Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography

Yasuyuki Nogami; Yumi Sakemi; Takumi Okimoto; Kenta Nekado; Masataka Akane; Yoshitaka Morikawa

doi:10.1587/transfun.E92.A.182

Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography

Yasuyuki Nogami, Yumi Sakemi, Takumi Okimoto, Kenta Nekado, Masataka Akane, Yoshitaka Morikawa

Research output: Contribution to journal › Article › peer-review

13 Citations (Scopus)

Abstract

For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve E∼(F _p²) instead of doing on the original curve E(F _p¹²), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) φ∼ in E∼(F_p²). On BN curves, note φ∼ is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs φ∼. In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

Original language	English
Pages (from-to)	182-189
Number of pages	8
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E92-A
Issue number	1
DOIs	https://doi.org/10.1587/transfun.E92.A.182
Publication status	Published - Jan 2009

Keywords

Ate pairing
BN curve
Frobenius mapping
Scalar multiplication
Twisted subfield computation

ASJC Scopus subject areas

Signal Processing
Computer Graphics and Computer-Aided Design
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1587/transfun.E92.A.182

Fingerprint Dive into the research topics of 'Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography'. Together they form a unique fingerprint.

Cite this

Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography. / Nogami, Yasuyuki; Sakemi, Yumi; Okimoto, Takumi; Nekado, Kenta; Akane, Masataka; Morikawa, Yoshitaka.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E92-A, No. 1, 01.2009, p. 182-189.

Research output: Contribution to journal › Article › peer-review

@article{b45cefdbccc44b79bda59f8b17660ba0,

title = "Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography",

abstract = "For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve E∼(F p2) instead of doing on the original curve E(F p12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) φ∼ in E∼(Fp2). On BN curves, note φ∼ is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs φ∼. In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.",

keywords = "Ate pairing, BN curve, Frobenius mapping, Scalar multiplication, Twisted subfield computation",

author = "Yasuyuki Nogami and Yumi Sakemi and Takumi Okimoto and Kenta Nekado and Masataka Akane and Yoshitaka Morikawa",

year = "2009",

month = jan,

doi = "10.1587/transfun.E92.A.182",

language = "English",

volume = "E92-A",

pages = "182--189",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "1",

}

TY - JOUR

T1 - Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography

AU - Nogami, Yasuyuki

AU - Sakemi, Yumi

AU - Okimoto, Takumi

AU - Nekado, Kenta

AU - Akane, Masataka

AU - Morikawa, Yoshitaka

PY - 2009/1

Y1 - 2009/1

N2 - For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve E∼(F p2) instead of doing on the original curve E(F p12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) φ∼ in E∼(Fp2). On BN curves, note φ∼ is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs φ∼. In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

AB - For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors' previous policy that we execute scalar multiplication on subfield-twisted curve E∼(F p2) instead of doing on the original curve E(F p12), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) φ∼ in E∼(Fp2). On BN curves, note φ∼ is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs φ∼. In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.

KW - Ate pairing

KW - BN curve

KW - Frobenius mapping

KW - Scalar multiplication

KW - Twisted subfield computation

UR - http://www.scopus.com/inward/record.url?scp=77749294674&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77749294674&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.182

DO - 10.1587/transfun.E92.A.182

M3 - Article

AN - SCOPUS:77749294674

VL - E92-A

SP - 182

EP - 189

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -