共查询到20条相似文献,搜索用时 468 毫秒
1.
You Lin Zhao Junzhong Xu Maozhi 《电子科学学刊(英文版)》2006,23(1):58-63
Let q be a power of a prime and φ be the Frobenius endomorphism on E(Fqk), then q = tφ - φ^2. Applying this equation, a new algorithm to compute rational point scalar multiplications on elliptic curves by finding a suitable small positive integer s such that q^s can be represented as some very sparse φ-polynomial is proposed. If a Normal Basis (NB) or Optimal Normal Basis (ONB) is applied and the precomputations are considered free, our algorithm will cost, on average, about 55% to 80% less than binary method, and about 42% to 74% less than φ-ary method. For some elliptic curves, our algorithm is also taster than Mǖller's algorithm. In addition, an effective algorithm is provided for finding such integer s. 相似文献
2.
This paper focuses on the design and implementation of a fast reconfigurable method for elliptic curve cryptography acceleration
in GF(2
m
). The main contribution of this paper is comparing different reconfigurable modular multiplication methods and modular reduction
methods for software implementation on Intel IA-32 processors, optimizing point arithmetic to reduce the number of expensive
reduction operations through a novel reduction sharing technique, and measuring performance for scalar point multiplication
in GF(2
m
) on Intel IA-32 processors. This paper determined that systematic reduction is best for fields defined with trinomials or
pentanomials; however, for fields defined with reduction polynomials with large Hamming weight Barrett reduction is best.
In GF(2571) for Intel P4 2.8 GHz processor, long multiplication with systematic reduction was 2.18 and 2.26 times faster than long multiplication
with Barrett or Montgomery reduction. This paper determined that Montgomery Invariant scalar point multiplication with Systematic
reduction in Projective coordinates was the fastest method for single scalar point multiplication for the NIST fields from
GF(2163) to GF(2571). For single scalar point multiplication on a reconfigurable elliptic curve cryptography accelerator, we were able to achieve
∼6.1 times speedup using reconfigurable reduction methods with long multiplication, Montgomery’s MSB Invariant method in projective
coordinates, and systematic reduction. Further extensions were made to implement fast reconfigurable elliptic curve cryptography
for repeated scalar point multiplication on the same base point. We also show that for L > 20 the LSB invariant method combined with affine doubling precomputation outperforms the LSB invariant method combined
with López-Dahab doubling precomputation for all reconfigurable reduction polynomial techniques in GF(2571) for Intel IA-32 processors. For L = 1000, the LSB invariant scalar point multiplication method was 13.78 to 34.32% faster than using the fastest Montgomery
Invariant scalar point multiplication method on Intel IA-32 processors. 相似文献
3.
Kazuo Sakiyama Lejla Batina Bart Preneel Ingrid Verbauwhede 《Mobile Networks and Applications》2007,12(4):245-258
We present a high-speed public-key cryptoprocessor that exploits three-level parallelism in Elliptic Curve Cryptography (ECC)
over GF(2
n
). The proposed cryptoprocessor employs a Parallelized Modular Arithmetic Logic Unit (P-MALU) that exploits two types of different
parallelism for accelerating modular operations. The sequence of scalar multiplications is also accelerated by exploiting
Instruction-Level Parallelism (ILP) and processing multiple P-MALU instructions in parallel. The system is programmable and
hence independent of the type of the elliptic curves and scalar multiplication algorithms. The synthesis results show that
scalar multiplication of ECC over GF(2163) on a generic curve can be computed in 20 and 16 μs respectively for the binary NAF (Non-Adjacent Form) and the Montgomery
method. The performance can be accelerated furthermore on a Koblitz curve and reach scalar multiplication of 12 μs with the
TNAF (τ-adic NAF) method. This fast performance allows us to perform over 80,000 scalar multiplications per second and to enhance
security in wireless mobile applications.
相似文献
Ingrid VerbauwhedeEmail: |
4.
Koblitz has suggested to use “anomalous” elliptic curves defined over F2, which are non-supersingular and allow for efficient multiplication of a point by an integer. For these curves, Meier and Staffelbach gave a method to find a polynomial of the Frobenius map corresponding to a given multiplier. Muller generalized their method to arbitrary non-supersingular elliptic curves defined over a small field of characteristic 2. In this paper, we propose an algorithm to speed up scalar multiplication on an elliptic curve defined over a small field. The proposed algorithm uses the same technique as Muller's to get an expansion by the Frobenius map, but its expansion length is half of Muller's due to the reduction step (Algorithm 1). Also, it uses a more efficient algorithm (Algorithm 3) to perform multiplication using the Frobenius expansion. Consequently, the proposed algorithm is two times faster than Muller's. Moreover, it can be applied to an elliptic curve defined over a finite field with odd characteristic and does not require any precomputation or additional memory. 相似文献
5.
