楕円曲線暗号向け GF(2m) 上の Digit-Serial 乗算器の設計
6
0
0
全文
(2) 1.. £ 7L tf #. RSA Hgf-§-[8] 160 try ]-•?<&££&# RSA Bf^(D &&1024. ztb, rsa. Input: ^ = E^o1 ai2i'ai € C7F(2) Input: B = J^iZi BiZDi, where B{ is as in (1). GF(p) £ 2 <£>&*:#: GF(2m) #*>*. GF(2m) ttflUM* XOR. Output: S = A ■ Bmodf(z). f(z) = zm+ E^p1 c^,where a e GF(2) 1: 5*- 0. 2: for i = \m/D] - 1 to 0 do 2.1: S <r- A-Bi + S. 2.2: S <r-S-zD mod /(*) 3: Return(S). , bit-serial M^ m ^W -^^ tfc MSD. 2.. digit-serial. GF(2m) Oli A ir B t L,. 5 = A • £ mod /(*). digit-serial HIFtt bi m \fy hXlt' . digit. bit-serial T^^il XA [2]. £>6. bit-serial. , bit-serial. -<1V4?. frb&mtz, MSB ^^T/U-^y XASrBI 1 \Z. -fit digit-serial Tfrz* ]) X'A [3] , digit ©»tt d = \m/D]. -5 [10].. ^ Ji^: (1). IHfUt Redution SB^^ (1). tb bit-serial ^«t. bit-serial. £ L/c most signif. icant digit first (MSD). . MSB ^^^^ £> . MSB. o \Z. 1. h */y. ,. most. significant bit first (MSB). digit-serial. msd. 3.. Reduction. D t. . Reduction. . 2 |£-m digit-seria. -26-.
(3) Input: A = E^o1 «<*'.** € GF(2). Input: B = Eto B{zD\ where B» is as in (1) Output: S = A ■ £mod/(z). /(*) = zm + E^o1 cj^,where c» € GF(2) 1: 5<-0. 2: for i = [W^l - 1 to 0 do 2.1: for j = D - 1 to 0 do. 2.1.1: S <^ A-{Bi)j +S. 2.1.2: if(i == 0 and j == m%D) Return(S). 2.1.3: S^S-z mod /(z). HI 3. SH MSD-first 7^=*" ]) XA.. Redution m*#t> Reduction. 13 {C^|^ digit-serial. 2.1 (7) for ;U—^fflJift* MSB-first M^Il Reduction ^^^r digit f"^ X D r t tikMir >.. m=163, D=4 <D. S=AB mod Kx) HI 4. (GF(2163),D = 3).. &£ MSD-first. abed. abed. (a). (b). (-, m=163, L>=21,22,. cJ6 D=21. 5. XOR y- h <O^3t (a) T U-f M (b)2 #*§!.. 3.1. «9 It D \Ctt-tZ tit) Si(i e {0,1,.... to - 1}). Reduction. XOR ^-. Accumulator ffl-C*fiK$ <O A k D \?y b<DBi k. XOR y-. . Reduction ^^ Srt? 5 XOR y-. kD kftZ. ffi (to. 6. aibj I* AND Xft%-tZ>&, «#0i«li^V^t? AND yh 1 o^O^iJiT'^ti'. XOR y- Hit MSB ^JlS&afe^fc. yir«tt?fijgjitt digit f-^ x d \zttm lt«*p it t * 5 #, HI 5 \Z7Jk-t-3: 0 \z. XOR <DT isjm&t: 2 ^^tl^ tzbb XOR y-. *5. Accumulator IfUtt m 3 ^. msb. 4. NIST. ~fi [1] (fc. STARC90nm. -27-.
(4) X-♦♦♦.. 120000. 100000. 80000 }. 0. I 60000. 20. 80. 40. 100. 120. 140. 160. 180. digit size D. I. I 8. 40000. digit t^fX. 20000. 0. 0. 20. 40. 80. 100. 120. 140. 160. 180. digit sizeD. I 6. digit 1M X D. 5.. m. m. ROHM0.35/im "f o -fe ^ ffl 7 -f ^ 7 V. tz. 7^7*7!) f^fifett Synopsys Milky way X-2005.09, ifiiH^te: Synopsys Astro X-2005.09, DRC/LVS \M Mentor. Calibre te^tl^tlfelft Ltz. NIST^iH^^^*-^ [1] (C^^5. i^fd GF(2163) ±OtlRft^?rfflV>/c. ^^7 7—^^ (Q = kP). 50. 100. , digit. 150. digit size D. I 7. digit t^XD. io j^i-. * 4 ^ t. STARC90nm. DesignComplier W-2004.12-. Nph fe.. = *p) zm 0.115ms t?. digit. MSB JH@: MSB ^^. IrI±1-5*5. ,21 t'. ROHM0.35/im. -28-.
(5) -29-.
(6) *. *. it. [1]. /^^£? Standard Specifications for Public-Key Cryptography,. [2]. T. Beth and D. Gollmann, "Algorithm engineering for pub. IEEE Std. 1363-2000.. lic key algorithms." IEEE Journal on Selected Areas in Communications, vol. 7, pp. 458-465, 1989.. [3]. R.I. Hartley and K.K. Parhi, Digit-Serial Computation, Kluwer Academic Publishers, 1995.. [4]. N. Koblitz, "Elliptic Curve Cryptosystems," Math. Compu. [5]. S. Kumar, T. Wollinger and C. Paar, "Optimum Digit Serial. tation, vol. 48, pp. 203-209, 1987.. GF(2m) Multipliers for Curve-Based Cryptography," IEEE TRANSACTIONS ON COMPUTERS, vol. 55, no. 10, pp. 1306-1311, Oct. 2006.. [6]. J. Lopez and R. Dahab,. "Fast multiplication on ellip. tic curves over GF(2m) without precomputation,". Cryp. tographic Hardware and Embedded Systems - CHES'99, Springer-Verlag, Lecture Notes in Computer Science 1717, pp. 316-327, August, 1999.. [7]. V. Miller, "Uses of Elliptic Curves in Cryptography," Ad vances in Cryptology, Proc. CRYPTO '85, H.C. Williams, ed., pp. 417-426, 1986.. [8]. R.L. Rivest, A. Shamir and L. Adleman, "A Method for Ob taining Digital Signatures and Public-Key Cryptosystems," Comm. ACMt vol. 21, no. 2, pp. 120-126, Feb. 1978.. [9]. A. Satoh and K. Tfckano, "A Scalable Dual-Field EUiptic Curve Cryptographic Processor," IEEE TRANSACTIONS ON COMPUTERS, vol. 52, no. 4, pp. 449-460, April, 2003.. [10]. L. Song and K.K. Parhi, "Low Energy Digit-Serial/Parallel Finite Field Multipliers," J. VLSI Signal Processing, vol. 19, no. 2, pp. 149-166, June. 1998.. -30-.
(7)
関連したドキュメント
We also describe applications of this theorem in the study of the distribution of the signs in elliptic nets and generating elliptic nets using the denominators of the
Here we are interested in studying the weakly coupled system ( 1. 1 ) in the critical case. In particular we want to find solutions which concentrate in some points of in the sense
A lemma of considerable generality is proved from which one can obtain inequali- ties of Popoviciu’s type involving norms in a Banach space and Gram determinants.. Key words
In many semilinear elliptic problems including small parameters (e.g., semilinear elliptic equations involving the critical exponent [10], stationary Cahn- Hilliard equation
We study parallel algorithms for addition of numbers having finite representation in a positional numeration system defined by a base β in C and a finite digit set A of
de la CAL, Using stochastic processes for studying Bernstein-type operators, Proceedings of the Second International Conference in Functional Analysis and Approximation The-
[3] JI-CHANG KUANG, Applied Inequalities, 2nd edition, Hunan Education Press, Changsha, China, 1993J. FINK, Classical and New Inequalities in Analysis, Kluwer Academic
Goal of this joint work: Under certain conditions, we prove ( ∗ ) directly [i.e., without applying the theory of noncritical Belyi maps] to compute the constant “C(d, ϵ)”
