A Comparative Analysis of Calculations Performed Using Combinations of Different Bases of Finite Fields
DOI:
https://doi.org/10.24160/1993-6982-2017-1-58-66Keywords:
finite field, finite field extension, combination of bases, optimal normal basis, supersingular elliptic curve, Tate pairing, pairing algorithm with square root extraction, pairing algorithm without square root extraction, final exponentiationAbstract
The article is devoted to a comparative analysis of the complexity of algorithms for carrying out inversion, exponentiation in the fields of characteristic two, Tate pairing operation, and final exponentiation on a supersingular elliptic curve over these fields, taking into account the possibility of using different bases of finite fields in which the calculations are carried out. The polynomial basis (p.b) of the field, an almost p.b. (a.p.b.), the optimal normal basis (o.n.b.), and the permutated o.n.b. (p.o.n.b) basis of the field, the generator of the 2nd type or 3rd type o.n.b., as well as the duplicated a.p.b. and the duplicated p.o.n.b., and transformations of these bases are used. Multiplication in the ring implemented using a sequential multiplication program according toKaratsuba’s algorithm is applied. The operations of multiplication, exponentiation to powerand inversion in the field are considered with the use of these bases and this operation. It is shown that exponentiation to power for inversion according to Fermat’s small theorem can be implemented using 12 multiplications at insignificant expenditures for squaring. At the same time, inversion using a modification of the extended Euclidean algorithm requires a significantly fewer number of elementary operations ⊕,& and bit assignments or even only logical operations in comparison with the exponentiation by Fermat, which is confirmed by the average data on 100 executions of the inversion operation. The operations of pairing and final exponentiation are implemented in the 4th degree extension of the field using its 1st type o.n.b. or p.b. with p.b., a.p.b or p.o.n.b of the initial field. It is shown that, if for the multiplication of polynomials of degree 190 in the ring a sequential program according to the Karatsuba method is used, the p.o.n.b. of the field and the p.b. of its expansion constitute the best combination for pairing in the cryptographically significant field. In carrying out multiplication using the record beatingprogram (in the number of executable logic operations),the combination involving the p.b. of the main field and the o.n.b. of the 1st type of its expansion is more preferable. However, a significant advantage of the final exponentiation inthe p.o.n.b. of the main field and o.n.b. of the 1st type of its expansion entails the advantage of using this basis of the main field both in pairing, and in the final exponentiation, and for the effective implementation of the next operation of the final exponentiation after the pairing operation,it is necessary to make conversion from the p.b. to o.n.b. extension of the field,which is implemented quite easily by using the minimal polynomial common for thep.b. and o.n.b.. Then, the final exponentiation is performed by carrying out 17 multiplications in the field extension at almost negligible cost of squaring in intermediate computations. The results are obtained by analyzing primary sources, algorithms, and via computer experiments.
References
2. Mullin R.C., Onyszchuk I.M., Vanstone S.A., Wilson R.M. Optimal Normal Bases in GF(pn) // Discrete Appl. Math. 1988/89. Vol. 22. P, 149—161.
3. Shokrollahi J. Efficient Implementation Of Elliptic Curve Cryptography on FPGA. PhD Thesis. Universitet Bonn, 2007.
4. Gathen von zur J., Shokrollahi A., Shokrollahi J. Efficient Multiplication Using Type 2 Optimal Normal Bases // In WAIFI ’07, LNCS. 2007. P. 55—68.
5. Bernstein D.J., Lange T. Type-II Optimal Polynomial Bases. Arithmetic of Finite Fields. Proceedings. LNCS. 6087. 2010. P. 41—61.
6. Duursma I., Lee H. Tate Pairing Implementation For Hyperelliptic Curves y2 = xp - x + d // Lecture Notes in Computer Science. 2003. Vol. 2894. P. 111—123.
7. Kwon S. Efficient Tate Pairing Computation For Supersingular Elliptic Curves Jver Binary Fields. Cryptology ePrint archive. Report 2004/303. 2004.
8. Joux A. A One Round Protocol For Tripartite Di- Hellman // Lecture Notes in Computer Science. ANTS. 2000. Vol. 1838. P. 385—394.
9. Sroeppel R, Orman H., Malley S’O., Spatschek O. Fast Key Exchange With Elliptic Curve Systems // Lecture Notes In Computer Science. CRYPTO95. № 965. P. 43—56.
10. Bernstein D.J. Minimum Number Of Bit Operations For Multiplication. URL: http://binary.cr.yp. to/m.html (access date: 2009).