We propose two improved scalar multiplication methods on elliptic curves over Fqn where q = 2m using Frobenius expansion. The scalar multiplication of elliptic curves defined over subfield Fq can be sped up by Frobenius expansion. Previous methods are restricted to the case of a small m. However, when m is small, it is hard to find curves having good cryptographic properties. Our methods are suitable for curves defined over medium‐sized fields, that is, 10 ≤ m ≤ 20. These methods are variants of the conventional multiple‐base binary (MBB) method combined with the window method. One of our methods is for a polynomial basis representation with software implementation, and the other is for a normal basis representation with hardware implementation. Our software experiment shows that it is about 10% faster than the MBB method, which also uses Frobenius expansion, and about 20% faster than the Montgomery method, which is the fastest general method in polynomial basis implementation. 相似文献
6.
In this paper we present invalid-curve attacks that apply to the Montgomery ladder elliptic curve scalar multiplication (ECSM)
algorithm. An elliptic curve over the binary field is defined using two parameters, a and b. We show that with a different “value” for curve parameter a, there exists a cryptographically weaker group in nine of the ten NIST-recommended elliptic curves over
\mathbbF2m\mathbb{F}_{2^{m}}. Thereafter, we present two attacks that are based on the observation that parameter a is not utilized for the Montgomery ladder algorithms proposed by López and Dahab (CHES 1999: Cryptographic Hardware and Embedded
Systems, LNCS, vol. 1717, pp. 316–327, Springer, Berlin, 1999). We also present the probability of success of such attacks for general and NIST-recommended elliptic curves. In addition
we give some countermeasures to resist these attacks. 相似文献
7.
8.
The effect of successive double implantation of Ag+(Cu+) and Xe+ ions on the recombination properties of CdxHg1−x
Te (0.2<x<0.3) crystals has been investigated. It is shown that after implantation of ions of one chemical element, followed by diffusion
thermal annealing at temperatures below 150–200 K, recombination through local levels lying 30±5 meV below the conduction
band bottom dominates. Successive double implantation of Ag+(Cu+) and Xe+ ions followed by diffusion thermal annealing changes the course of the temperature dependence of the lifetime of the nonequilibrium
charge carriers. It was determined that for CdxHg1−x
Te crystals with x⋍0.20–0.25 in the temperature interval 700–200 K the lifetime of the nonequilibrium charge carriers is low (τ<0.15 μs) and does not depend on the temperature. For CdxHg1−x
Te crystals with x⋍0.3 recombination of nonequilibrium charge carriers occurs through two types of levels: in the temperature range 140–200
K — deep levels E
t1⋍E
c
−51 meV and at lower temperatures (77–140 K) — through shallower levels E
t2⋍E
c
−(16±2) meV.
Fiz. Tekh. Poluprovodn. 31, 786–789 (July 1997) 相似文献
9.
Xu Hong Qi Wenfeng 《电子科学学刊(英文版)》2007,24(4):439-442
In this paper, the autocorrelations of maximal period Feedback with Carry Shift Register sequences (l-sequences) are discussed. For an l-sequence a with connection integer q = p^e(e ≥ 2) and period T = p^t-1(p- 1), and for any integer i, 1 ≤ i ≤ e/2, by calculating the number of certain sets, it is shown that the autocorrelation of a with shift τ= kT/2p^i is Ca(τ) =(-1)^k-1 T/p^2i-1, where 1 ≤ k ≤ 2p^i - 1, and gcd(k,2p^i) = 1. This result shows there do exist some shifts such that the autocorrelations of l-sequences are high although most autocorrelations are low. Such result also holds for the decimations of l-sequences. 相似文献
10.
M. Ahoujja W. C. Mitchel S. Elhamri R. S. Newrock D. B. Mast J. M. Redwing M. A. Tischler J. S. Flynn 《Journal of Electronic Materials》1998,27(4):210-214
We have experimentally determined the effective mass (m*) of GaN, the classical (τ
c), and quantum (τ
q) scattering times for a two-dimensional electron gas residing at the interface of an AlGaN/GaN heterostructure, using the
Shubnikovde Haas effect. The ratio of the two scattering times, τ
c/τ
q, suggests that, at low temperatures, the scattering mechanism limiting the mobility is due to remote ionized impurities located
in AlGaN. This study should provide sample growers with information useful for improving the quality of the nitride heterostuctures. 相似文献
11.
Volker Müller 《Journal of Cryptology》1998,11(4):219-234
We discuss new algorithms for multiplying points on elliptic curves defined over small finite fields of characteristic two.
This algorithm is an extension of previous results by Koblitz, Meier, and Staffelbach. Experimental results show that the
new methods can give a running time improvement of up to 50 % compared with the ordinary binary algorithm for multiplication.
Finally, we present a table of elliptic curves, which are well suited for elliptic curve public key cryptosystems, and for
which the new algorithm can be used.
Received 14 January 1997 and revised 4 September 1997 相似文献
12.
