にしたがって所定の演算を繰り返し実行し、最終結果のTを求める。
【0011】
図12に示した処理手順にしたがって、上記で定義したkを用いて、従来の算出手順に必要な楕円加減算と楕円2倍算の必要回数を示すと、図13のようになる。楕円曲線上の対象点が増加すると、この必要回数は更に増大する。
【0012】
【発明が解決しようとする課題】
本発明の目的は、素体(有限体)上の楕円曲線上の相異なる複数の点を各々整数倍し、かつ、該整数倍した結果を加算する楕円積和演算を、従来技術に比べて高速に行うことを可能とする方法及び装置、プログラム並びに、そのプログラムを記録した記録媒体を提供することにある。
【0013】
【課題を解決するための手段】
本発明では、pを素数とする素体Fpとし、
Ep:y2≡x3+αx+β(mod p),α,β∈Fp,4α3+27β2≠0
で定義される素体Fp上の楕円曲線Ep上の相異なるn個の点をP1〜Pnとし、互いに独立なn組の整数mi(i=1,2,…,n)として場合、n組の整数miを、
【数13】
mi 2k+1+mi 2k+mi 2k−1≠0,
となるような最大のkを定義して、楕円積和演算計算
【数14】
いま、 Mi 2 j+ 1=4mi 2 j+ 1+2mi 2 j+mi 2 j− 1(j≧0)として、uiとviを次のように定義する。
【数15】
最初、j=kにおいて、
【数17】
【数18】
ここで、式(4)と(5)の楕円2倍算、楕円加減算等の演算パターンはM1 2 j+ 1,M2 2 j+ 1,…,Mn 2 j+ 1の各値の組み合せで一義的に定まる。そこでM1 2 j+ 1,M2 2 j+ 1,…,Mn 2 j+ 1の値と式(4)、(5)の演算パターンの取り得る組み合せをあらかじめ決めておく。
制御回路は、パラメータP1〜Pn、演算結果Tの初期値としてT=0を記憶回路に格納し、n組の整数m1〜mnから、j=k,k−1,k−2,1…,0の順番に、順次、2ビットずつシフトして、(M1 2 j+ 1,M2 2 j+ 1,…,Mn 2 j+ 1)を選択し、その値により、式(4)、(5)の演算パターンを演算回路に指示する。
演算回路は、前記制御回路からの指示にもとづき、記憶回路からP1〜Pn、Tを読み出して、指示された演算パターンの演算を実行し、演算結果のTを記憶回路に戻すようにする。
【0015】
【発明の実施の形態】
以下、本発明の一実施の形態について説明する。
ここでは、pを素数とする素体(有限体)上の楕円曲線EP
Ep:y2≡x3+αx+β (mod p)
上の3点をP(x1,y1)、Q(x2,y2)、R(x3,y3)とし、楕円積和演算
T=aP+bQ+cR
を求める値とする。T(x4,y4)も楕円曲線EP上の点である。ただし、a,b,cは
【0016】
【数19】
のように2進表現し、a,b,cの第iビット目の係数ai,bi,ciを、i≧0の場合、ai,bi,ci∈{0,1}とする。また、a-1=b-1=c-1=0とする。kはa2k+1+a2k+a2k-1≠0、またはb2k+1+b2k+b2k-1≠0、またはc2k+1+c2k+c2k-1≠0となるような最大の整数とする。更に、A2i+1=4a2 i +1+2a2i+a2 i -1、B2i+1=4b2 i +1+2b2i+b2 i -1、C2i+1=4c2 i +1+2c2i+c2 i -1(i≧0)とする。
【0018】
図1に本楕円積和演算計算装置の構成例を示す。図1において、制御回路(CPU)100は全体の動作の制御を司る。この制御回路100は、aとbとcを保持するレジスタ、変数iをカウントするカウンタなどを内蔵し、整数a,b,cから、i=k,k−1,…,2,1,0の順番に2ビットずつシフトして、順次、A2i+1,B2i+1,C2i+1を選択し、その値に応じて、記憶回路110に対して所定データの読出しを指示し、演算回路120に対して演算の種類と実行順序(演算パターン)を指示する。記憶回路110は、P,Q,R,T(初期値は0)のデータなどを格納しており、制御回路100の指示されたデータを読み出して演算回路120に与える。演算回路120は2倍演算、加算、減算などの演算を行う機能を有し、記憶回路110から与えられたデータを入力として、制御回路100の指示された演算を、指示された順序で実行し、演算結果のTを記憶回路110に戻す。
【0019】
図2に、本楕円積和演算計算装置の概略処理フローチャートを示す。制御回路100の制御下で、パラメータP,Q,R,a,b,cなどを入力し、P,Q,Rは記憶回路110に格納し、a,b,cは制御回路100の内部レジスタに設定する(ステップ210)。次に、制御回路100により記憶回路110、演算回路120の動作を制御してT=aP+bQ+cRの計算を実行し(ステップ220)、その計算結果Tを出力する(ステップ230)。
【0020】
図3乃至図7は、図2のT=aP+bQ+cRの計算部分(ステップ220)の詳細処理フローチャートである。また、図8乃至図10は、図3〜図7中のケース(Case)1〜125の内容を示している。図8乃至図10において、例えば、ケース1は、A2 i+ 1が0または7、B2 i+ 1が0または7、同じくC2 i+ 1が0または7の場合、まず、T=2Tを演算し、引き続いて、またT=2Tを演算することを意味する。他のケースについても同様である。
【0021】
図3〜図7のフローチャートは、次の処理を実行するものである。なお、実際の演算の実行にあたっては、2倍算と加減算が含まれる場合には、まず、2倍算を行い、次に加減算を行うことになる。
T←0
for(i=k;i≧0;i−−){
if(Case 1)then{T←2T;T←2T}
else if(Case 2)then{T←2T;T←2T+R}
else if(Case 3)then{T←2T+R;T←2T}
else if(Case 4)then{T←2T−R;T←2T}
else if(Case 5)then{T←2T;T←2T−R}
else if(Case 6)then{T←2T;T←2T+Q}
else if(Case 7)then{T←2T;T←2T+(Q+R)}
else if(Case 8)then{T←2T+R;T←2T+Q}
else if(Case 9)then{T←2T−R;T←2T+Q}
else if(Case 10)then{T←2T;T←2T+(Q−R)}
else if(Case 11)then{T←2T+Q;T←2T}
else if(Case 12)then{T←2T+Q;T←2T+R}
else if(Case 13)then{T←2T+(Q+R);T←2T}
else if(Case 14)then{T←2T+(Q−R);T←2T}
else if(Case 15)then{T←2T+Q);T←2T−R}
else if(Case 16)then{T←2T−Q;T←2T}
else if(Case 17)then{T←2T−Q;T←2T+R}
else if(Case 18)then{T←2T−(Q−R);T←2T}
else if(Case 19)then{T←2T−(Q+R);T←2T}
else if(Case 20)then{T←2T−Q;T←2T−R}
else if(Case 21)then{T←2T;T←2T−Q}
else if(Case 22)then{T←2T;T←2T−(Q−R)}
else if(Case 23)then{T←2T+R;T←2T−Q}
else if(Case 24)then{T←2T−R;T←2T−Q}
else if(Case 25)then{T←2T;T←2T−(Q+R)}
else if(Case 26)then{T←2T;T←2T+P}
else if(Case 27)then{T←2T;T←2T+(P+R)}
else if(Case 28)then{T←2T+R;T←2T+P}
else if(Case 29)then{T←2T−R;T←2T+P}
else if(Case 30)then{T←2T;T←2T−(P−R)}
else if(Case 31)then{T←2T;T←2T+(P+Q)}
else if(Case 32)then{T←2T;T←2T+(P+Q+R)}
else if(Case 33)then{T←2T+R;T←2T+(P+Q)}
else if(Case 34)then{T←2T−R;T←2T+(P+Q)}
else if(Case 35)then{T←2T;T←2T+(P+Q−R)}
else if(Case 36)then{T←2T+Q;T←2T+P}
else if(Case 37)then{T←2T+Q;T←2T+(P+R)}
else if(Case 38)then{T←2T+(Q+R);T←2T+P}
else if(Case 39)then{T←2T+(Q−R);T←2T+P}
else if(Case 40)then{T←2T+Q;T←2T+(P−R)}
else if(Case 41)then{T←2T−Q;T←2T+P}
else if(Case 42)then{T←2T−Q;T←2T+(P+R)}
else if(Case 43)then{T←2T−(Q−R);T←2T+P}
else if(Case 44)then{T←2T−(Q+R);T←2T+P}
else if(Case 45)then{T←2T−Q;T←2T+(P−R)}
else if(Case 46)then{T←2T;T←2T+(P−Q)}
else if(Case 47)then{T←2T;T←2T+(P−Q+R)}
else if(Case 48)then{T←2T+R;T←2T+(P−Q)}
else if(Case 49)then{T←2T−R;T←2T+(P−Q)}
else if(Case 50)then{T←2T;T←2T+(P−Q−R)}
else if(Case 51)then{T←2T+P;T←2T}
else if(Case 52)then{T←2T+P;T←2T+R}
else if(Case 53)then{T←2T+(P+R);T←2T}
else if(Case 54)then{T←2T(P−R);T←2T}
else if(Case 55)then{T←2T+P;T←2T−R}
else if(Case 56)then{T←2T+P;T←2T+Q}
else if(Case 57)then{T←2T+P;T←2T+(Q+R)}
else if(Case 58)then{T←2T+(P+R);T←2T+Q}
else if(Case 59)then{T←2T+(P−R);T←2T+Q}
else if(Case 60)then{T←2T+P;T←2T+(Q−R)}
else if(Case 61)then{T←2T+(P+Q);T←2T}
else if(Case 62)then{T←2T+(P+Q);T←2T+R}
else if(Case 63)then{T←2T+(P+Q+R);T←2T}
else if(Case 64)then{T←2T+(P+Q−R);T←2T}
else if(Case 65)then{T←2T+(P+Q);T←2T−R}
else if(Case 66)then{T←2T+(P−Q);T←2T}
else if(Case 67)then{T←2T+(P−Q);T←2T+R}
else if(Case 68)then{T←2T+(P−Q+R);T←2T}
else if(Case 69)then{T←2T+(P−Q−R);T←2T}
else if(Case 70)then{T←2T+(P−Q);T←2T−R}
else if(Case 71)then{T←2T+P;T←2T−Q}
else if(Case 72)then{T←2T+P;T←2T−(Q−R)}
else if(Case 73)then{T←2T+(P+R);T←2T−Q}
else if(Case 74)then{T←2T+(P−R);T←2T−Q}
else if(Case 75)then{T←2T+P;T←2T−(Q+R)}
else if(Case 76)then{T←2T−P;T←2T}
else if(Case 77)then{T←2T−P;T←2T+R}
else if(Case 78)then{T←2T−(P−R);T←2T}
else if(Case 79)then{T←2T−(P+R);T←2T}
else if(Case 80)then{T←2T−P;T←2T−R}
else if(Case 81)then{T←2T−P;T←2T+Q}
else if(Case 82)then{T←2T−P;T←2T+(Q+R)}
else if(Case 83)then{T←2T−(P−R);T←2T+Q}
else if(Case 84)then{T←2T−(P+R);T←2T+Q}
else if(Case 85)then{T←2T−P;T←2T+(Q−R)}
else if(Case 86)then{T←2T−(P−Q);T←2T}
else if(Case 87)then{T←2T−(P−Q);T←2T+R}
else if(Case 88)then{T←2T−(P−Q−R);T←2T}
else if(Case 89)then{T←2T−(P−Q+R);T←2T}
else if(Case 90)then{T←2T−(P−Q);T←2T−R}
else if(Case 91)then{T←2T−(P+Q);T←2T}
else if(Case 92)then{T←2T−(P+Q);T←2T+R}
else if(Case 93)then{T←2T−(P+Q−R);T←2T}
else if(Case 94)then{T←2T−(P+Q+R);T←2T}
else if(Case 95)then{T←2T−(P+Q);T←2T−R}
else if(Case 96)then{T←2T−P;T←2T−Q}
else if(Case 97)then{T←2T−P;T←2T−(Q−R)}
else if(Case 98)then{T←2T−(P−R);T←2T−Q}
else if(Case 99)then{T←2T−(P+R);T←2T−Q}
else if(Case100)then{T←2T−P;T←2T−(Q+R)}
else if(Case101)then{T←2T;T←2T−P}
else if(Case102)then{T←2T;T←2T−(P−R)}
else if(Case103)then{T←2T+R;T←2T−P}
else if(Case104)then{T←2T−R;T←2T−P}
else if(Case105)then{T←2T;T←2T−(P+R)}
else if(Case106)then{T←2T;T←2T−(P−Q)}
else if(Case107)then{T←2T;T←2T−(P−Q−R)}
else if(Case108)then{T←2T+R;T←2T−(P−Q)}
else if(Case109)then{T←2T−R;T←2T−(P−Q)}
else if(Case110)then{T←2T;T←2T−(P−Q+R)}
else if(Case111)then{T←2T+Q;T←2T−P}
else if(Case112)then{T←2T+Q;T←2T−(P−R)}
else if(Case113)then{T←2T+(Q+R);T←2T−P}
else if(Case114)then{T←2T+(Q−R);T←2T−P}
else if(Case115)then{T←2T+Q;T←2T−(P+R)}
else if(Case116)then{T←2T−Q;T←2T−P}
else if(Case117)then{T←2T−Q;T←2T−(P−R)}
else if(Case118)then{T←2T−(Q−R);T←2T−P}
else if(Case119)then{T←2T−(Q+R);T←2T−P}
else if(Case120)then{T←2T−Q;T←2T−(P+R)}
else if(Case121)then{T←2T;T←2T−(P+Q)}
else if(Case122)then{T←2T;T←2T−(P+Q−R)}
else if(Case123)then{T←2T+R;T←2T−(P+Q)}
else if(Case124)then{T←2T−R;T←2T−(P+Q)}
else if(Case125)then{T←2T;T←2T−(P+Q+R)}
}
【0022】
上記処理手順のプログラム(これを楕円積和演算計算プログラムと称す)は、コンピュータが読み取り可能な記録媒体、例えばFDやメモリカード、コンパクトディスク(CD−ROM)などに記録して提供することが可能である。制御回路100が、この記録媒体に記録されたの楕円積和演算計算プログラムを読み込み実行することで、図3〜図7の処理フローが実現する。なお、制御回路100は、この楕円積和演算計算プログラムを記録したROMをあらかじめ保持しておくことでもよい。
【0023】
なお、図3〜図7に示した処理手順において、P+Q,P−Q,P+R,P−R,Q+R,Q−R,P+Q+R,P+Q−R,P−Q+R,P−Q−Rは予め計算して記憶回路110に記憶しておき、それを使用することでもよい。この場合、Tは楕円2倍算と楕円加減算の2ステップで実施できる。
【0024】
図11は、制御回路100の別の実施形態であり、図3〜図7の処理をハードウェアロックで実現した構成例を示したものである。図11において、101はa,b,cを格納したシフトレジスタであり、シフトロックにより2ビットずつシフトし、i=k、k−1,…,2,1,0の順番に、順次、A2i+1,B2i+1,C2i+1を読み出すことを実現する。デコーダ102−1〜102−125は図8〜図10のケース1〜125に対応し、シフトレジスタ101の出力A2i+1,B2i+1,C2i+1を並列にデコードし、いずれかで一致した場合、該当デコーダが一致信号を出力する。演算制御テーブル103は、ケース1−125に対応した演算パターンの演算コマンド群を保持しており、デコーダ102−1〜102−125のデコード出力にもとづいて、対応する演算コマンド群の制御下で、記憶回路110に対して所望データの読出しを指示し、演算回路120に対しては演算の種類とその実行順序を指示する。
【0025】
図11の構成によれば、図3〜図7のケース1〜125の場合分けが並列に処理でき、さらに高速化が実現する。また、ハードロジックとすることにより、制御回路100と記憶回路110と演算回路120とを一体構成にした半導体集積回路が実現可能である。
【0026】
以上、本発明の一実施形態を説明したが、本発明は、先の式(1)〜(5)のアルコリズムを適用して、一般に楕円曲線上の相異なる複数の点を対象に楕円積和を実現できることは云うまでもない。例えば、図11のハードロジックの場合には、シフトレジスタ101が一般にn個となり、デコーダ102と演算制御テーブル103は演算パターンの場合分けが増加する分、追加すればよい。
【0027】
【発明の効果】
以上説明したように、本発明によれば、素体FP上の楕円曲線EP上の相異なる複数の点を各々整数倍し、かつ整数倍した結果を加算する楕円積和演算を、高速に実施できる利点がある。
【図面の簡単な説明】
【図1】本発明の一実施形態の楕円積和演算装置の構成例を示すブロック図である。
【図2】図1の楕円積和演算装置の全体的処理フローチャートである。
【図3】図2の積和演算計算部分の詳細処理フローチャートである。
【図4】図3のつづきのフローチャートである。
【図5】図4のつづきのフローチャートである。
【図6】図5のつづきのフローチャートである。
【図7】図6のつづきのフローチャートである。
【図8】図3〜図7の演算種別、実行順序の場合分けを示す図である。
【図9】同じく図3〜図7の演算種別、実行順序の場合わけを示す図である。
【図10】同じく図3〜図7の演算種別、実行順序の場合わけを示す図である。
【図11】図1の制御回路の機能をハードロジックで実現した構成例を示す図である。
【図12】従来手法による楕円積和演の処理フローチャートである。
【図13】図12の従来手法の算出処理に必要な楕円加算演算と楕円2倍演算の回数を示す図である。
【符号の説明】
100 制御回路
110 記憶回路
120 演算回路[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a method and apparatus, a program, and a recording medium on which the program is recorded that realizes high-speed elliptic product-sum operation of a plurality of points of a cubic function on a prime field F p used in encryption technology and the like. .
