Abstract
In this paper we produce a practical and efficient algorithm to find a decomposition of type n = ∑i=1 k2si3 ti, si ti ∈ ℕ ∪ {0} with k ≤ (c +o(1)) log n/log log n . It is conjectured that one can take c = 2 above. Then this decomposition is refined into an effective scalar multiplication algorithm to compute nP on some supersingular elliptic curves of characteristic 3 with running time bounded by O (log n/log log n) and essentially no storage. To our knowledge, this is the first instance of a scalar multiplication algorithm that requires o(log n) curve operations on an elliptic curve over double struck F signq, with log q ≈ log n and uses comparable storage as in the standard double-and-add algorithm. This leads to an efficient algorithm very useful for cryptographic protocols based on supersingular curves. This is for example the case of the well-studied (in the past four years) identity based schemes. The method carries over to any supersingular curve of fixed characteristic.
| Original language | English |
|---|---|
| Title of host publication | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Pages | 171-182 |
| Number of pages | 12 |
| Volume | 3715 LNCS |
| DOIs | |
| Publication status | Published - 2005 |
| Externally published | Yes |
| Event | 1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005 - Kuala Lumpur, Malaysia Duration: Sep 28 2005 → Sep 30 2005 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 3715 LNCS |
| ISSN (Print) | 03029743 |
| ISSN (Electronic) | 16113349 |
Other
| Other | 1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005 |
|---|---|
| Country | Malaysia |
| City | Kuala Lumpur |
| Period | 9/28/05 → 9/30/05 |
Fingerprint
Keywords
- Exponentiation algorithms
- Integer decomposition
ASJC Scopus subject areas
- Computer Science(all)
- Biochemistry, Genetics and Molecular Biology(all)
- Theoretical Computer Science
Cite this
An analysis of double base number systems and a sublinear scalar multiplication algorithm. / Ciet, Mathieu; Sica, Francesco.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3715 LNCS 2005. p. 171-182 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3715 LNCS).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - An analysis of double base number systems and a sublinear scalar multiplication algorithm
AU - Ciet, Mathieu
AU - Sica, Francesco
PY - 2005
Y1 - 2005
N2 - In this paper we produce a practical and efficient algorithm to find a decomposition of type n = ∑i=1 k2si3 ti, si ti ∈ ℕ ∪ {0} with k ≤ (c +o(1)) log n/log log n . It is conjectured that one can take c = 2 above. Then this decomposition is refined into an effective scalar multiplication algorithm to compute nP on some supersingular elliptic curves of characteristic 3 with running time bounded by O (log n/log log n) and essentially no storage. To our knowledge, this is the first instance of a scalar multiplication algorithm that requires o(log n) curve operations on an elliptic curve over double struck F signq, with log q ≈ log n and uses comparable storage as in the standard double-and-add algorithm. This leads to an efficient algorithm very useful for cryptographic protocols based on supersingular curves. This is for example the case of the well-studied (in the past four years) identity based schemes. The method carries over to any supersingular curve of fixed characteristic.
AB - In this paper we produce a practical and efficient algorithm to find a decomposition of type n = ∑i=1 k2si3 ti, si ti ∈ ℕ ∪ {0} with k ≤ (c +o(1)) log n/log log n . It is conjectured that one can take c = 2 above. Then this decomposition is refined into an effective scalar multiplication algorithm to compute nP on some supersingular elliptic curves of characteristic 3 with running time bounded by O (log n/log log n) and essentially no storage. To our knowledge, this is the first instance of a scalar multiplication algorithm that requires o(log n) curve operations on an elliptic curve over double struck F signq, with log q ≈ log n and uses comparable storage as in the standard double-and-add algorithm. This leads to an efficient algorithm very useful for cryptographic protocols based on supersingular curves. This is for example the case of the well-studied (in the past four years) identity based schemes. The method carries over to any supersingular curve of fixed characteristic.
KW - Exponentiation algorithms
KW - Integer decomposition
UR - http://www.scopus.com/inward/record.url?scp=33646198552&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33646198552&partnerID=8YFLogxK
U2 - 10.1007/11554868_12
DO - 10.1007/11554868_12
M3 - Conference contribution
SN - 3540289380
SN - 9783540289388
VL - 3715 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 171
EP - 182
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ER -