[0002]
[Prior art]
In elliptic cryptography, an elliptic curve E P on a prime field (finite field)
E p : y 2 ≡x 3 + αx + β (mod p), α, β∈F p , 4α 3 + 27β 2 ≠ 0
The solution set of the upper integer points (x, y) is regarded as the message space. That is, the points on the elliptic curve are limited to a finite integer value (0 or more and less than p), and the calculation is the remainder divided by this upper limit value p (mod calculation).
[0003]
Now, let P (x 1 , y 1 ) and Q (x 2 , y 2 ) be two points on the elliptic curve E P on the prime field F P , and let T = aP + bQ be a value to be obtained. T (x 3 , y 3 ) is also a point on the elliptic curve E P. FIG. 12 shows a flowchart of a conventional calculation procedure. However, a and b are [0004]
[Expression 10]
And the coefficients of the i-th bit of a and b are c I and d i (∈ {0,1}), respectively. k is the largest integer that satisfies a k ≠ 0 or b k ≠ 0. The definitions of various operations on the elliptic curve are as follows.
[0006]
Ellipse doubling operation T = 2P is
1. When P = (0, 0), x 3 = 0, y 3 = 0
2. If P ≠ (0,0),
[0007]
[Expression 11]
[0008]
The ellipse addition operation T = P + Q is
3. When P = (0,0), x 3 = x 2 , y 3 = y 2
4). When P ≠ (0,0) and Q = (0,0), x 3 = x 1 , y 3 = y 1
5. If P ≠ (0,0), Q = (0,0), and P + Q = (0,0), x 3 = 0, y 3 = 0
6). If P ≠ (0,0), Q ≠ (0,0) and P + Q ≠ (0,0),
[0009]
[Expression 12]
[0010]
The flowchart of FIG. 12 performs the following processing.
T ← 0
for (i = k; i ≧ 0; i −−) {
if ((c i == 0) && (d i == 0)) then {T ← 2T}
if ((c i == 1) && (d i == 0)) then {T ← 2T; T ← T + P}
if ((c i == 0) && (d i == 1)) then {T ← 2T; T ← T + Q}
if ((c i == 1) && (d i == 1)) then {T ← 2T; T ← T + (P + Q)}
}
Return T
As an initial value, T is set to 0, and the values (00), (01), (10), (a i , b i ) in the order of i = k, k−1,. A predetermined calculation is repeatedly executed according to (11), and the final result T is obtained.
[0011]
FIG. 13 shows the required number of elliptical addition / subtraction and elliptical doubling required for the conventional calculation procedure using k defined above according to the processing procedure shown in FIG. As the number of target points on the elliptic curve increases, this required number further increases.
[0012]
[Problems to be solved by the invention]
An object of the present invention is to perform an elliptic product sum operation in which a plurality of different points on an elliptic curve on a prime field (finite field) are each multiplied by an integer, and the result obtained by multiplying the integer is added compared to the prior art. It is an object of the present invention to provide a method and apparatus that can be performed at high speed, a program, and a recording medium that records the program.
[0013]
[Means for Solving the Problems]
In the present invention, a prime field F p in which p is a prime number,
E p : y 2 ≡x 3 + αx + β (mod p), α, β∈F p , 4α 3 + 27β 2 ≠ 0
In defined as different n points on an elliptic curve over the prime field Fp Ep and P 1 to P n, mutually independent n sets integer m i (i = 1,2, ... , n) When a , N sets of integers m i
[Formula 13]
m i 2k + 1 + m i 2k + m i 2k−1 ≠ 0,
Define the maximum k that gives
Now, u i and v i are defined as follows, where M i 2 j + 1 = 4m i 2 j + 1 +2 m i 2 j + m i 2 j− 1 (j ≧ 0).
[Expression 15]
First, at j = k,
[Expression 17]
[Formula 18]
Here, the calculation patterns such as elliptical doubling and elliptical addition / subtraction in equations (4) and (5) are unambiguous by combinations of the values of M 1 2 j + 1 , M 2 2 j + 1 ,..., M n 2 j + 1. Is determined. Therefore, possible combinations of the values of M 1 2 j + 1 , M 2 2 j + 1 ,..., M n 2 j + 1 and the calculation patterns of equations (4) and (5) are determined in advance.
The control circuit stores parameters P 1 to P n and T = 0 as the initial value of the operation result T in the memory circuit, and j = k, k−1, k−2 from n sets of integers m 1 to mn. , 1..., 0, and sequentially shifting by 2 bits to select (M 1 2 j + 1 , M 2 2 j + 1 ,..., M n 2 j + 1 ). ) And (5) are instructed to the arithmetic circuit.
The arithmetic circuit reads P 1 to P n , T from the storage circuit based on the instruction from the control circuit, executes the operation of the instructed operation pattern, and returns the operation result T to the storage circuit. .
[0015]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, an embodiment of the present invention will be described.
Here, an elliptic curve E P on a prime field (finite field) where p is a prime number
E p : y 2 ≡x 3 + αx + β (mod p)
The upper three points are P (x 1 , y 1 ), Q (x 2 , y 2 ), and R (x 3 , y 3 ), and the elliptic product-sum operation T = aP + bQ + cR
Is a value to be obtained. T (x 4 , y 4 ) is also a point on the elliptic curve E P. However, a, b and c are [0016]
[Equation 19]
And when the coefficients a i , b i , and c i of the i-th bits of a, b, and c are i ≧ 0, a i , b i , c i ∈ {0, 1} And Also, a −1 = b −1 = c −1 = 0. k is the largest integer such that a 2k + 1 + a 2k + a 2k-1 ≠ 0, or b 2k + 1 + b 2k + b 2k-1 ≠ 0, or c 2k + 1 + c 2k + c 2k-1 ≠ 0 To do. Furthermore, A 2i + 1 = 4a 2 i +1 + 2a 2i + a 2 i -1 , B 2i + 1 = 4b 2 i +1 + 2b 2i + b 2 i -1 , C 2i + 1 = 4c 2 i +1 + 2c 2i + c 2 i -1 ( i ≧ 0).
[0018]
FIG. 1 shows a configuration example of the elliptic product-sum operation calculation apparatus. In FIG. 1, a control circuit (CPU) 100 controls the overall operation. The
[0019]
FIG. 2 shows a schematic processing flowchart of the elliptical product-sum operation calculation apparatus. Under the control of the
[0020]
3 to 7 are detailed processing flowcharts of the calculation part (step 220) of T = aP + bQ + cR in FIG. 8 to 10 show the contents of
[0021]
The flowcharts of FIGS. 3 to 7 execute the following processing. In the actual execution of the calculation, if doubling and addition / subtraction are included, the doubling is performed first, and then the addition / subtraction is performed.
T ← 0
for (i = k; i ≧ 0; i −−) {
if (Case 1) then {
else if (Case 2) then {
else if (Case 3) then {T ← 2T + R; T ← 2T}
else if (Case 4) then {T ← 2T-R; T ← 2T}
else if (Case 5) then {
else if (Case 6) then {
else if (Case 7) then {
else if (Case 8) then {T ← 2T + R; T ← 2T + Q}
else if (Case 9) then {T ← 2T-R;
else if (Case 10) then {
else if (Case 11) then {T ← 2T + Q; T ← 2T}
else if (Case 12) then {T ← 2T + Q; T ← 2T + R}
else if (Case 13) then {T ← 2T + (Q + R); T ← 2T}
else if (Case 14) then {T ← 2T + (Q−R); T ← 2T}
else if (Case 15) then {T ← 2T + Q); T ← 2T-R}
else if (Case 16) then {T ← 2TQ; T ← 2T}
else if (Case 17) then {T ← 2TQ; T ← 2T + R}
else if (Case 18) then {T ← 2T- (QR); T ← 2T}
else if (Case 19) then {T ← 2T− (Q + R); T ← 2T}
else if (Case 20) then {T ← 2T-Q; T ← 2T-R}
else if (Case 21) then {
else if (Case 22) then {
else if (Case 23) then {T ← 2T + R; T ← 2TQ}
else if (Case 24) then {T ← 2T-R;
else if (Case 25) then {
else if (Case 26) then {
else if (Case 27) then {
else if (Case 28) then {T ← 2T + R; T ← 2T + P}
else if (Case 29) then {T ← 2T-R;
else if (Case 30) then {
else if (Case 31) then {
else if (Case 32) then {
else if (Case 33) then {T ← 2T + R; T ← 2T + (P + Q)}
else if (Case 34) then {T ← 2T−R; T ← 2T + (P + Q)}
else if (Case 35) then {
else if (Case 36) then {T ← 2T + Q; T ← 2T + P}
else if (Case 37) then {T ← 2T + Q; T ← 2T + (P + R)}
else if (Case 38) then {T ← 2T + (Q + R); T ← 2T + P}
else if (Case 39) then {T ← 2T + (Q−R); T ← 2T + P}
else if (Case 40) then {T ← 2T + Q; T ← 2T + (PR)}
else if (Case 41) then {T ← 2TQ; T ← 2T + P}
else if (Case 42) then {T ← 2TQ; T ← 2T + (P + R)}
else if (Case 43) then {T ← 2T− (Q−R); T ← 2T + P}
else if (Case 44) then {T ← 2T− (Q + R); T ← 2T + P}
else if (Case 45) then {T ← 2TQ; T ← 2T + (PR)}
else if (Case 46) then {
else if (Case 47) then {
else if (Case 48) then {T ← 2T + R; T ← 2T + (PQ)}
else if (Case 49) then {T ← 2T−R; T ← 2T + (P−Q)}
else if (Case 50) then {
else if (Case 51) then {T ← 2T + P; T ← 2T}
else if (Case 52) then {T ← 2T + P; T ← 2T + R}
else if (Case 53) then {T ← 2T + (P + R); T ← 2T}
else if (Case 54) then {T ← 2T (PR); T ← 2T}
else if (Case 55) then {T ← 2T + P; T ← 2T−R}
else if (Case 56) then {T ← 2T + P; T ← 2T + Q}
else if (Case 57) then {T ← 2T + P; T ← 2T + (Q + R)}
else if (Case 58) then {T ← 2T + (P + R); T ← 2T + Q}
else if (Case 59) then {T ← 2T + (PR); T ← 2T + Q}
else if (Case 60) then {T ← 2T + P; T ← 2T + (Q−R)}
else if (Case 61) then {T ← 2T + (P + Q); T ← 2T}
else if (Case 62) then {T ← 2T + (P + Q); T ← 2T + R}
else if (Case 63) then {T ← 2T + (P + Q + R); T ← 2T}
else if (Case 64) then {T ← 2T + (P + Q−R); T ← 2T}
else if (Case 65) then {T ← 2T + (P + Q); T ← 2T−R}
else if (Case 66) then {T ← 2T + (PQ); T ← 2T}
else if (Case 67) then {T ← 2T + (PQ); T ← 2T + R}
else if (Case 68) then {T ← 2T + (P-Q + R); T ← 2T}
else if (Case 69) then {T ← 2T + (PQR); T ← 2T}
else if (Case 70) then {T ← 2T + (PQ); T ← 2T−R}
else if (Case 71) then {T ← 2T + P; T ← 2TQ}
else if (Case 72) then {T ← 2T + P; T ← 2T− (Q−R)}
else if (Case 73) then {T ← 2T + (P + R); T ← 2TQ}
else if (Case 74) then {T ← 2T + (PR); T ← 2TQ}
else if (Case 75) then {T ← 2T + P; T ← 2T− (Q + R)}
else if (Case 76) then {T ← 2TP; T ← 2T}
else if (Case 77) then {T ← 2T-P; T ← 2T + R}
else if (Case 78) then {T ← 2T- (PR); T ← 2T}
else if (Case 79) then {T ← 2T− (P + R); T ← 2T}
else if (Case 80) then {T ← 2TP; T ← 2T-R}
else if (Case 81) then {T ← 2TP; T ← 2T + Q}
else if (Case 82) then {T ← 2TP; T ← 2T + (Q + R)}
else if (Case 83) then {T ← 2T− (PR); T ← 2T + Q}
else if (Case 84) then {T ← 2T− (P + R); T ← 2T + Q}
else if (Case 85) then {T ← 2T−P; T ← 2T + (Q−R)}
else if (Case 86) then {T ← 2T- (PQ); T ← 2T}
else if (Case 87) then {T ← 2T− (PQ); T ← 2T + R}
else if (Case 88) then {T ← 2T- (PQR); T ← 2T}
else if (Case 89) then {T ← 2T− (PQ + R); T ← 2T}
else if (Case 90) then {T ← 2T- (PQ); T ← 2T-R}
else if (Case 91) then {T ← 2T− (P + Q); T ← 2T}
else if (Case 92) then {T ← 2T− (P + Q); T ← 2T + R}
else if (Case 93) then {T ← 2T− (P + Q−R); T ← 2T}
else if (Case 94) then {T ← 2T− (P + Q + R); T ← 2T}
else if (Case 95) then {T ← 2T− (P + Q); T ← 2T−R}
else if (Case 96) then {T ← 2TP; T ← 2TQ}
else if (Case 97) then {T ← 2TP; T ← 2T- (QR)}
else if (Case 98) then {T ← 2T- (PR); T ← 2TQ}
else if (Case 99) then {T ← 2T− (P + R); T ← 2T−Q}
else if (Case100) then {T ← 2TP; T ← 2T− (Q + R)}
else if (Case101) then {
else if (Case102) then {
else if (Case 103) then {T ← 2T + R; T ← 2TP−P}
else if (Case 104) then {T ← 2T-R;
else if (Case 105) then {
else if (Case 106) then {
else if (Case 107) then {
else if (Case 108) then {T ← 2T + R; T ← 2T− (PQ)}
else if (Case109) then {T ← 2T-R; T ← 2T- (PQ)}
else if (Case 110) then {
else if (Case111) then {T ← 2T + Q; T ← 2TP−P}
else if (Case112) then {T ← 2T + Q; T ← 2T− (PR)}
else if (Case113) then {T ← 2T + (Q + R); T ← 2T−P}
else if (Case 114) then {T ← 2T + (Q−R); T ← 2T−P}
else if (Case115) then {T ← 2T + Q; T ← 2T− (P + R)}
else if (Case116) then {T ← 2TQ; T ← 2TP}
else if (Case 117) then {T ← 2T-Q; T ← 2T- (PR)}
else if (Case 118) then {T ← 2T- (QR); T ← 2TP}
else if (Case119) then {T ← 2T− (Q + R); T ← 2T−P}
else if (Case 120) then {T ← 2TQ; T ← 2T− (P + R)}
else if (Case 121) then {
else if (Case122) then {
else if (Case123) then {T ← 2T + R; T ← 2T− (P + Q)}
else if (Case124) then {T ← 2T−R; T ← 2T− (P + Q)}
else if (Case 125) then {
}
[0022]
The above-described processing procedure program (referred to as an elliptic product-sum operation calculation program) can be provided by being recorded on a computer-readable recording medium, such as an FD, a memory card, or a compact disk (CD-ROM). It is. The
[0023]
3-7, P + Q, P-Q, P + R, P-R, Q + R, Q-R, P + Q + R, P + Q-R, P-Q + R, and P-Q-R are calculated in advance. Then, it may be stored in the
[0024]
FIG. 11 shows another embodiment of the
[0025]
According to the configuration of FIG. 11,
[0026]
In the above, one embodiment of the present invention has been described. However, the present invention applies the algorithm of the above formulas (1) to (5), and generally applies an elliptic product to a plurality of different points on an elliptic curve. Needless to say, the sum can be realized. For example, in the case of the hard logic shown in FIG. 11, the number of
[0027]
【The invention's effect】
As described above, according to the present invention, the elliptic product-sum operation for multiplying each of a plurality of different points on the elliptic curve E P on the prime field F P by an integer and adding the results of the integer multiplication is performed at high speed. There are advantages that can be implemented.
[Brief description of the drawings]
FIG. 1 is a block diagram illustrating a configuration example of an elliptic product-sum operation apparatus according to an embodiment of the present invention.
2 is an overall process flowchart of the elliptic product-sum operation apparatus of FIG. 1; FIG.
3 is a detailed process flowchart of a product-sum operation calculation part of FIG. 2;
FIG. 4 is a flowchart continued from FIG. 3;
FIG. 5 is a flowchart continued from FIG. 4;
FIG. 6 is a flowchart continued from FIG. 5;
FIG. 7 is a flowchart continued from FIG. 6;
FIG. 8 is a diagram illustrating a case classification of an operation type and an execution order in FIGS. 3 to 7;
FIG. 9 is also a diagram showing the cases of calculation types and execution orders in FIGS. 3 to 7;
FIG. 10 is a diagram similarly showing the cases of calculation types and execution orders in FIGS. 3 to 7;
FIG. 11 is a diagram illustrating a configuration example in which the function of the control circuit in FIG.
FIG. 12 is a processing flowchart of elliptic product summation according to a conventional method.
13 is a diagram showing the number of ellipse addition calculations and ellipse doubling calculations necessary for the calculation process of the conventional method of FIG.
[Explanation of symbols]
100
Claims (5)
Ep:y2≡x3+αx+β(mod p),α,β∈Fp,4α3+27β2≠0
で定義される素体Fp上の楕円曲線Ep上の相異なるn個(n≧3)の点をP1〜Pnとし、互いに独立なn組の整数mi(i=1,2,・・・,n)とした場合、
n組の整数miを
mi 2 k+ 1+mi 2 k+mi 2 k− 1≠0なるような最大のkを定義して、
楕円積和演算計算
Mi 2 j+ 1=4mi 2 j+ 1+2mi 2 j+mi 2 j− 1(j≧0)として、uiとviを
j=kにおいて、
制御回路は、パラメータP1〜Pn、演算結果Tの初期値としてT=0を記憶回路に格納し、n組の整数m1〜mnから、j=k,k−1,k−2,1…,0の順番に、順次、2ビットずつシフトして、(M1 2 j+ 1,M2 2 j+ 1,…,Mn 2 j+ 1)を選択し、該選択した(M1 2 j+ 1,M2 2 j+ 1,…,Mn 2 j+ 1)の値に応じて、前記式(2),(3)で定まる前記式(4),(5)の演算パターンを演算回路に指示し、
演算回路は、前記制御回路からの指示にもとづき、記憶回路からP1〜Pn、Tを読み出して、前記指示された演算パターンの演算を実行し、演算結果のTを記憶回路に戻す、
ことを特徴とする楕円積和演算計算方法。Let p be a prime field F p ,
E p : y 2 ≡x 3 + αx + β (mod p), α, β∈F p , 4α 3 + 27β 2 ≠ 0
N different points (n ≧ 3) on the elliptic curve Ep defined on the prime field Fp defined as follows: P 1 to P n and n sets of integers m i (i = 1, 2,.・ ・, N)
n sets of integers m i
Elliptical product-sum calculation
M i 2 j + 1 = 4 m i 2 j + 1 +2 m i 2 j + m i 2 j− 1 (j ≧ 0) and u i and v i are
At j = k
The control circuit stores parameters P 1 to P n and T = 0 as the initial value of the operation result T in the memory circuit, and j = k, k−1, k−2 from n sets of integers m 1 to mn. , 1..., 0, sequentially shifting by 2 bits, selecting (M 1 2 j + 1 , M 2 2 j + 1 ,..., M n 2 j + 1 ) and selecting the selected (M 1 2 j + 1, M 2 2 j + 1, ..., depending on the value of M n 2 j + 1), the formula (2), (formula determined by 3) (4), the arithmetic circuit operation pattern (5) Direct,
The arithmetic circuit reads P 1 to P n , T from the storage circuit based on an instruction from the control circuit, executes the operation of the instructed operation pattern, and returns the operation result T to the storage circuit.
An elliptic product-sum operation calculation method characterized by the above.
Ep:y2≡x3+αx+β(mod p),α,β∈Fp,4α3+27β2≠0
で定義される素体Fp上の楕円曲線Ep上の相異なる3点をP,Q,Rとし、互いに独立な3組の整数a,b,cを、
a2 k+ 1+a2 k+a2 k -1≠0,b2 k+ 1+b2 k+b2 k -1≠0,
c2 k+ 1+c2 k+c2 k -1≠0
となるような最大のkを定義して、楕円積和演算計算
T=aP+bQ+cR
を、制御回路、記憶回路及び演算回路を含むコンピュータにより自動的に計算する方法であって、
制御回路は、パラメータP,Q,R、及び、演算結果Tの初期値としてT=0を記憶回路に格納し、3組の整数a,b,cから、i=k,k−1,…,2,1,0の順番に、順次、2ビットずつシフトして、
A2 i+ 1=4a2 i+ 1+2a2 i+a2 i− 1、B2 i+ 1=4b2 i+ 1+2b2 i+b2 i− 1、C2 i+ 1=4c2 i+ 1+2c2 i+c2 i− 1を選択し、前記選択したA2 i+ 1、B2 i+ 1、C2 i+ 1の値が、
(1) (0,7)、(0,7)、(0,7)の場合、T←2T、T←2Tの順に実行される演算、
(2) (0,7)、(0,7)、(1,2)の場合、T←2T、T←2T+Rの順に実行される演算、
(3) (0,7)、(0,7)、(3)の場合、T←2T+R、T←2Tの順に実行される演算、
(4) (0,7)、(0,7)、(4)の場合、T←2T−R、T←2Tの順に実行される演算、
(5) (0,7)、(0,7)、(5,6)の場合、T←2T、T←2T−Rの順に実行される演算、
(6) (0,7)、(1,2)、(0,7)の場合、T←2T、T←2T+Qの順に実行される演算、
(7) (0,7)、(1,2)、(1,2)の場合、T←2T、T←2T+(Q+R)の順に実行される演算、
(8) (0,7)、(1,2)、(3)の場合、T←2T+R、T←2T+Qの順に実行される演算、
(9) (0,7)、(1,2)、(4)の場合、T←2T−R、T←2T+Qの順に実行される演算、
(10) (0,7)、(1,2)、(5,6)の場合、T←2T、T←2T+(Q−R)の順に実行される演算、
(11) (0,7)、(3)、(0,7)の場合、T←2T+Q、T←2Tの順に実行される演算、
(12) (0,7)、(3)、(1,2)の場合、T←2T+Q、T←2T+Rの順に実行される演算、
(13) (0,7)、(3)、(3)の場合、T←2T+(Q+R)、T←2Tの順に実行される演算、
(14) (0,7)、(3)、(4)の場合、T←2T+(Q−R)、T←2Tの順に実行される演算、
(15) (0,7)、(3)、(5,6)の場合、T←2T+Q、T←2T−Rの順に実行される演算、
(16) (0,7)、(4)、(0,7)の場合、T←2T−Q、T←2Tの順に実行される演算、
(17) (0,7)、(4)、(1,2)の場合、T←2T−Q、T←2T+Rの順に実行される演算、
(18) (0,7)、(4)、(3)の場合、T←2T−(Q−R)、T←2Tの順に実行される演算、
(19) (0,7)、(4)、(4)の場合、T←2T−(Q+R)、T←2Tの順に実行される演算、
(20) (0,7)、(4)、(5,6)の場合、T←2T−Q、T←2T−Rの順に実行される演算、
(21) (0,7)、(5,6)、(0,7)の場合、T←2T、T←2T−Qの順に実行される演算、
(22) (0,7)、(5,6)、(1,2)の場合、T←2T、T←2T−(Q−R)の順に実行される演算、
(23) (0,7)、(5,6)、(3)の場合、T←2T+R、T←2T−Qの順に実行される演算、
(24) (0,7)、(5,6)、(4)の場合、T←2T−R、T←2T−Qの順に実行される演算、
(25) (0,7)、(5,6)、(5,6)の場合、T←2T、T←2T−(Q+R)の順に実行される演算、
(26) (1,2)、(0,7)、(0,7)の場合、T←2T、T←2T+Pの順に実行される演算、
(27) (1,2)、(0,7)、(1,2)の場合、T←2T、T←2T+(P+R)の順に実行される演算、
(28) (1,2)、(0,7)、(3)の場合、T←2T+R、T←2T+Pの順に実行される演算、
(29) (1,2)、(0,7)、(4)の場合、T←2T−R、T←2T+Pの順に実行される演算、
(30) (1,2)、(0,7)、(5,6)の場合、T←2T、T←2T+(P−R)の順に実行される演算、
(31) (1,2)、(1,2)、(0,7)の場合、T←2T、T←2T+(P+Q)の順に実行される演算、
(32) (1,2)、(1,2)、(1,2)の場合、T←2T、T←2T+(P+Q+R)の順に実行される演算、
(33) (1,2)、(1,2)、(3)の場合、T←2T+R、T←2T+(P+Q)の順に実行される演算、
(34) (1,2)、(1,2)、(4)の場合、T←2T−R、T←2T+(P+Q)の順に実行される演算、
(35) (1,2)、(1,2)、(5,6)の場合、T←2T、T←2T+(P+Q−R)の順に実行される演算、
(36) (1,2)、(3)、(0,7)の場合、T←2T+Q、T←2T+Pの順に実行される演算、
(37) (1,2)、(3)、(1,2)の場合、T←2T+Q、T←2T+(P+R)の順に実行される演算、
(38) (1,2)、(3)、(3)の場合、T←2T+(Q+R)、T←2T+Pの順に実行される演算、
(39) (1,2)、(3)、(4)の場合、T←2T+(Q−R)、T←2T+Pの順に実行される演算、
(40) (1,2)、(3)、(5,6)の場合、T←2T+Q、T←2T+(P−R)の順に実行される演算、
(41) (1,2)、(4)、(0,7)の場合、T←2T−Q、T←2T+Pの順に実行される演算、
(42) (1,2)、(4)、(1,2)の場合、T←2T−Q、T←2T+(P+R)の順に実行される演算、
(43) (1,2)、(4)、(3)の場合、T←2T−(Q−R)、T←2T+Pの順に実行される演算、
(44) (1,2)、(4)、(4)の場合、T←2T−(Q+R)、T←2T+Pの順に実行される演算、
(45) (1,2)、(4)、(5,6)の場合、T←2T−Q、T←2T+(P-R)の順に実行される演算、
(46) (1,2)、(5,6)、(0,7)の場合、T←2T、T←2T+(P−Q)の順に実行される演算、
(47) (1,2)、(5,6)、(1,2)の場合、T←2T、T←2T+(P−Q+R)の順に実行される演算、
(48) (1,2)、(5,6)、(3)の場合、T←2T+R、T←2T+(P−Q)の順に実行される演算、
(49) (1,2)、(5,6)、(4)の場合、T←2T−R、T←2T+(P−Q)の順に実行される演算、
(50) (1,2)、(5,6)、(5,6)の場合、T←2T、T←2T+(P−Q−R)の順に実行される演算、
(51) (3)、(0,7)、(0,7)の場合、T←2T+P、T←2Tの順に実行される演算、
(52) (3)、(0,7)、(1,2)の場合、T←2T+P、T←2T+Rの順に実行される演算、
(53) (3)、(0,7)、(3)の場合、T←2T+(P+R)、T←2Tの順に実行される演算、
(54) (3)、(0,7)、(4)の場合、T←2T+(P−R)、T←2Tの順に実行される演算、
(55) (3)、(0,7)、(5,6)の場合、T←2T+P、T←2T−Rの順に実行される演算、
(56) (3)、(1,2)、(0,7)の場合、T←2T+P、T←2T+Qの順に実行される演算、
(57) (3)、(1,2)、(1,2)の場合、T←2T+P、T←2T+(Q+R)の順に実行される演算、
(58) (3)、(1,2)、(3)の場合、T←2T+(P+R)、T←2T+Qの順に実行される演算、
(59) (3)、(1,2)、(4)の場合、T←2T+(P−R)、T←2T+Qの順に実行される演算、
(60) (3)、(1,2)、(5,6)の場合、T←2T+P、T←2T+(Q−R)の順に実行される演算、
(61) (3)、(3)、(0,7)の場合、T←2T+(P+Q)、T←2Tの順に実行される演算、
(62) (3)、(3)、(1,2)の場合、T←2T+(P+Q)、T←2T+Rの順に実行される演算、
(63) (3)、(3)、(3)の場合、T←2T+(P+Q+R)、T←2Tの順に実行される演算、
(64) (3)、(3)、(4)の場合、T←2T+(P+Q−R)、T←2Tの順に実行される演算、
(65) (3)、(3)、(5,6)の場合、T←2T+(P+Q)、T←2T−Rの順に実行される演算、
(66) (3)、(4)、(0,7)の場合、T←2T+(P−Q)、T←2Tの順に実行される演算、
(67) (3)、(4)、(1,2)の場合、T←2T+(P−Q)、T←2T+Rの順に実行される演算、
(68) (3)、(4)、(3)の場合、T←2T+(P−Q+R)、T←2Tの順に実行される演算、
(69) (3)、(4)、(4)の場合、T←2T+(P−Q−R)、T←2Tの順に実行される演算、
(70) (3)、(4)、(5,6)の場合、T←2T+(P−Q)、T←2T−Rの順に実行される演算、
(71) (3)、(5,6)、(0,7)の場合、T←2T+P、T←2T−Qの順に実行される演算、
(72) (3)、(5,6)、(1,2)の場合、T←2T+P、T←2T−(Q−R)の順に実行される演算、
(73) (3)、(5,6)、(3)の場合、T←2T+(P+R)、T←2T−Qの順に実行される演算、
(74) (3)、(5,6)、(4)の場合、T←2T+(P−R)、T←2T−Qの順に実行される演算、
(75) (3)、(5,6)、(5,6)の場合、T←2T+P、T←2T−(Q+R)の順に実行される演算、
(76) (4)、(0,7)、(0,7)の場合、T←2T−P、T←2Tの順に実行される演算、
(77) (4)、(0,7)、(1,2)の場合、T←2T−P、T←2T+Rの順に実行される演算、
(78) (4)、(0,7)、(3)の場合、T←2T−(P−R)、T←2Tの順に実行される演算、
(79) (4)、(0,7)、(4)の場合、T←2T−(P+R)、T←2Tの順に実行される演算、
(80) (4)、(0,7)、(5,6)の場合、T←2T−P、T←2T−Rの順に実行される演算、
(81) (4)、(1,2)、(0,7)の場合、T←2T−P、T←2T+Qの順に実行される演算、
(82) (4)、(1,2)、(1,2)の場合、T←2T−P、T←2T+(Q+R)の順に実行される演算、
(83) (4)、(1,2)、(3)の場合、T←2T−(P−R)、T←2T+Qの順に実行される演算、
(84) (4)、(1,2)、(4)の場合、T←2T−(P+R)、T←2T+Qの順に実行される演算、
(85) (4)、(1,2)、(5,6)の場合、T←2T−P、T←2T+(Q−R)の順に実行される演算、
(86) (4)、(3)、(0,7)の場合、T←2T−(P−Q)、T←2Tの順に実行される演算、
(87) (4)、(3)、(1,2)の場合、T←2T−(P−Q)、T←2T+Rの順に実行される演算、
(88) (4)、(3)、(3)の場合、T←2T−(P−Q−R)、T←2Tの順に実行される演算、
(89) (4)、(3)、(4)の場合、T←2T−(P−Q+R)、T←2Tの順に実行される演算、
(90) (4)、(3)、(5,6)の場合、T←2T−(P−Q)、T←2T−Rの順に実行される演算、
(91) (4)、(4)、(0,7)の場合、T←2T−(P+Q)、T←2Tの順に実行される演算、
(92) (4)、(4)、(1,2)の場合、T←2T−(P+Q)、T←2T+Rの順に実行される演算、
(93) (4)、(4)、(3)の場合、T←2T−(P+Q−R)、T←2Tの順に実行される演算、
(94) (4)、(4)、(4)の場合、T←2T−(P+Q+R)、T←2Tの順に実行される演算、
(95) (4)、(4)、(5,6)の場合、T←2T−(P+Q)、T←2T−Rの順に実行される演算、
(96) (4)、(5,6)、(0,7)の場合、T←2T−P、T←2T−Qの順に実行される演算、
(97) (4)、(5,6)、(1,2)の場合、T←2T−P、T←2T−(Q−R)の順に実行される演算、
(98) (4)、(5,6)、(3)の場合、T←2T−(P−R)、T←2T−Qの順に実行される演算、
(99) (4)、(5,6)、(4)の場合、T←2T−(P+R)、T←2T−Qの順に実行される演算、
(100) (4)、(5,6)、(5,6)の場合、T←2T−P、T←2T−(Q+R)の順に実行される演算、
(101) (5,6)、(0,7)、(0,7)の場合、T←2T、T←2T−Pの順に実行される演算、
(102) (5,6)、(0,7)、(1,2)の場合、T←2T、T←2T−(P−R)の順に実行される演算、
(103) (5,6)、(0,7)、(3)の場合、T←2T+R、T←2T−Pの順に実行される演算、
(104) (5,6)、(0,7)、(4)の場合、T←2T−R、T←2T−Pの順に実行される演算、
(105) (5,6)、(0,7)、(5,6)の場合、T←2T、T←2T−(P+R)の順に実行される演算、
(106) (5,6)、(1,2)、(0,7)の場合、T←2T、T←2T−(P−Q)の順に実行される演算、
(107) (5,6)、(1,2)、(1,2)の場合、T←2T、T←2T−(P−Q−R)の順に実行される演算、
(108) (5,6)、(1,2)、(3)の場合、T←2T+R、T←2T−(P−Q)の順に実行される演算、
(109) (5,6)、(1,2)、(4)の場合、T←2T−R、T←2T−(P−Q)の順に実行される演算、
(110) (5,6)、(1,2)、(5,6)の場合、T←2T、T←2T−(P−Q+R)の順に実行される演算、
(111) (5,6)、(3)、(0,7)の場合、T←2T+Q、T←2T−Pの順に実行される演算、
(112) (5,6)、(3)、(1,2)の場合、T←2T+Q、T←2T−(P−R)の順に実行される演算、
(113) (5,6)、(3)、(3)の場合、T←2T+(Q+R)、T←2T−Pの順に実行される演算、
(114) (5,6)、(3)、(4)の場合、T←2T+(Q−R)、T←2T−Pの順に実行される演算、
(115) (5,6)、(3)、(5,6)の場合、T←2T+Q、T←2T−(P+R)の順に実行される演算、
(116) (5,6)、(4)、(0,7)の場合、T←2T−Q、T←2T−Pの順に実行される演算、
(117) (5,6)、(4)、(1,2)の場合、T←2T−Q、T←2T−(P−R)の順に実行される演算、
(118) (5,6)、(4)、(3)の場合、T←2T−(Q−R)、T←2T−Pの順に実行される演算、
(119) (5,6)、(4)、(4)の場合、T←2T−(Q+R)、T←2T−Pの順に実行される演算、
(120) (5,6)、(4)、(5,6)の場合、T←2T−Q、T←2T−(P+R)の順に実行される演算、
(121) (5,6)、(5,6)、(0,7)の場合、T←2T、T←2T−(P+R)の順に実行される演算、
(122) (5,6)、(5,6)、(1,2)の場合、T←2T、T←2T−(P+Q−R)の順に実行される演算、
(123) (5,6)、(5,6)、(3)の場合、T←2T+R、T←2T−(P+Q)の順に実行される演算、
(124) (5,6)、(5,6)、(4)の場合、T←2T-R、T←2T−(P+Q)の順に実行される演算、
(125) (5,6)、(5,6)、(5,6)の場合、T←2T、T←2T−(P+Q+R)の順に実行される演算、
のいずれかの演算を演算回路に指示し、
演算回路は、前記制御回路からの指示にもとづき、記憶回路からP,Q,R,Tを入力して、前記指示された(1)〜(125)のいずれかの演算を実行し、演算結果のTを記憶回路に戻す、
ことを特徴とする楕円積和演算計算方法。Let p be a prime field F p ,
E p : y 2 ≡x 3 + αx + β (mod p), α, β∈F p , 4α 3 + 27β 2 ≠ 0
P, Q, and R are three different points on the elliptic curve E p on the elementary field F p defined by, and three independent integers a, b, c are
a 2 k + 1 + a 2 k + a 2 k -1 ≠ 0, b 2 k + 1 + b 2 k + b 2 k -1 ≠ 0,
c 2 k + 1 + c 2 k + c 2 k −1 ≠ 0
The maximum k is defined such that the elliptic product sum calculation T = aP + bQ + cR
Is automatically calculated by a computer including a control circuit, a storage circuit, and an arithmetic circuit,
The control circuit stores T = 0 as an initial value of the parameters P, Q, R and the calculation result T in the memory circuit, and from three sets of integers a, b, c, i = k, k−1,. , 2, 1, 0 sequentially, shifting by 2 bits,
A 2 i + 1 = 4a 2 i + 1 + 2a 2 i + a 2 i- 1, B 2 i + 1 = 4b 2 i + 1 + 2b 2 i + b 2 i- 1, C 2 i + 1 = 4c 2 i + 1 + 2c 2 i + c 2 i- 1 is selected, and the selected values of A 2 i + 1 , B 2 i + 1 , and C 2 i + 1 are
(1) In the case of (0,7), (0,7), (0,7), an operation executed in the order of T ← 2T, T ← 2T,
(2) In the case of (0, 7), (0, 7), (1, 2), an operation executed in the order of T ← 2T, T ← 2T + R,
(3) In the case of (0, 7), (0, 7), (3), an operation executed in the order of T ← 2T + R, T ← 2T,
(4) In the case of (0,7), (0,7), (4), an operation executed in the order of T ← 2T−R, T ← 2T,
(5) In the case of (0, 7), (0, 7), (5, 6), an operation executed in the order of T ← 2T and T ← 2T-R.
(6) In the case of (0,7), (1,2), (0,7), an operation executed in the order of T ← 2T, T ← 2T + Q,
(7) In the case of (0,7), (1,2), (1,2), an operation executed in the order of T ← 2T, T ← 2T + (Q + R),
(8) In the case of (0, 7), (1, 2), (3), an operation executed in the order of T ← 2T + R, T ← 2T + Q,
(9) In the case of (0, 7), (1, 2), (4), an operation executed in the order of T ← 2T−R, T ← 2T + Q,
(10) In the case of (0,7), (1,2), (5,6), an operation executed in the order of T ← 2T, T ← 2T + (Q−R),
(11) In the case of (0,7), (3), (0,7), an operation executed in the order of T ← 2T + Q, T ← 2T,
(12) In the case of (0, 7), (3), (1, 2), an operation executed in the order of T ← 2T + Q, T ← 2T + R,
(13) In the case of (0, 7), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T,
(14) In the case of (0, 7), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T,
(15) In the case of (0, 7), (3), (5, 6), operations executed in the order of T ← 2T + Q, T ← 2T−R,
(16) In the case of (0,7), (4), (0,7), an operation executed in the order of T ← 2T-Q, T ← 2T,
(17) In the case of (0, 7), (4), (1, 2), an operation executed in the order of T ← 2T−Q, T ← 2T + R,
(18) In the case of (0, 7), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T,
(19) In the case of (0, 7), (4), (4), an operation executed in the order of T ← 2T− (Q + R), T ← 2T,
(20) In the case of (0, 7), (4), (5, 6), operations executed in the order of T ← 2T-Q, T ← 2T-R,
(21) In the case of (0,7), (5,6), (0,7), an operation executed in the order of T ← 2T, T ← 2T-Q,
(22) In the case of (0, 7), (5, 6), (1, 2), an operation executed in the order of T ← 2T, T ← 2T− (Q−R),
(23) In the case of (0,7), (5,6), (3), an operation executed in the order of T ← 2T + R and T ← 2TQ,
(24) In the case of (0, 7), (5, 6), (4), an operation executed in the order of T ← 2T−R, T ← 2TQ,
(25) In the case of (0, 7), (5, 6), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (Q + R),
(26) In the case of (1,2), (0,7), (0,7), an operation executed in the order of T ← 2T, T ← 2T + P,
(27) In the case of (1,2), (0,7), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P + R),
(28) In the case of (1,2), (0,7), (3), an operation executed in the order of T ← 2T + R, T ← 2T + P,
(29) In the case of (1,2), (0,7), (4), an operation executed in the order of T ← 2T−R, T ← 2T + P,
(30) In the case of (1,2), (0,7), (5,6), operations executed in the order of T ← 2T, T ← 2T + (PR),
(31) In the case of (1,2), (1,2), (0,7), operations executed in the order of T ← 2T, T ← 2T + (P + Q),
(32) In the case of (1,2), (1,2), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P + Q + R),
(33) In the case of (1,2), (1,2), (3), operations executed in the order of T ← 2T + R, T ← 2T + (P + Q),
(34) In the case of (1,2), (1,2), (4), an operation executed in the order of T ← 2T−R, T ← 2T + (P + Q),
(35) In the case of (1,2), (1,2), (5,6), operations executed in the order of T ← 2T, T ← 2T + (P + Q−R),
(36) In the case of (1,2), (3), (0,7), an operation executed in the order of T ← 2T + Q, T ← 2T + P,
(37) In the case of (1,2), (3), (1,2), operations executed in the order of T ← 2T + Q, T ← 2T + (P + R),
(38) In the case of (1,2), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T + P,
(39) In the case of (1, 2), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T + P,
(40) In the case of (1, 2), (3), (5, 6), an operation executed in the order of T ← 2T + Q, T ← 2T + (PR),
(41) In the case of (1, 2), (4), (0, 7), an operation executed in the order of T ← 2T−Q, T ← 2T + P,
(42) In the case of (1,2), (4), (1,2), operations executed in the order of T ← 2T−Q, T ← 2T + (P + R),
(43) In the case of (1,2), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T + P,
(44) In the case of (1,2), (4), (4), an operation executed in the order of T ← 2T− (Q + R), T ← 2T + P,
(45) In the case of (1, 2), (4), (5, 6), operations executed in the order of T ← 2T−Q, T ← 2T + (PR),
(46) In the case of (1,2), (5,6), (0,7), an operation executed in the order of T ← 2T, T ← 2T + (P−Q),
(47) In the case of (1,2), (5,6), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P−Q + R),
(48) In the case of (1,2), (5,6), (3), an operation executed in the order of T ← 2T + R, T ← 2T + (P−Q),
(49) In the case of (1,2), (5,6), (4), an operation executed in the order of T ← 2T−R, T ← 2T + (P−Q),
(50) In the case of (1,2), (5,6), (5,6), operations executed in the order of T ← 2T, T ← 2T + (PQR),
(51) In the case of (3), (0, 7), (0, 7), an operation executed in the order of T ← 2T + P, T ← 2T,
(52) In the case of (3), (0, 7), (1, 2), an operation executed in the order of T ← 2T + P and T ← 2T + R;
(53) In the case of (3), (0, 7), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T,
(54) In the case of (3), (0, 7), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T,
(55) In the case of (3), (0, 7), (5, 6), operations executed in the order of T ← 2T + P, T ← 2T−R,
(56) In the case of (3), (1,2), (0,7), an operation executed in the order of T ← 2T + P, T ← 2T + Q,
(57) In the case of (3), (1,2), (1,2), operations executed in the order of T ← 2T + P, T ← 2T + (Q + R),
(58) In the case of (3), (1,2), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T + Q,
(59) In the case of (3), (1,2), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T + Q,
(60) In the case of (3), (1,2), (5,6), operations executed in the order of T ← 2T + P, T ← 2T + (Q−R),
(61) In the case of (3), (3), (0, 7), an operation executed in the order of T ← 2T + (P + Q), T ← 2T,
(62) In the case of (3), (3), (1, 2), an operation executed in the order of T ← 2T + (P + Q), T ← 2T + R,
(63) In the case of (3), (3), (3), an operation executed in the order of T ← 2T + (P + Q + R), T ← 2T,
(64) In the case of (3), (3), (4), an operation executed in the order of T ← 2T + (P + Q−R), T ← 2T,
(65) In the case of (3), (3), (5, 6), an operation executed in the order of T ← 2T + (P + Q), T ← 2T−R,
(66) In the case of (3), (4), (0, 7), an operation executed in the order of T ← 2T + (P−Q), T ← 2T,
(67) In the case of (3), (4), (1, 2), an operation executed in the order of T ← 2T + (P−Q), T ← 2T + R,
(68) In the case of (3), (4), (3), an operation executed in the order of T ← 2T + (P−Q + R), T ← 2T,
(69) In the case of (3), (4), (4), an operation executed in the order of T ← 2T + (PQR), T ← 2T,
(70) In the case of (3), (4), (5, 6), an operation executed in the order of T ← 2T + (P−Q) and T ← 2T−R,
(71) In the case of (3), (5, 6), (0, 7), an operation executed in the order of T ← 2T + P, T ← 2T-Q,
(72) In the case of (3), (5, 6), (1, 2), an operation executed in the order of T ← 2T + P, T ← 2T− (Q−R),
(73) In the case of (3), (5, 6), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T−Q,
(74) In the case of (3), (5, 6), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T-Q,
(75) In the case of (3), (5, 6), (5, 6), an operation executed in the order of T ← 2T + P, T ← 2T− (Q + R),
(76) In the case of (4), (0, 7), (0, 7), an operation executed in the order of T ← 2T−P, T ← 2T,
(77) In the case of (4), (0, 7), (1, 2), an operation executed in the order of T ← 2T−P, T ← 2T + R,
(78) In the case of (4), (0, 7), (3), an operation executed in the order of T ← 2T− (PR) and T ← 2T,
(79) In the case of (4), (0, 7), (4), an operation executed in the order of T ← 2T− (P + R), T ← 2T,
(80) In the case of (4), (0, 7), (5, 6), an operation executed in the order of T ← 2T−P, T ← 2T−R,
(81) In the case of (4), (1,2), (0,7), an operation executed in the order of T ← 2T−P and T ← 2T + Q,
(82) In the case of (4), (1,2), (1,2), operations executed in the order of T ← 2T−P, T ← 2T + (Q + R),
(83) In the case of (4), (1,2), (3), an operation executed in the order of T ← 2T− (PR), T ← 2T + Q,
(84) In the case of (4), (1,2), (4), an operation executed in the order of T ← 2T− (P + R), T ← 2T + Q,
(85) In the case of (4), (1,2), (5,6), operations executed in the order of T ← 2T−P, T ← 2T + (Q−R),
(86) In the case of (4), (3), (0, 7), an operation executed in the order of T ← 2T− (PQ) and T ← 2T,
(87) In the case of (4), (3), (1, 2), an operation executed in the order of T ← 2T− (P−Q) and T ← 2T + R;
(88) In the case of (4), (3), (3), an operation executed in the order of T ← 2T− (PQR) and T ← 2T,
(89) In the case of (4), (3), (4), an operation executed in the order of T ← 2T− (P−Q + R) and T ← 2T,
(90) In the case of (4), (3), (5, 6), an operation executed in the order of T ← 2T− (P−Q) and T ← 2T−R;
(91) In the case of (4), (4), (0, 7), an operation executed in the order of T ← 2T− (P + Q), T ← 2T,
(92) In the case of (4), (4), (1, 2), an operation executed in the order of T ← 2T− (P + Q), T ← 2T + R,
(93) In the case of (4), (4), (3), an operation executed in the order of T ← 2T− (P + Q−R), T ← 2T,
(94) In the case of (4), (4), (4), an operation executed in the order of T ← 2T− (P + Q + R), T ← 2T,
(95) In the case of (4), (4), (5, 6), an operation executed in the order of T ← 2T− (P + Q) and T ← 2T−R;
(96) In the case of (4), (5, 6), (0, 7), operations executed in the order of T ← 2T-P, T ← 2T-Q,
(97) In the case of (4), (5, 6), (1, 2), operations executed in the order of T ← 2T−P, T ← 2T− (Q−R),
(98) In the case of (4), (5, 6), (3), an operation executed in the order of T ← 2T− (PR) and T ← 2TQ,
(99) In the case of (4), (5, 6), (4), an operation executed in the order of T ← 2T− (P + R) and T ← 2T−Q,
(100) In the case of (4), (5, 6), (5, 6), an operation executed in the order of T ← 2T−P, T ← 2T− (Q + R),
(101) In the case of (5, 6), (0, 7), (0, 7), operations executed in the order of T ← 2T, T ← 2T-P,
(102) In the case of (5, 6), (0, 7), (1, 2), operations executed in the order of T ← 2T, T ← 2T− (PR),
(103) In the case of (5, 6), (0, 7), (3), operations executed in the order of T ← 2T + R, T ← 2T−P,
(104) In the case of (5, 6), (0, 7), (4), an operation executed in the order of T ← 2T−R, T ← 2T−P,
(105) In the case of (5, 6), (0, 7), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (P + R),
(106) In the case of (5, 6), (1, 2), (0, 7), operations executed in the order of T ← 2T, T ← 2T− (PQ),
(107) In the case of (5, 6), (1, 2), (1, 2), an operation executed in the order of T ← 2T, T ← 2T− (PQR),
(108) In the case of (5, 6), (1, 2), (3), operations executed in the order of T ← 2T + R, T ← 2T− (P−Q),
(109) In the case of (5, 6), (1, 2), (4), an operation executed in the order of T ← 2T−R, T ← 2T− (PQ),
(110) In the case of (5, 6), (1, 2), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (PQ + R),
(111) In the case of (5, 6), (3), (0, 7), operations executed in the order of T ← 2T + Q, T ← 2T−P,
(112) In the case of (5, 6), (3), (1, 2), an operation executed in the order of T ← 2T + Q, T ← 2T− (PR),
(113) In the case of (5, 6), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T−P,
(114) In the case of (5, 6), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T−P,
(115) In the case of (5, 6), (3), (5, 6), operations executed in the order of T ← 2T + Q, T ← 2T− (P + R),
(116) In the case of (5, 6), (4), (0, 7), operations executed in the order of T ← 2T-Q, T ← 2T-P,
(117) In the case of (5, 6), (4), (1, 2), an operation executed in the order of T ← 2T-Q, T ← 2T- (PR),
(118) In the case of (5, 6), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T−P,
(119) In the case of (5, 6), (4), (4), an operation executed in the order of T ← 2T− (Q + R) and T ← 2T−P,
(120) In the case of (5, 6), (4), (5, 6), operations executed in the order of T ← 2T−Q, T ← 2T− (P + R),
(121) In the case of (5, 6), (5, 6), (0, 7), operations executed in the order of T ← 2T, T ← 2T− (P + R),
(122) In the case of (5, 6), (5, 6), (1, 2), operations executed in the order of T ← 2T, T ← 2T− (P + Q−R),
(123) In the case of (5, 6), (5, 6), (3), an operation executed in the order of T ← 2T + R, T ← 2T− (P + Q),
(124) In the case of (5, 6), (5, 6), (4), operations executed in the order of T ← 2T−R, T ← 2T− (P + Q),
(125) In the case of (5, 6), (5, 6), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (P + Q + R),
Instruct the arithmetic circuit to perform any of the operations
The arithmetic circuit inputs P, Q, R, and T from the storage circuit based on the instruction from the control circuit, executes any one of the instructed (1) to (125), and obtains an operation result. Return T to the memory circuit,
An elliptic product-sum operation calculation method characterized by the above.
Ep:y2≡x3+αx+β(mod p),α,β∈Fp,4α3+27β2≠0
で定義される素体Fp上の楕円曲線Ep上の相異なる3点をP,Q,Rとし、互いに独立な3組の整数a,b,cを、
a2 k+ 1+a2 k+a2 k -1≠0,b2 k+ 1+b2 k+b2 k -1≠0,
c2 k+ 1+c2 k+c2 k -1≠0
となるような最大のkを定義して、楕円積和演算計算
T=aP+bQ+cR
を計算する楕円積和演算装置において、
パラメータP,Q,R、演算結果Tを格納する記憶手段と、
3組の整数a,b,cを格納する記憶手段と、
A2 i+ 1=4a2 i+ 1+2a2 i+a2 i− 1、B2 i+ 1=4b2 i+ 1+2b2 i+b2 i− 1、C2 i+ 1=4c2 i+ 1+2c2 i+c2 i− 1を選択し、前記選択したA2 i+ 1、B2 i+ 1、C2 i+ 1の値が、
(1) (0,7)、(0,7)、(0,7)の場合、T←2T、T←2Tの順に実行される演算、
(2) (0,7)、(0,7)、(1,2)の場合、T←2T、T←2T+Rの順に実行される演算、
(3) (0,7)、(0,7)、(3)の場合、T←2T+R、T←2Tの順に実行される演算、
(4) (0,7)、(0,7)、(4)の場合、T←2T−R、T←2Tの順に実行される演算、
(5) (0,7)、(0,7)、(5,6)の場合、T←2T、T←2T−Rの順に実行される演算、
(6) (0,7)、(1,2)、(0,7)の場合、T←2T、T←2T+Qの順に実行される演算、
(7) (0,7)、(1,2)、(1,2)の場合、T←2T、T←2T+(Q+R)の順に実行される演算、
(8) (0,7)、(1,2)、(3)の場合、T←2T+R、T←2T+Qの順に実行される演算、
(9) (0,7)、(1,2)、(4)の場合、T←2T−R、T←2T+Qの順に実行される演算、
(10) (0,7)、(1,2)、(5,6)の場合、T←2T、T←2T+(Q−R)の順に実行される演算、
(11) (0,7)、(3)、(0,7)の場合、T←2T+Q、T←2Tの順に実行される演算、
(12) (0,7)、(3)、(1,2)の場合、T←2T+Q、T←2T+Rの順に実行される演算、
(13) (0,7)、(3)、(3)の場合、T←2T+(Q+R)、T←2Tの順に実行される演算、
(14) (0,7)、(3)、(4)の場合、T←2T+(Q−R)、T←2Tの順に実行される演算、
(15) (0,7)、(3)、(5,6)の場合、T←2T+Q、T←2T−Rの順に実行される演算、
(16) (0,7)、(4)、(0,7)の場合、T←2T−Q、T←2Tの順に実行される演算、
(17) (0,7)、(4)、(1,2)の場合、T←2T−Q、T←2T+Rの順に実行される演算、
(18) (0,7)、(4)、(3)の場合、T←2T−(Q−R)、T←2Tの順に実行される演算、
(19) (0,7)、(4)、(4)の場合、T←2T−(Q+R)、T←2Tの順に実行される演算、
(20) (0,7)、(4)、(5,6)の場合、T←2T−Q、T←2T−Rの順に実行される演算、
(21) (0,7)、(5,6)、(0,7)の場合、T←2T、T←2T−Qの順に実行される演算、
(22) (0,7)、(5,6)、(1,2)の場合、T←2T、T←2T−(Q−R)の順に実行される演算、
(23) (0,7)、(5,6)、(3)の場合、T←2T+R、T←2T−Qの順に実行される演算、
(24) (0,7)、(5,6)、(4)の場合、T←2T−R、T←2T−Qの順に実行される演算、
(25) (0,7)、(5,6)、(5,6)の場合、T←2T、T←2T−(Q+R)の順に実行される演算、
(26) (1,2)、(0,7)、(0,7)の場合、T←2T、T←2T+Pの順に実行される演算、
(27) (1,2)、(0,7)、(1,2)の場合、T←2T、T←2T+(P+R)の順に実行される演算、
(28) (1,2)、(0,7)、(3)の場合、T←2T+R、T←2T+Pの順に実行される演算、
(29) (1,2)、(0,7)、(4)の場合、T←2T−R、T←2T+Pの順に実行される演算、
(30) (1,2)、(0,7)、(5,6)の場合、T←2T、T←2T+(P−R)の順に実行される演算、
(31) (1,2)、(1,2)、(0,7)の場合、T←2T、T←2T+(P+Q)の順に実行される演算、
(32) (1,2)、(1,2)、(1,2)の場合、T←2T、T←2T+(P+Q+R)の順に実行される演算、
(33) (1,2)、(1,2)、(3)の場合、T←2T+R、T←2T+(P+Q)の順に実行される演算、
(34) (1,2)、(1,2)、(4)の場合、T←2T−R、T←2T+(P+Q)の順に実行される演算、
(35) (1,2)、(1,2)、(5,6)の場合、T←2T、T←2T+(P+Q−R)の順に実行される演算、
(36) (1,2)、(3)、(0,7)の場合、T←2T+Q、T←2T+Pの順に実行される演算、
(37) (1,2)、(3)、(1,2)の場合、T←2T+Q、T←2T+(P+R)の順に実行される演算、
(38) (1,2)、(3)、(3)の場合、T←2T+(Q+R)、T←2T+Pの順に実行される演算、
(39) (1,2)、(3)、(4)の場合、T←2T+(Q−R)、T←2T+Pの順に実行される演算、
(40) (1,2)、(3)、(5,6)の場合、T←2T+Q、T←2T+(P−R)の順に実行される演算、
(41) (1,2)、(4)、(0,7)の場合、T←2T−Q、T←2T+Pの順に実行される演算、
(42) (1,2)、(4)、(1,2)の場合、T←2T−Q、T←2T+(P+R)の順に実行される演算、
(43) (1,2)、(4)、(3)の場合、T←2T−(Q−R)、T←2T+Pの順に実行される演算、
(44) (1,2)、(4)、(4)の場合、T←2T−(Q+R)、T←2T+Pの順に実行される演算、
(45) (1,2)、(4)、(5,6)の場合、T←2T−Q、T←2T+(P-R)の順に実行される演算、
(46) (1,2)、(5,6)、(0,7)の場合、T←2T、T←2T+(P−Q)の順に実行される演算、
(47) (1,2)、(5,6)、(1,2)の場合、T←2T、T←2T+(P−Q+R)の順に実行される演算、
(48) (1,2)、(5,6)、(3)の場合、T←2T+R、T←2T+(P−Q)の順に実行される演算、
(49) (1,2)、(5,6)、(4)の場合、T←2T−R、T←2T+(P−Q)の順に実行される演算、
(50) (1,2)、(5,6)、(5,6)の場合、T←2T、T←2T+(P−Q−R)の順に実行される演算、
(51) (3)、(0,7)、(0,7)の場合、T←2T+P、T←2Tの順に実行される演算、
(52) (3)、(0,7)、(1,2)の場合、T←2T+P、T←2T+Rの順に実行される演算、
(53) (3)、(0,7)、(3)の場合、T←2T+(P+R)、T←2Tの順に実行される演算、
(54) (3)、(0,7)、(4)の場合、T←2T+(P−R)、T←2Tの順に実行される演算、
(55) (3)、(0,7)、(5,6)の場合、T←2T+P、T←2T−Rの順に実行される演算、
(56) (3)、(1,2)、(0,7)の場合、T←2T+P、T←2T+Qの順に実行される演算、
(57) (3)、(1,2)、(1,2)の場合、T←2T+P、T←2T+(Q+R)の順に実行される演算、
(58) (3)、(1,2)、(3)の場合、T←2T+(P+R)、T←2T+Qの順に実行される演算、
(59) (3)、(1,2)、(4)の場合、T←2T+(P−R)、T←2T+Qの順に実行される演算、
(60) (3)、(1,2)、(5,6)の場合、T←2T+P、T←2T+(Q−R)の順に実行される演算、
(61) (3)、(3)、(0,7)の場合、T←2T+(P+Q)、T←2Tの順に実行される演算、
(62) (3)、(3)、(1,2)の場合、T←2T+(P+Q)、T←2T+Rの順に実行される演算、
(63) (3)、(3)、(3)の場合、T←2T+(P+Q+R)、T←2Tの順に実行される演算、
(64) (3)、(3)、(4)の場合、T←2T+(P+Q−R)、T←2Tの順に実行される演算、
(65) (3)、(3)、(5,6)の場合、T←2T+(P+Q)、T←2T−Rの順に実行される演算、
(66) (3)、(4)、(0,7)の場合、T←2T+(P−Q)、T←2Tの順に実行される演算、
(67) (3)、(4)、(1,2)の場合、T←2T+(P−Q)、T←2T+Rの順に実行される演算、
(68) (3)、(4)、(3)の場合、T←2T+(P−Q+R)、T←2Tの順に実行される演算、
(69) (3)、(4)、(4)の場合、T←2T+(P−Q−R)、T←2Tの順に実行される演算、
(70) (3)、(4)、(5,6)の場合、T←2T+(P−Q)、T←2T−Rの順に実行される演算、
(71) (3)、(5,6)、(0,7)の場合、T←2T+P、T←2T−Qの順に実行される演算、
(72) (3)、(5,6)、(1,2)の場合、T←2T+P、T←2T−(Q−R)の順に実行される演算、
(73) (3)、(5,6)、(3)の場合、T←2T+(P+R)、T←2T−Qの順に実行される演算、
(74) (3)、(5,6)、(4)の場合、T←2T+(P−R)、T←2T−Qの順に実行される演算、
(75) (3)、(5,6)、(5,6)の場合、T←2T+P、T←2T−(Q+R)の順に実行される演算、
(76) (4)、(0,7)、(0,7)の場合、T←2T−P、T←2Tの順に実行される演算、
(77) (4)、(0,7)、(1,2)の場合、T←2T−P、T←2T+Rの順に実行される演算、
(78) (4)、(0,7)、(3)の場合、T←2T−(P−R)、T←2Tの順に実行される演算、
(79) (4)、(0,7)、(4)の場合、T←2T−(P+R)、T←2Tの順に実行される演算、
(80) (4)、(0,7)、(5,6)の場合、T←2T−P、T←2T−Rの順に実行される演算、
(81) (4)、(1,2)、(0,7)の場合、T←2T−P、T←2T+Qの順に実行される演算、
(82) (4)、(1,2)、(1,2)の場合、T←2T−P、T←2T+(Q+R)の順に実行される演算、
(83) (4)、(1,2)、(3)の場合、T←2T−(P−R)、T←2T+Qの順に実行される演算、
(84) (4)、(1,2)、(4)の場合、T←2T−(P+R)、T←2T+Qの順に実行される演算、
(85) (4)、(1,2)、(5,6)の場合、T←2T−P、T←2T+(Q−R)の順に実行される演算、
(86) (4)、(3)、(0,7)の場合、T←2T−(P−Q)、T←2Tの順に実行される演算、
(87) (4)、(3)、(1,2)の場合、T←2T−(P−Q)、T←2T+Rの順に実行される演算、
(88) (4)、(3)、(3)の場合、T←2T−(P−Q−R)、T←2Tの順に実行される演算、
(89) (4)、(3)、(4)の場合、T←2T−(P−Q+R)、T←2Tの順に実行される演算、
(90) (4)、(3)、(5,6)の場合、T←2T−(P−Q)、T←2T−Rの順に実行される演算、
(91) (4)、(4)、(0,7)の場合、T←2T−(P+Q)、T←2Tの順に実行される演算、
(92) (4)、(4)、(1,2)の場合、T←2T−(P+Q)、T←2T+Rの順に実行される演算、
(93) (4)、(4)、(3)の場合、T←2T−(P+Q−R)、T←2Tの順に実行される演算、
(94) (4)、(4)、(4)の場合、T←2T−(P+Q+R)、T←2Tの順に実行される演算、
(95) (4)、(4)、(5,6)の場合、T←2T−(P+Q)、T←2T−Rの順に実行される演算、
(96) (4)、(5,6)、(0,7)の場合、T←2T−P、T←2T−Qの順に実行される演算、
(97) (4)、(5,6)、(1,2)の場合、T←2T−P、T←2T−(Q−R)の順に実行される演算、
(98) (4)、(5,6)、(3)の場合、T←2T−(P−R)、T←2T−Qの順に実行される演算、
(99) (4)、(5,6)、(4)の場合、T←2T−(P+R)、T←2T−Qの順に実行される演算、
(100) (4)、(5,6)、(5,6)の場合、T←2T−P、T←2T−(Q+R)の順に実行される演算、
(101) (5,6)、(0,7)、(0,7)の場合、T←2T、T←2T−Pの順に実行される演算、
(102) (5,6)、(0,7)、(1,2)の場合、T←2T、T←2T−(P−R)の順に実行される演算、
(103) (5,6)、(0,7)、(3)の場合、T←2T+R、T←2T−Pの順に実行される演算、
(104) (5,6)、(0,7)、(4)の場合、T←2T−R、T←2T−Pの順に実行される演算、
(105) (5,6)、(0,7)、(5,6)の場合、T←2T、T←2T−(P+R)の順に実行される演算、
(106) (5,6)、(1,2)、(0,7)の場合、T←2T、T←2T−(P−Q)の順に実行される演算、
(107) (5,6)、(1,2)、(1,2 )の場合、T←2T、T←2T−(P−Q−R)の順に実行される演算、
(108) (5,6)、(1,2)、(3)の場合、T←2T+R、T←2T−(P−Q)の順に実行される演算、
(109) (5,6)、(1,2)、(4)の場合、T←2T−R、T←2T−(P−Q)の順に実行される演算、
(110) (5,6)、(1,2)、(5,6)の場合、T←2T、T←2T−(P−Q+R)の順に実行される演算、
(111) (5,6)、(3)、(0,7)の場合、T←2T+Q、T←2T−Pの順に実行される演算、
(112) (5,6)、(3)、(1,2)の場合、T←2T+Q、T←2T−(P−R)の順に実行される演算、
(113) (5,6)、(3)、(3)の場合、T←2T+(Q+R)、T←2T−Pの順に実行される演算、
(114) (5,6)、(3)、(4)の場合、T←2T+(Q−R)、T←2T−Pの順に実行される演算、
(115) (5,6)、(3)、(5,6)の場合、T←2T+Q、T←2T−(P+R)の順に実行される演算、
(116) (5,6)、(4)、(0,7)の場合、T←2T−Q、T←2T−Pの順に実行される演算、
(117) (5,6)、(4)、(1,2)の場合、T←2T−Q、T←2T−(P−R)の順に実行される演算、
(118) (5,6)、(4)、(3)の場合、T←2T−(Q−R)、T←2T−Pの順に実行される演算、
(119) (5,6)、(4)、(4)の場合、T←2T−(Q+R)、T←2T−Pの順に実行される演算、
(120) (5,6)、(4)、(5,6)の場合、T←2T−Q、T←2T−(P+R)の順に実行される演算、
(121) (5,6)、(5,6)、(0,7)の場合、T←2T、T←2T−(P+R)の順に実行される演算、
(122) (5,6)、(5,6)、(1,2)の場合、T←2T、T←2T−(P+Q−R)の順に実行される演算、
(123) (5,6)、(5,6)、(3)の場合、T←2T+R、T←2T−(P+Q)の順に実行される演算、
(124) (5,6)、(5,6)、(4)の場合、T←2T-R、T←2T−(P+Q)の順に実行される演算、
(125) (5,6)、(5,6)、(5,6)の場合、T←2T、T←2T−(P+Q+R)の順に実行される演算、
を定義した手段と、
最初、T=0を記憶手段に初期設定し、以後、前記3組の整数a,b,cから、i=k,k−1,…,2,1,0の順番に、順次、2ビットずつシフトして、A2 i+ 1、B2 i+ 1、C2 i+ 1を選択し、その値に応じて、上記定義された(1)〜(125)の演算の該当する演算を演算手段に指示する制御手段と、
前記制御手段からの指示にもとづき、記憶手段からP,Q,R,Tを入力して、前記指示された演算を実行し、演算結果のTを記憶手段に戻す演算手段と、
を有することを特徴とする楕円積和演算計算装置。Let p be a prime field F p ,
E p : y 2 ≡x 3 + αx + β (mod p), α, β∈F p , 4α 3 + 27β 2 ≠ 0
P, Q, and R are three different points on the elliptic curve E p on the elementary field F p defined by, and three independent integers a, b, c are
a 2 k + 1 + a 2 k + a 2 k -1 ≠ 0, b 2 k + 1 + b 2 k + b 2 k -1 ≠ 0,
c 2 k + 1 + c 2 k + c 2 k −1 ≠ 0
The maximum k is defined such that the elliptic product sum calculation T = aP + bQ + cR
In the elliptic product-sum operation unit for calculating
Storage means for storing parameters P, Q, R, and operation result T;
Storage means for storing three sets of integers a, b, c;
A 2 i + 1 = 4a 2 i + 1 + 2a 2 i + a 2 i- 1, B 2 i + 1 = 4b 2 i + 1 + 2b 2 i + b 2 i- 1, C 2 i + 1 = 4c 2 i + 1 + 2c 2 i + c 2 i- 1 is selected, and the selected values of A 2 i + 1 , B 2 i + 1 , and C 2 i + 1 are
(1) In the case of (0,7), (0,7), (0,7), an operation executed in the order of T ← 2T, T ← 2T,
(2) In the case of (0, 7), (0, 7), (1, 2), an operation executed in the order of T ← 2T, T ← 2T + R,
(3) In the case of (0, 7), (0, 7), (3), an operation executed in the order of T ← 2T + R, T ← 2T,
(4) In the case of (0,7), (0,7), (4), an operation executed in the order of T ← 2T−R, T ← 2T,
(5) In the case of (0, 7), (0, 7), (5, 6), an operation executed in the order of T ← 2T and T ← 2T-R.
(6) In the case of (0,7), (1,2), (0,7), an operation executed in the order of T ← 2T, T ← 2T + Q,
(7) In the case of (0,7), (1,2), (1,2), an operation executed in the order of T ← 2T, T ← 2T + (Q + R),
(8) In the case of (0, 7), (1, 2), (3), an operation executed in the order of T ← 2T + R, T ← 2T + Q,
(9) In the case of (0, 7), (1, 2), (4), an operation executed in the order of T ← 2T−R, T ← 2T + Q,
(10) In the case of (0,7), (1,2), (5,6), an operation executed in the order of T ← 2T, T ← 2T + (Q−R),
(11) In the case of (0,7), (3), (0,7), an operation executed in the order of T ← 2T + Q, T ← 2T,
(12) In the case of (0, 7), (3), (1, 2), an operation executed in the order of T ← 2T + Q, T ← 2T + R,
(13) In the case of (0, 7), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T,
(14) In the case of (0, 7), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T,
(15) In the case of (0, 7), (3), (5, 6), operations executed in the order of T ← 2T + Q, T ← 2T−R,
(16) In the case of (0,7), (4), (0,7), an operation executed in the order of T ← 2T-Q, T ← 2T,
(17) In the case of (0, 7), (4), (1, 2), an operation executed in the order of T ← 2T−Q, T ← 2T + R,
(18) In the case of (0, 7), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T,
(19) In the case of (0, 7), (4), (4), an operation executed in the order of T ← 2T− (Q + R), T ← 2T,
(20) In the case of (0, 7), (4), (5, 6), operations executed in the order of T ← 2T-Q, T ← 2T-R,
(21) In the case of (0,7), (5,6), (0,7), an operation executed in the order of T ← 2T, T ← 2T-Q,
(22) In the case of (0, 7), (5, 6), (1, 2), an operation executed in the order of T ← 2T, T ← 2T− (Q−R),
(23) In the case of (0,7), (5,6), (3), an operation executed in the order of T ← 2T + R and T ← 2TQ,
(24) In the case of (0, 7), (5, 6), (4), an operation executed in the order of T ← 2T−R, T ← 2TQ,
(25) In the case of (0, 7), (5, 6), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (Q + R),
(26) In the case of (1,2), (0,7), (0,7), an operation executed in the order of T ← 2T, T ← 2T + P,
(27) In the case of (1,2), (0,7), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P + R),
(28) In the case of (1,2), (0,7), (3), an operation executed in the order of T ← 2T + R, T ← 2T + P,
(29) In the case of (1,2), (0,7), (4), an operation executed in the order of T ← 2T−R, T ← 2T + P,
(30) In the case of (1,2), (0,7), (5,6), operations executed in the order of T ← 2T, T ← 2T + (PR),
(31) In the case of (1,2), (1,2), (0,7), operations executed in the order of T ← 2T, T ← 2T + (P + Q),
(32) In the case of (1,2), (1,2), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P + Q + R),
(33) In the case of (1,2), (1,2), (3), operations executed in the order of T ← 2T + R, T ← 2T + (P + Q),
(34) In the case of (1,2), (1,2), (4), an operation executed in the order of T ← 2T−R, T ← 2T + (P + Q),
(35) In the case of (1,2), (1,2), (5,6), operations executed in the order of T ← 2T, T ← 2T + (P + Q−R),
(36) In the case of (1,2), (3), (0,7), an operation executed in the order of T ← 2T + Q, T ← 2T + P,
(37) In the case of (1,2), (3), (1,2), operations executed in the order of T ← 2T + Q, T ← 2T + (P + R),
(38) In the case of (1,2), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T + P,
(39) In the case of (1, 2), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T + P,
(40) In the case of (1, 2), (3), (5, 6), an operation executed in the order of T ← 2T + Q, T ← 2T + (PR),
(41) In the case of (1, 2), (4), (0, 7), an operation executed in the order of T ← 2T−Q, T ← 2T + P,
(42) In the case of (1,2), (4), (1,2), operations executed in the order of T ← 2T−Q, T ← 2T + (P + R),
(43) In the case of (1,2), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T + P,
(44) In the case of (1,2), (4), (4), an operation executed in the order of T ← 2T− (Q + R), T ← 2T + P,
(45) In the case of (1, 2), (4), (5, 6), operations executed in the order of T ← 2T−Q, T ← 2T + (PR),
(46) In the case of (1,2), (5,6), (0,7), an operation executed in the order of T ← 2T, T ← 2T + (P−Q),
(47) In the case of (1,2), (5,6), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P−Q + R),
(48) In the case of (1,2), (5,6), (3), an operation executed in the order of T ← 2T + R, T ← 2T + (P−Q),
(49) In the case of (1,2), (5,6), (4), an operation executed in the order of T ← 2T−R, T ← 2T + (P−Q),
(50) In the case of (1,2), (5,6), (5,6), operations executed in the order of T ← 2T, T ← 2T + (PQR),
(51) In the case of (3), (0, 7), (0, 7), an operation executed in the order of T ← 2T + P, T ← 2T,
(52) In the case of (3), (0, 7), (1, 2), an operation executed in the order of T ← 2T + P and T ← 2T + R;
(53) In the case of (3), (0, 7), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T,
(54) In the case of (3), (0, 7), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T,
(55) In the case of (3), (0, 7), (5, 6), operations executed in the order of T ← 2T + P, T ← 2T−R,
(56) In the case of (3), (1,2), (0,7), an operation executed in the order of T ← 2T + P, T ← 2T + Q,
(57) In the case of (3), (1,2), (1,2), operations executed in the order of T ← 2T + P, T ← 2T + (Q + R),
(58) In the case of (3), (1,2), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T + Q,
(59) In the case of (3), (1,2), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T + Q,
(60) In the case of (3), (1,2), (5,6), operations executed in the order of T ← 2T + P, T ← 2T + (Q−R),
(61) In the case of (3), (3), (0, 7), an operation executed in the order of T ← 2T + (P + Q), T ← 2T,
(62) In the case of (3), (3), (1, 2), an operation executed in the order of T ← 2T + (P + Q), T ← 2T + R,
(63) In the case of (3), (3), (3), an operation executed in the order of T ← 2T + (P + Q + R), T ← 2T,
(64) In the case of (3), (3), (4), an operation executed in the order of T ← 2T + (P + Q−R), T ← 2T,
(65) In the case of (3), (3), (5, 6), an operation executed in the order of T ← 2T + (P + Q), T ← 2T−R,
(66) In the case of (3), (4), (0, 7), an operation executed in the order of T ← 2T + (P−Q), T ← 2T,
(67) In the case of (3), (4), (1, 2), an operation executed in the order of T ← 2T + (P−Q), T ← 2T + R,
(68) In the case of (3), (4), (3), an operation executed in the order of T ← 2T + (P−Q + R), T ← 2T,
(69) In the case of (3), (4), (4), an operation executed in the order of T ← 2T + (PQR), T ← 2T,
(70) In the case of (3), (4), (5, 6), an operation executed in the order of T ← 2T + (P−Q) and T ← 2T−R,
(71) In the case of (3), (5, 6), (0, 7), an operation executed in the order of T ← 2T + P, T ← 2T-Q,
(72) In the case of (3), (5, 6), (1, 2), an operation executed in the order of T ← 2T + P, T ← 2T− (Q−R),
(73) In the case of (3), (5, 6), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T−Q,
(74) In the case of (3), (5, 6), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T-Q,
(75) In the case of (3), (5, 6), (5, 6), an operation executed in the order of T ← 2T + P, T ← 2T− (Q + R),
(76) In the case of (4), (0, 7), (0, 7), an operation executed in the order of T ← 2T−P, T ← 2T,
(77) In the case of (4), (0, 7), (1, 2), an operation executed in the order of T ← 2T−P, T ← 2T + R,
(78) In the case of (4), (0, 7), (3), an operation executed in the order of T ← 2T− (PR) and T ← 2T,
(79) In the case of (4), (0, 7), (4), an operation executed in the order of T ← 2T− (P + R), T ← 2T,
(80) In the case of (4), (0, 7), (5, 6), an operation executed in the order of T ← 2T−P, T ← 2T−R,
(81) In the case of (4), (1,2), (0,7), an operation executed in the order of T ← 2T−P and T ← 2T + Q,
(82) In the case of (4), (1,2), (1,2), operations executed in the order of T ← 2T−P, T ← 2T + (Q + R),
(83) In the case of (4), (1,2), (3), an operation executed in the order of T ← 2T− (PR), T ← 2T + Q,
(84) In the case of (4), (1,2), (4), an operation executed in the order of T ← 2T− (P + R), T ← 2T + Q,
(85) In the case of (4), (1,2), (5,6), operations executed in the order of T ← 2T−P, T ← 2T + (Q−R),
(86) In the case of (4), (3), (0, 7), an operation executed in the order of T ← 2T− (PQ) and T ← 2T,
(87) In the case of (4), (3), (1, 2), an operation executed in the order of T ← 2T− (P−Q) and T ← 2T + R;
(88) In the case of (4), (3), (3), an operation executed in the order of T ← 2T− (PQR) and T ← 2T,
(89) In the case of (4), (3), (4), an operation executed in the order of T ← 2T− (P−Q + R) and T ← 2T,
(90) In the case of (4), (3), (5, 6), an operation executed in the order of T ← 2T− (P−Q) and T ← 2T−R;
(91) In the case of (4), (4), (0, 7), an operation executed in the order of T ← 2T− (P + Q), T ← 2T,
(92) In the case of (4), (4), (1, 2), an operation executed in the order of T ← 2T− (P + Q), T ← 2T + R,
(93) In the case of (4), (4), (3), an operation executed in the order of T ← 2T− (P + Q−R), T ← 2T,
(94) In the case of (4), (4), (4), an operation executed in the order of T ← 2T− (P + Q + R), T ← 2T,
(95) In the case of (4), (4), (5, 6), an operation executed in the order of T ← 2T− (P + Q) and T ← 2T−R;
(96) In the case of (4), (5, 6), (0, 7), operations executed in the order of T ← 2T-P, T ← 2T-Q,
(97) In the case of (4), (5, 6), (1, 2), operations executed in the order of T ← 2T−P, T ← 2T− (Q−R),
(98) In the case of (4), (5, 6), (3), an operation executed in the order of T ← 2T− (PR) and T ← 2TQ,
(99) In the case of (4), (5, 6), (4), an operation executed in the order of T ← 2T− (P + R) and T ← 2T−Q,
(100) In the case of (4), (5, 6), (5, 6), an operation executed in the order of T ← 2T−P, T ← 2T− (Q + R),
(101) In the case of (5, 6), (0, 7), (0, 7), operations executed in the order of T ← 2T, T ← 2T-P,
(102) In the case of (5, 6), (0, 7), (1, 2), operations executed in the order of T ← 2T, T ← 2T− (PR),
(103) In the case of (5, 6), (0, 7), (3), operations executed in the order of T ← 2T + R, T ← 2T−P,
(104) In the case of (5, 6), (0, 7), (4), an operation executed in the order of T ← 2T−R, T ← 2T−P,
(105) In the case of (5, 6), (0, 7), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (P + R),
(106) In the case of (5, 6), (1, 2), (0, 7), operations executed in the order of T ← 2T, T ← 2T− (PQ),
(107) In the case of (5, 6), (1, 2), (1, 2), an operation executed in the order of T ← 2T, T ← 2T− (PQR),
(108) In the case of (5, 6), (1, 2), (3), operations executed in the order of T ← 2T + R, T ← 2T− (P−Q),
(109) In the case of (5, 6), (1, 2), (4), an operation executed in the order of T ← 2T−R, T ← 2T− (PQ),
(110) In the case of (5, 6), (1, 2), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (PQ + R),
(111) In the case of (5, 6), (3), (0, 7), operations executed in the order of T ← 2T + Q, T ← 2T−P,
(112) In the case of (5, 6), (3), (1, 2), an operation executed in the order of T ← 2T + Q, T ← 2T− (PR),
(113) In the case of (5, 6), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T−P,
(114) In the case of (5, 6), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T−P,
(115) In the case of (5, 6), (3), (5, 6), operations executed in the order of T ← 2T + Q, T ← 2T− (P + R),
(116) In the case of (5, 6), (4), (0, 7), operations executed in the order of T ← 2T-Q, T ← 2T-P,
(117) In the case of (5, 6), (4), (1, 2), an operation executed in the order of T ← 2T-Q, T ← 2T- (PR),
(118) In the case of (5, 6), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T−P,
(119) In the case of (5, 6), (4), (4), an operation executed in the order of T ← 2T− (Q + R) and T ← 2T−P,
(120) In the case of (5, 6), (4), (5, 6), operations executed in the order of T ← 2T−Q, T ← 2T− (P + R),
(121) In the case of (5, 6), (5, 6), (0, 7), operations executed in the order of T ← 2T, T ← 2T− (P + R),
(122) In the case of (5, 6), (5, 6), (1, 2), operations executed in the order of T ← 2T, T ← 2T− (P + Q−R),
(123) In the case of (5, 6), (5, 6), (3), an operation executed in the order of T ← 2T + R, T ← 2T− (P + Q),
(124) In the case of (5, 6), (5, 6), (4), operations executed in the order of T ← 2T−R, T ← 2T− (P + Q),
(125) In the case of (5, 6), (5, 6), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (P + Q + R),
Means to define
Initially, T = 0 is initially set in the storage means, and thereafter, from the three sets of integers a, b, c, i = k, k−1,... Shift A by 1 and select A 2 i + 1 , B 2 i + 1 , C 2 i + 1 , and depending on the value, the corresponding calculation of the above-defined calculations (1) to (125) is used as the calculation means. Control means to direct;
Based on instructions from the control means, P, Q, R, T are inputted from the storage means, the designated computation is executed, and T of the computation result is returned to the storage means;
An elliptic product-sum calculation and calculation device characterized by comprising:
Ep:y2≡x3+αx+β(mod p),α,β∈Fp,4α3+27β2≠0
で定義される素体Fp上の楕円曲線Ep上の相異なる3点をP,Q,Rとし、互いに独立な3組の整数a,b,cを、
a2 k+ 1+a2 k+a2 k -1≠0,b2 k+ 1+b2 k+b2 k -1≠0,
c2 k+ 1+c2 k+c2 k -1≠0
となるような最大のkを定義して、楕円積和演算計算
T=aP+bQ+cR
を、制御回路、記憶回路及び演算回路を含むコンピュータにより自動的に計算するためのプログラムであって、
制御回路が、最初、パラメータP,Q,R、及び、演算結果Tの初期値としてT=0を記憶回路に格納し、以後、3組の整数a,b,cから、i=k,k−1,…,2,1,0の順番に、順次、2ビットずつシフトして、
A2 i+ 1=4a2 i+ 1+2a2 i+a2 i− 1、B2 i+ 1=4b2 i+ 1+2b2 i+b2 i− 1、C2 i+ 1=4c2 i+ 1+2c2 i+c2 i− 1を選択し、前記選択したA2 i+ 1、B2 i+ 1、C2 i+ 1の値が、
(1) (0,7)、(0,7)、(0,7)の場合、T←2T、T←2Tの順に実行される演算、
(2) (0,7)、(0,7)、(1,2)の場合、T←2T、T←2T+Rの順に実行される演算、
(3) (0,7)、(0,7)、(3)の場合、T←2T+R、T←2Tの順に実行される演算、
(4) (0,7)、(0,7)、(4)の場合、T←2T−R、T←2Tの順に実行される演算、
(5) (0,7)、(0,7)、(5,6)の場合、T←2T、T←2T−Rの順に実行される演算、
(6) (0,7)、(1,2)、(0,7)の場合、T←2T、T←2T+Qの順に実行される演算、
(7) (0,7)、(1,2)、(1,2)の場合、T←2T、T←2T+(Q+R)の順に実行される演算、
(8) (0,7)、(1,2)、(3)の場合、T←2T+R、T←2T+Qの順に実行される演算、
(9) (0,7)、(1,2)、(4)の場合、T←2T−R、T←2T+Qの順に実行される演算、
(10) (0,7)、(1,2)、(5,6)の場合、T←2T、T←2T+(Q−R)の順に実行される演算、
(11) (0,7)、(3)、(0,7)の場合、T←2T+Q、T←2Tの順に実行される演算、
(12) (0,7)、(3)、(1,2)の場合、T←2T+Q、T←2T+Rの順に実行される演算、
(13) (0,7)、(3)、(3)の場合、T←2T+(Q+R)、T←2Tの順に実行される演算、
(14) (0,7)、(3)、(4)の場合、T←2T+(Q−R)、T←2Tの順に実行される演算、
(15) (0,7)、(3)、(5,6)の場合、T←2T+Q、T←2T−Rの順に実行される演算、
(16) (0,7)、(4)、(0,7)の場合、T←2T−Q、T←2Tの順に実行される演算、
(17) (0,7)、(4)、(1,2)の場合、T←2T−Q、T←2T+Rの順に実行される演算、
(18) (0,7)、(4)、(3)の場合、T←2T−(Q−R)、T←2Tの順に実行される演算、
(19) (0,7)、(4)、(4)の場合、T←2T−(Q+R)、T←2Tの順に実行される演算、
(20) (0,7)、(4)、(5,6)の場合、T←2T−Q、T←2T−Rの順に実行される演算、
(21) (0,7)、(5,6)、(0,7)の場合、T←2T、T←2T−Qの順に実行される演算、
(22) (0,7)、(5,6)、(1,2)の場合、T←2T、T←2T−(Q−R)の順に実行される演算、
(23) (0,7)、(5,6)、(3)の場合、T←2T+R、T←2T−Qの順に実行される演算、
(24) (0,7)、(5,6)、(4)の場合、T←2T−R、T←2T−Qの順に実行される演算、
(25) (0,7)、(5,6)、(5,6)の場合、T←2T、T←2T−(Q+R)の順に実行される演算、
(26) (1,2)、(0,7)、(0,7)の場合、T←2T、T←2T+Pの順に実行される演算、
(27) (1,2)、(0,7)、(1,2)の場合、T←2T、T←2T+(P+R)の順に実行される演算、
(28) (1,2)、(0,7)、(3)の場合、T←2T+R、T←2T+Pの順に実行される演算、
(29) (1,2)、(0,7)、(4)の場合、T←2T−R、T←2T+Pの順に実行される演算、
(30) (1,2)、(0,7)、(5,6)の場合、T←2T、T←2T+(P−R)の順に実行される演算、
(31) (1,2)、(1,2)、(0,7)の場合、T←2T、T←2T+(P+Q)の順に実行される演算、
(32) (1,2)、(1,2)、(1,2)の場合、T←2T、T←2T+(P+Q+R)の順に実行される演算、
(33) (1,2)、(1,2)、(3)の場合、T←2T+R、T←2T+(P+Q)の順に実行される演算、
(34) (1,2)、(1,2)、(4)の場合、T←2T−R、T←2T+(P+Q)の順に実行される演算、
(35) (1,2)、(1,2)、(5,6)の場合、T←2T、T←2T+(P+Q−R)の順に実行される演算、
(36) (1,2)、(3)、(0,7)の場合、T←2T+Q、T←2T+Pの順に実行される演算、
(37) (1,2)、(3)、(1,2)の場合、T←2T+Q、T←2T+(P+R)の順に実行される演算、
(38) (1,2)、(3)、(3)の場合、T←2T+(Q+R)、T←2T+Pの順に実行される演算、
(39) (1,2)、(3)、(4)の場合、T←2T+(Q−R)、T←2T+Pの順に実行される演算、
(40) (1,2)、(3)、(5,6)の場合、T←2T+Q、T←2T+(P−R)の順に実行される演算、
(41) (1,2)、(4)、(0,7)の場合、T←2T−Q、T←2T+Pの順に実行される演算、
(42) (1,2)、(4)、(1,2)の場合、T←2T−Q、T←2T+(P+R)の順に実行される演算、
(43) (1,2)、(4)、(3)の場合、T←2T−(Q−R)、T←2T+Pの順に実行される演算、
(44) (1,2)、(4)、(4)の場合、T←2T−(Q+R)、T←2T+Pの順に実行される演算、
(45) (1,2)、(4)、(5,6)の場合、T←2T−Q、T←2T+(P-R)の順に実行される演算、
(46) (1,2)、(5,6)、(0,7)の場合、T←2T、T←2T+(P−Q)の順に実行される演算、
(47) (1,2)、(5,6)、(1,2)の場合、T←2T、T←2T+(P−Q+R)の順に実行される演算、
(48) (1,2)、(5,6)、(3)の場合、T←2T+R、T←2T+(P−Q)の順に実行される演算、
(49) (1,2)、(5,6)、(4)の場合、T←2T−R、T←2T+(P−Q)の順に実行される演算、
(50) (1,2)、(5,6)、(5,6)の場合、T←2T、T←2T+(P−Q−R)の順に実行される演算、
(51) (3)、(0,7)、(0,7)の場合、T←2T+P、T←2Tの順に実行される演算、
(52) (3)、(0,7)、(1,2)の場合、T←2T+P、T←2T+Rの順に実行される演算、
(53) (3)、(0,7)、(3)の場合、T←2T+(P+R)、T←2Tの順に実行される演算、
(54) (3)、(0,7)、(4)の場合、T←2T+(P−R)、T←2Tの順に実行される演算、
(55) (3)、(0,7)、(5,6)の場合、T←2T+P、T←2T−Rの順に実行される演算、
(56) (3)、(1,2)、(0,7)の場合、T←2T+P、T←2T+Qの順に実行される演算、
(57) (3)、(1,2)、(1,2)の場合、T←2T+P、T←2T+(Q+R)の順に実行される演算、
(58) (3)、(1,2)、(3)の場合、T←2T+(P+R)、T←2T+Qの順に実行される演算、
(59) (3)、(1,2)、(4)の場合、T←2T+(P−R)、T←2T+Qの順に実行される演算、
(60) (3)、(1,2)、(5,6)の場合、T←2T+P、T←2T+(Q−R)の順に実行される演算、
(61) (3)、(3)、(0,7)の場合、T←2T+(P+Q)、T←2Tの順に実行される演算、
(62) (3)、(3)、(1,2)の場合、T←2T+(P+Q)、T←2T+Rの順に実行される演算、
(63) (3)、(3)、(3)の場合、T←2T+(P+Q+R)、T←2Tの順に実行される演算、
(64) (3)、(3)、(4)の場合、T←2T+(P+Q−R)、T←2Tの順に実行される演算、
(65) (3)、(3)、(5,6)の場合、T←2T+(P+Q)、T←2T−Rの順に実行される演算、
(66) (3)、(4)、(0,7)の場合、T←2T+(P−Q)、T←2Tの順に実行される演算、
(67) (3)、(4)、(1,2)の場合、T←2T+(P−Q)、T←2T+Rの順に実行される演算、
(68) (3)、(4)、(3)の場合、T←2T+(P−Q+R)、T←2Tの順に実行される演算、
(69) (3)、(4)、(4)の場合、T←2T+(P−Q−R)、T←2Tの順に実行される演算、
(70) (3)、(4)、(5,6)の場合、T←2T+(P−Q)、T←2T−Rの順に実行される演算、
(71) (3)、(5,6)、(0,7)の場合、T←2T+P、T←2T−Qの順に実行される演算、
(72) (3)、(5,6)、(1,2)の場合、T←2T+P、T←2T−(Q−R)の順に実行される演算、
(73) (3)、(5,6)、(3)の場合、T←2T+(P+R)、T←2T−Qの順に実行される演算、
(74) (3)、(5,6)、(4)の場合、T←2T+(P−R)、T←2T−Qの順に実行される演算、
(75) (3)、(5,6)、(5,6)の場合、T←2T+P、T←2T−(Q+R)の順に実行される演算、
(76) (4)、(0,7)、(0,7)の場合、T←2T−P、T←2Tの順に実行される演算、
(77) (4)、(0,7)、(1,2)の場合、T←2T−P、T←2T+Rの順に実行される演算、
(78) (4)、(0,7)、(3)の場合、T←2T−(P−R)、T←2Tの順に実行される演算、
(79) (4)、(0,7)、(4)の場合、T←2T−(P+R)、T←2Tの順に実行される演算、
(80) (4)、(0,7)、(5,6)の場合、T←2T−P、T←2T−Rの順に実行される演算、
(81) (4)、(1,2)、(0,7)の場合、T←2T−P、T←2T+Qの順に実行される演算、
(82) (4)、(1,2)、(1,2)の場合、T←2T−P、T←2T+(Q+R)の順に実行される演算、
(83) (4)、(1,2)、(3)の場合、T←2T−(P−R)、T←2T+Qの順に実行される演算、
(84) (4)、(1,2)、(4)の場合、T←2T−(P+R)、T←2T+Qの順に実行される演算、
(85) (4)、(1,2)、(5,6)の場合、T←2T−P、T←2T+(Q−R)の順に実行される演算、
(86) (4)、(3)、(0,7)の場合、T←2T−(P−Q)、T←2Tの順に実行される演算、
(87) (4)、(3)、(1,2)の場合、T←2T−(P−Q)、T←2T+Rの順に実行される演算、
(88) (4)、(3)、(3)の場合、T←2T−(P−Q−R)、T←2Tの順に実行される演算、
(89) (4)、(3)、(4)の場合、T←2T−(P−Q+R)、T←2Tの順に実行される演算、
(90) (4)、(3)、(5,6)の場合、T←2T−(P−Q)、T←2T−Rの順に実行される演算、
(91) (4)、(4)、(0,7)の場合、T←2T−(P+Q)、T←2Tの順に実行される演算、
(92) (4)、(4)、(1,2)の場合、T←2T−(P+Q)、T←2T+Rの順に実行される演算、
(93) (4)、(4)、(3)の場合、T←2T−(P+Q−R)、T←2Tの順に実行される演算、
(94) (4)、(4)、(4)の場合、T←2T−(P+Q+R)、T←2Tの順に実行される演算、
(95) (4)、(4)、(5,6)の場合、T←2T−(P+Q)、T←2T−Rの順に実行される演算、
(96) (4)、(5,6)、(0,7)の場合、T←2T−P、T←2T−Qの順に実行される演算、
(97) (4)、(5,6)、(1,2)の場合、T←2T−P、T←2T−(Q−R)の順に実行される演算、
(98) (4)、(5,6)、(3)の場合、T←2T−(P−R)、T←2T−Qの順に実行される演算、
(99) (4)、(5,6)、(4)の場合、T←2T−(P+R)、T←2T−Qの順に実行される演算、
(100) (4)、(5,6)、(5,6)の場合、T←2T−P、T←2T−(Q+R)の順に実行される演算、
(101) (5,6)、(0,7)、(0,7)の場合、T←2T、T←2T−Pの順に実行される演算、
(102) (5,6)、(0,7)、(1,2)の場合、T←2T、T←2T−(P−R)の順に実行される演算、
(103) (5,6)、(0,7)、(3)の場合、T←2T+R、T←2T−Pの順に実行される演算、
(104) (5,6)、(0,7)、(4)の場合、T←2T−R、T←2T−Pの順に実行される演算、
(105) (5,6)、(0,7)、(5,6)の場合、T←2T、T←2T−(P+R)の順に実行される演算、
(106) (5,6)、(1,2)、(0,7)の場合、T←2T、T←2T−(P−Q)の順に実行される演算、
(107) (5,6)、(1,2)、(1,2 )の場合、T←2T、T←2T−(P−Q−R)の順に実行される演算、
(108) (5,6)、(1,2)、(3)の場合、T←2T+R、T←2T−(P−Q)の順に実行される演算、
(109) (5,6)、(1,2)、(4)の場合、T←2T−R、T←2T−(P−Q)の順に実行される演算、
(110) (5,6)、(1,2)、(5,6)の場合、T←2T、T←2T−(P−Q+R)の順に実行される演算、
(111) (5,6)、(3)、(0,7)の場合、T←2T+Q、T←2T−Pの順に実行される演算、
(112) (5,6)、(3)、(1,2)の場合、T←2T+Q、T←2T−(P−R)の順に実行される演算、
(113) (5,6)、(3)、(3)の場合、T←2T+(Q+R)、T←2T−Pの順に実行される演算、
(114) (5,6)、(3)、(4)の場合、T←2T+(Q−R)、T←2T−Pの順に実行される演算、
(115) (5,6)、(3)、(5,6)の場合、T←2T+Q、T←2T−(P+R)の順に実行される演算、
(116) (5,6)、(4)、(0,7)の場合、T←2T−Q、T←2T−Pの順に実行される演算、
(117) (5,6)、(4)、(1,2)の場合、T←2T−Q、T←2T−(P−R)の順に実行される演算、
(118) (5,6)、(4)、(3)の場合、T←2T−(Q−R)、T←2T−Pの順に実行される演算、
(119) (5,6)、(4)、(4)の場合、T←2T−(Q+R)、T←2T−Pの順に実行される演算、
(120) (5,6)、(4)、(5,6)の場合、T←2T−Q、T←2T−(P+R)の順に実行される演算、
(121) (5,6)、(5,6)、(0,7)の場合、T←2T、T←2T−(P+R)の順に実行される演算、
(122) (5,6)、(5,6)、(1,2)の場合、T←2T、T←2T−(P+Q−R)の順に実行される演算、
(123) (5,6)、(5,6)、(3)の場合、T←2T+R、T←2T−(P+Q)の順に実行される演算、
(124) (5,6)、(5,6)、(4)の場合、T←2T-R、T←2T−(P+Q)の順に実行される演算、
(125) (5,6)、(5,6)、(5,6)の場合、T←2T、T←2T−(P+Q+R)の順に実行される演算、
のいずれかの演算を演算回路に指示する処理プロセス、
演算回路が、前記制御回路からの指示にもとづき、順次、記憶回路からP,Q,R,Tを入力して、前記指示された演算を実行し、演算結果のTを記憶回路に戻す処理プロセス、
をコンピュータが実行するためのプログラム。Let p be a prime field F p ,
E p : y 2 ≡x 3 + αx + β (mod p), α, β∈F p , 4α 3 + 27β 2 ≠ 0
Three different points on the elliptic curve Ep on the prime field Fp defined by P, Q, and R, and three sets of integers a, b, and c independent of each other,
a 2 k + 1 + a 2 k + a 2 k -1 ≠ 0, b 2 k + 1 + b 2 k + b 2 k -1 ≠ 0,
c 2 k + 1 + c 2 k + c 2 k −1 ≠ 0
The maximum k is defined such that the elliptic product sum calculation T = aP + bQ + cR
Is a program for automatically calculating by a computer including a control circuit, a storage circuit and an arithmetic circuit,
The control circuit first stores T = 0 in the storage circuit as the initial value of the parameters P, Q, R and the calculation result T, and thereafter, from three sets of integers a, b, c, i = k, k In the order of -1, ..., 2,1,0, sequentially shift by 2 bits,
A 2 i + 1 = 4a 2 i + 1 + 2a 2 i + a 2 i- 1, B 2 i + 1 = 4b 2 i + 1 + 2b 2 i + b 2 i- 1, C 2 i + 1 = 4c 2 i + 1 + 2c 2 i + c 2 i- 1 is selected, and the selected values of A 2 i + 1 , B 2 i + 1 , and C 2 i + 1 are
(1) In the case of (0,7), (0,7), (0,7), an operation executed in the order of T ← 2T, T ← 2T,
(2) In the case of (0, 7), (0, 7), (1, 2), an operation executed in the order of T ← 2T, T ← 2T + R,
(3) In the case of (0, 7), (0, 7), (3), an operation executed in the order of T ← 2T + R, T ← 2T,
(4) In the case of (0,7), (0,7), (4), an operation executed in the order of T ← 2T−R, T ← 2T,
(5) In the case of (0, 7), (0, 7), (5, 6), an operation executed in the order of T ← 2T and T ← 2T-R.
(6) In the case of (0,7), (1,2), (0,7), an operation executed in the order of T ← 2T, T ← 2T + Q,
(7) In the case of (0,7), (1,2), (1,2), an operation executed in the order of T ← 2T, T ← 2T + (Q + R),
(8) In the case of (0, 7), (1, 2), (3), an operation executed in the order of T ← 2T + R, T ← 2T + Q,
(9) In the case of (0, 7), (1, 2), (4), an operation executed in the order of T ← 2T−R, T ← 2T + Q,
(10) In the case of (0,7), (1,2), (5,6), an operation executed in the order of T ← 2T, T ← 2T + (Q−R),
(11) In the case of (0,7), (3), (0,7), an operation executed in the order of T ← 2T + Q, T ← 2T,
(12) In the case of (0, 7), (3), (1, 2), an operation executed in the order of T ← 2T + Q, T ← 2T + R,
(13) In the case of (0, 7), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T,
(14) In the case of (0, 7), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T,
(15) In the case of (0, 7), (3), (5, 6), operations executed in the order of T ← 2T + Q, T ← 2T−R,
(16) In the case of (0,7), (4), (0,7), an operation executed in the order of T ← 2T-Q, T ← 2T,
(17) In the case of (0, 7), (4), (1, 2), an operation executed in the order of T ← 2T−Q, T ← 2T + R,
(18) In the case of (0, 7), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T,
(19) In the case of (0, 7), (4), (4), an operation executed in the order of T ← 2T− (Q + R), T ← 2T,
(20) In the case of (0, 7), (4), (5, 6), operations executed in the order of T ← 2T-Q, T ← 2T-R,
(21) In the case of (0,7), (5,6), (0,7), an operation executed in the order of T ← 2T, T ← 2T-Q,
(22) In the case of (0, 7), (5, 6), (1, 2), an operation executed in the order of T ← 2T, T ← 2T− (Q−R),
(23) In the case of (0,7), (5,6), (3), an operation executed in the order of T ← 2T + R and T ← 2TQ,
(24) In the case of (0, 7), (5, 6), (4), an operation executed in the order of T ← 2T−R, T ← 2TQ,
(25) In the case of (0, 7), (5, 6), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (Q + R),
(26) In the case of (1,2), (0,7), (0,7), an operation executed in the order of T ← 2T, T ← 2T + P,
(27) In the case of (1,2), (0,7), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P + R),
(28) In the case of (1,2), (0,7), (3), an operation executed in the order of T ← 2T + R, T ← 2T + P,
(29) In the case of (1,2), (0,7), (4), an operation executed in the order of T ← 2T−R, T ← 2T + P,
(30) In the case of (1,2), (0,7), (5,6), operations executed in the order of T ← 2T, T ← 2T + (PR),
(31) In the case of (1,2), (1,2), (0,7), operations executed in the order of T ← 2T, T ← 2T + (P + Q),
(32) In the case of (1,2), (1,2), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P + Q + R),
(33) In the case of (1,2), (1,2), (3), operations executed in the order of T ← 2T + R, T ← 2T + (P + Q),
(34) In the case of (1,2), (1,2), (4), an operation executed in the order of T ← 2T−R, T ← 2T + (P + Q),
(35) In the case of (1,2), (1,2), (5,6), operations executed in the order of T ← 2T, T ← 2T + (P + Q−R),
(36) In the case of (1,2), (3), (0,7), an operation executed in the order of T ← 2T + Q, T ← 2T + P,
(37) In the case of (1,2), (3), (1,2), operations executed in the order of T ← 2T + Q, T ← 2T + (P + R),
(38) In the case of (1,2), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T + P,
(39) In the case of (1, 2), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T + P,
(40) In the case of (1, 2), (3), (5, 6), an operation executed in the order of T ← 2T + Q, T ← 2T + (PR),
(41) In the case of (1, 2), (4), (0, 7), an operation executed in the order of T ← 2T−Q, T ← 2T + P,
(42) In the case of (1,2), (4), (1,2), operations executed in the order of T ← 2T−Q, T ← 2T + (P + R),
(43) In the case of (1,2), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T + P,
(44) In the case of (1,2), (4), (4), an operation executed in the order of T ← 2T− (Q + R), T ← 2T + P,
(45) In the case of (1, 2), (4), (5, 6), operations executed in the order of T ← 2T−Q, T ← 2T + (PR),
(46) In the case of (1,2), (5,6), (0,7), an operation executed in the order of T ← 2T, T ← 2T + (P−Q),
(47) In the case of (1,2), (5,6), (1,2), operations executed in the order of T ← 2T, T ← 2T + (P−Q + R),
(48) In the case of (1,2), (5,6), (3), an operation executed in the order of T ← 2T + R, T ← 2T + (P−Q),
(49) In the case of (1,2), (5,6), (4), an operation executed in the order of T ← 2T−R, T ← 2T + (P−Q),
(50) In the case of (1,2), (5,6), (5,6), operations executed in the order of T ← 2T, T ← 2T + (PQR),
(51) In the case of (3), (0, 7), (0, 7), an operation executed in the order of T ← 2T + P, T ← 2T,
(52) In the case of (3), (0, 7), (1, 2), an operation executed in the order of T ← 2T + P and T ← 2T + R;
(53) In the case of (3), (0, 7), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T,
(54) In the case of (3), (0, 7), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T,
(55) In the case of (3), (0, 7), (5, 6), operations executed in the order of T ← 2T + P, T ← 2T−R,
(56) In the case of (3), (1,2), (0,7), an operation executed in the order of T ← 2T + P, T ← 2T + Q,
(57) In the case of (3), (1,2), (1,2), operations executed in the order of T ← 2T + P, T ← 2T + (Q + R),
(58) In the case of (3), (1,2), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T + Q,
(59) In the case of (3), (1,2), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T + Q,
(60) In the case of (3), (1,2), (5,6), operations executed in the order of T ← 2T + P, T ← 2T + (Q−R),
(61) In the case of (3), (3), (0, 7), an operation executed in the order of T ← 2T + (P + Q), T ← 2T,
(62) In the case of (3), (3), (1, 2), an operation executed in the order of T ← 2T + (P + Q), T ← 2T + R,
(63) In the case of (3), (3), (3), an operation executed in the order of T ← 2T + (P + Q + R), T ← 2T,
(64) In the case of (3), (3), (4), an operation executed in the order of T ← 2T + (P + Q−R), T ← 2T,
(65) In the case of (3), (3), (5, 6), an operation executed in the order of T ← 2T + (P + Q), T ← 2T−R,
(66) In the case of (3), (4), (0, 7), an operation executed in the order of T ← 2T + (P−Q), T ← 2T,
(67) In the case of (3), (4), (1, 2), an operation executed in the order of T ← 2T + (P−Q), T ← 2T + R,
(68) In the case of (3), (4), (3), an operation executed in the order of T ← 2T + (P−Q + R), T ← 2T,
(69) In the case of (3), (4), (4), an operation executed in the order of T ← 2T + (PQR), T ← 2T,
(70) In the case of (3), (4), (5, 6), an operation executed in the order of T ← 2T + (P−Q) and T ← 2T−R,
(71) In the case of (3), (5, 6), (0, 7), an operation executed in the order of T ← 2T + P, T ← 2T-Q,
(72) In the case of (3), (5, 6), (1, 2), an operation executed in the order of T ← 2T + P, T ← 2T− (Q−R),
(73) In the case of (3), (5, 6), (3), an operation executed in the order of T ← 2T + (P + R), T ← 2T−Q,
(74) In the case of (3), (5, 6), (4), an operation executed in the order of T ← 2T + (PR), T ← 2T-Q,
(75) In the case of (3), (5, 6), (5, 6), an operation executed in the order of T ← 2T + P, T ← 2T− (Q + R),
(76) In the case of (4), (0, 7), (0, 7), an operation executed in the order of T ← 2T−P, T ← 2T,
(77) In the case of (4), (0, 7), (1, 2), an operation executed in the order of T ← 2T−P, T ← 2T + R,
(78) In the case of (4), (0, 7), (3), an operation executed in the order of T ← 2T− (PR) and T ← 2T,
(79) In the case of (4), (0, 7), (4), an operation executed in the order of T ← 2T− (P + R), T ← 2T,
(80) In the case of (4), (0, 7), (5, 6), an operation executed in the order of T ← 2T−P, T ← 2T−R,
(81) In the case of (4), (1,2), (0,7), an operation executed in the order of T ← 2T−P and T ← 2T + Q,
(82) In the case of (4), (1,2), (1,2), operations executed in the order of T ← 2T−P, T ← 2T + (Q + R),
(83) In the case of (4), (1,2), (3), an operation executed in the order of T ← 2T− (PR), T ← 2T + Q,
(84) In the case of (4), (1,2), (4), an operation executed in the order of T ← 2T− (P + R), T ← 2T + Q,
(85) In the case of (4), (1,2), (5,6), operations executed in the order of T ← 2T−P, T ← 2T + (Q−R),
(86) In the case of (4), (3), (0, 7), an operation executed in the order of T ← 2T− (PQ) and T ← 2T,
(87) In the case of (4), (3), (1, 2), an operation executed in the order of T ← 2T− (P−Q) and T ← 2T + R;
(88) In the case of (4), (3), (3), an operation executed in the order of T ← 2T− (PQR) and T ← 2T,
(89) In the case of (4), (3), (4), an operation executed in the order of T ← 2T− (P−Q + R) and T ← 2T,
(90) In the case of (4), (3), (5, 6), an operation executed in the order of T ← 2T− (P−Q) and T ← 2T−R;
(91) In the case of (4), (4), (0, 7), an operation executed in the order of T ← 2T− (P + Q), T ← 2T,
(92) In the case of (4), (4), (1, 2), an operation executed in the order of T ← 2T− (P + Q), T ← 2T + R,
(93) In the case of (4), (4), (3), an operation executed in the order of T ← 2T− (P + Q−R), T ← 2T,
(94) In the case of (4), (4), (4), an operation executed in the order of T ← 2T− (P + Q + R), T ← 2T,
(95) In the case of (4), (4), (5, 6), an operation executed in the order of T ← 2T− (P + Q) and T ← 2T−R;
(96) In the case of (4), (5, 6), (0, 7), operations executed in the order of T ← 2T-P, T ← 2T-Q,
(97) In the case of (4), (5, 6), (1, 2), operations executed in the order of T ← 2T−P, T ← 2T− (Q−R),
(98) In the case of (4), (5, 6), (3), an operation executed in the order of T ← 2T− (PR) and T ← 2TQ,
(99) In the case of (4), (5, 6), (4), an operation executed in the order of T ← 2T− (P + R) and T ← 2T−Q,
(100) In the case of (4), (5, 6), (5, 6), an operation executed in the order of T ← 2T−P, T ← 2T− (Q + R),
(101) In the case of (5, 6), (0, 7), (0, 7), operations executed in the order of T ← 2T, T ← 2T-P,
(102) In the case of (5, 6), (0, 7), (1, 2), operations executed in the order of T ← 2T, T ← 2T− (PR),
(103) In the case of (5, 6), (0, 7), (3), operations executed in the order of T ← 2T + R, T ← 2T−P,
(104) In the case of (5, 6), (0, 7), (4), an operation executed in the order of T ← 2T−R, T ← 2T−P,
(105) In the case of (5, 6), (0, 7), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (P + R),
(106) In the case of (5, 6), (1, 2), (0, 7), operations executed in the order of T ← 2T, T ← 2T− (PQ),
(107) In the case of (5, 6), (1, 2), (1, 2), an operation executed in the order of T ← 2T, T ← 2T− (PQR),
(108) In the case of (5, 6), (1, 2), (3), operations executed in the order of T ← 2T + R, T ← 2T− (P−Q),
(109) In the case of (5, 6), (1, 2), (4), an operation executed in the order of T ← 2T−R, T ← 2T− (PQ),
(110) In the case of (5, 6), (1, 2), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (PQ + R),
(111) In the case of (5, 6), (3), (0, 7), operations executed in the order of T ← 2T + Q, T ← 2T−P,
(112) In the case of (5, 6), (3), (1, 2), an operation executed in the order of T ← 2T + Q, T ← 2T− (PR),
(113) In the case of (5, 6), (3), (3), an operation executed in the order of T ← 2T + (Q + R), T ← 2T−P,
(114) In the case of (5, 6), (3), (4), an operation executed in the order of T ← 2T + (Q−R), T ← 2T−P,
(115) In the case of (5, 6), (3), (5, 6), operations executed in the order of T ← 2T + Q, T ← 2T− (P + R),
(116) In the case of (5, 6), (4), (0, 7), operations executed in the order of T ← 2T-Q, T ← 2T-P,
(117) In the case of (5, 6), (4), (1, 2), an operation executed in the order of T ← 2T-Q, T ← 2T- (PR),
(118) In the case of (5, 6), (4), (3), an operation executed in the order of T ← 2T− (Q−R) and T ← 2T−P,
(119) In the case of (5, 6), (4), (4), an operation executed in the order of T ← 2T− (Q + R) and T ← 2T−P,
(120) In the case of (5, 6), (4), (5, 6), operations executed in the order of T ← 2T−Q, T ← 2T− (P + R),
(121) In the case of (5, 6), (5, 6), (0, 7), operations executed in the order of T ← 2T, T ← 2T− (P + R),
(122) In the case of (5, 6), (5, 6), (1, 2), operations executed in the order of T ← 2T, T ← 2T− (P + Q−R),
(123) In the case of (5, 6), (5, 6), (3), an operation executed in the order of T ← 2T + R, T ← 2T− (P + Q),
(124) In the case of (5, 6), (5, 6), (4), operations executed in the order of T ← 2T−R, T ← 2T− (P + Q),
(125) In the case of (5, 6), (5, 6), (5, 6), operations executed in the order of T ← 2T, T ← 2T− (P + Q + R),
A process for instructing the arithmetic circuit to perform any of the operations
A processing process in which the arithmetic circuit sequentially inputs P, Q, R, and T from the storage circuit based on an instruction from the control circuit, executes the instructed arithmetic operation, and returns T of the arithmetic result to the storage circuit. ,
A program for a computer to execute.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2003020546A JP4341889B2 (en) | 2003-01-29 | 2003-01-29 | Elliptical product-sum operation calculation method, elliptic product-sum operation calculation device, program, and recording medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2003020546A JP4341889B2 (en) | 2003-01-29 | 2003-01-29 | Elliptical product-sum operation calculation method, elliptic product-sum operation calculation device, program, and recording medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JP2004233530A JP2004233530A (en) | 2004-08-19 |
| JP4341889B2 true JP4341889B2 (en) | 2009-10-14 |
Family
ID=32950156
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2003020546A Expired - Fee Related JP4341889B2 (en) | 2003-01-29 | 2003-01-29 | Elliptical product-sum operation calculation method, elliptic product-sum operation calculation device, program, and recording medium |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP4341889B2 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8530379B2 (en) | 2009-09-14 | 2013-09-10 | Ricoh Company, Ltd. | Thermosensitive recording material and production method thereof |
-
2003
- 2003-01-29 JP JP2003020546A patent/JP4341889B2/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8530379B2 (en) | 2009-09-14 | 2013-09-10 | Ricoh Company, Ltd. | Thermosensitive recording material and production method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2004233530A (en) | 2004-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7254600B2 (en) | Masking of factorized data in a residue number system | |
| US7603558B2 (en) | Montgomery transform device, arithmetic device, IC card, encryption device, decryption device and program | |
| Öztürk et al. | Low-power elliptic curve cryptography using scaled modular arithmetic | |
| JP2011134346A (en) | Arithmetic processor | |
| JP2002229445A (en) | Modulator exponent device | |
| CN101371285A (en) | Encryption processing device, encryption processing method, and computer program | |
| US7046800B1 (en) | Scalable methods and apparatus for Montgomery multiplication | |
| Farzam et al. | Implementation of supersingular isogeny-based Diffie-Hellman and key encapsulation using an efficient scheduling | |
| JP5553773B2 (en) | Apparatus and method for calculating scalar multiple of points on elliptic curve | |
| US11502836B2 (en) | Method for performing cryptographic operations on data in a processing device, corresponding processing device and computer program product | |
| JP2004258141A (en) | Arithmetic unit for multiple length arithmetic of montgomery multiplication residues | |
| JP5147085B2 (en) | Calculation method and calculation device | |
| US20100061547A1 (en) | Method of and apparatus for the reduction of a polynomial in a binary finite field, in particular in the context of a cryptographic application | |
| JP4341889B2 (en) | Elliptical product-sum operation calculation method, elliptic product-sum operation calculation device, program, and recording medium | |
| US7016927B2 (en) | Method and apparatus for modular multiplication | |
| Anagreh et al. | Accelerate Performance for Elliptic Curve Scalar Multiplication based on NAF by Parallel Computing. | |
| JP3904421B2 (en) | Remainder multiplication arithmetic unit | |
| KR20170113268A (en) | Non-modular multiplier, method for non-modular multiplication and computational device | |
| JP2004166274A (en) | Method and apparatus for basis conversion in finite field | |
| JP3460798B2 (en) | Elliptic product-sum calculation method, elliptic-product-sum calculation device, and recording medium storing elliptic-product-sum calculation program | |
| KR100297110B1 (en) | Modular multiplier | |
| JP3779479B2 (en) | IC card | |
| Monfared et al. | Secure and efficient exponentiation architectures using Gaussian normal basis | |
| JP2010008883A (en) | Arithmetic device for cipher, arithmetic method for cipher, and program | |
| JP2004226516A (en) | Power remainder computing method and program for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20060127 |
|
| TRDD | Decision of grant or rejection written | ||
| A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20090701 |
|
| A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
| A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20090703 |
|
| FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20120717 Year of fee payment: 3 |
|
| FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20120717 Year of fee payment: 3 |
|
| FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20130717 Year of fee payment: 4 |
|
| S531 | Written request for registration of change of domicile |
Free format text: JAPANESE INTERMEDIATE CODE: R313531 |
|
| R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
| LAPS | Cancellation because of no payment of annual fees |