Consider the following problem: Given k=2
q
random lists of n-bit vectors, L
1,…,L
k
, each of length m, find x
1∈L
1,…,x
k
∈L
k
such that x
1+⋅⋅⋅+x
k
=0, where + is the XOR operation. This problem has applications in a number of areas, including cryptanalysis, coding theory,
finding shortest lattice vectors, and learning theory. The so-called k-tree algorithm, due to Wagner, solves this problem in [(O)\tilde](2q+n/(q+1))\tilde{O}(2^{q+n/(q+1)}) expected time provided the length m of the lists is large enough, specifically if m≥2
n/(q+1). 相似文献
13.
Krishna C. Mandal Sung Hoon Kang Michael Choi Jiuan Wei Lili Zheng Hui Zhang Gerald E. Jellison Michael Groza Arnold Burger 《Journal of Electronic Materials》2007,36(8):1013-1020
Spectrometer-grade CdTe single crystals with resistivities higher than 109 Ω cm have been grown by the modified Bridgman method using zone-refined precursor materials (Cd and Te) under a Cd overpressure.
The grown CdTe crystals had good charge-transport properties (μτ
e = 2 × 10−3 cm2 V−1, μτ
h = 8 × 10−5 cm2 V−1) and significantly reduced Te precipitates compared with crystals grown without Cd overpressure. The crystal growth conditions
for the Bridgman system were optimized by computer modeling and simulation, using modified MASTRAPP program, and applied to
crystal diameters of 14 mm (0.55′′), 38 mm (1.5′′), and 76 mm (3′′). Details of the CdTe crystal growth operation, structural,
electrical, and optical characterization measurements, detector fabrication, and testing using 241Am (60 keV) and 137Cs (662 keV) sources are presented. 相似文献
14.
The security of elliptic curve cryptosystems is based on the presumed intractability of the discrete logarithm problem on
the curve. Other than algorithms that work in an arbitrary group and are exponential in the general case, the only general-purpose
algorithm that has ever been proposed for the elliptic curve discrete logarithm is that of Menezes—Okamoto—Vanstone (MOV).
The MOV algorithm, which embeds an elliptic curve group of prime order l in the multiplicative group of a field F
qk, is subexponential only under special circumstances, however. In this paper we first prove that, under a mild condition that
always holds in practical applications, the condition that l|(q
k
-1) , which is obviously necessary for realizing the MOV algorithm, is also sufficient. We next give an improved upper bound
for the frequency of occurrence of pairs of primes l, p such that l|(p
k
-1) for k small, where l is in the Hasse interval .
Received 28 November 1995 and revised 20 September 1996 相似文献
15.
The alloy composition of Hg1−xCdxTe should be controlled during growth, so that the desired band gap and the lattice-matched layer may be obtained. In-situ spectroscopic ellipsometry, now commercially available, enables one to acquire spectral data during growth. If one knows
the optical dielectric function as a function of alloy composition and temperature, the technique can be fully used to monitor
and control temperature, the thickness, and the alloy composition. For this purpose, we first obtained temperature dependent
spectral data of Hg1−xCdxTe by spectroscopic ellipsometry (SE). The spectral data of Hg1−xCdxTe with x = 1,0.235, and 0.344 were obtained from room temperature to 800Kin the photon energy range from 1.3 to 6 eV. The spectral
data revealed distinctive critical point structures at E0, E0+Δ0, E1, E1+Δ1, E2(X), and E2(Σ). Critical point energies decreased and linewidths increased monotonically as temperature increased. The model for the
optical dielectric function enabled (i) the critical point parameters to be determined accurately, and (ii) the spectral data
to be expressed as a function of temperature within and outside the experimental range. 相似文献
16.
Selçuk Baktır Sandeep Kumar Christof Paar Berk Sunar 《Mobile Networks and Applications》2007,12(4):259-270
We propose a novel area/time efficient elliptic curve cryptography (ECC) processor architecture which performs all finite
field arithmetic operations in the discrete Fourier domain. The proposed architecture utilizes a class of optimal extension fields (OEF)
GF(q
m
) where the field characteristic is a Mersenne prime q = 2
n
− 1 and m = n. The main advantage of our architecture is that it achieves extension field modular multiplication in the discrete Fourier domain with only a linear number of base field GF(q) multiplications in addition to a quadratic number of simpler operations such as addition and bitwise rotation. We achieve
an area between 25k and 50k equivalent gates for the implementations over OEFs of size 169, 289 and 361 bits. With its low
area and high speed, the proposed architecture is well suited for ECC in small device environments such as sensor networks.
The work at hand presents the first hardware implementation of a frequency domain multiplier suitable for ECC and the first
hardware implementation of ECC in the frequency domain.
相似文献
Berk SunarEmail: |
17.
The adaptation process in digital filters requires extensive calculation. This computation makes adaptation a slow and time
consuming process. Simple, but versatile, parallel algorithms for adaptive filters, suitable for VLSI implementation, are
in demand. In this paper a regular and modular parallel algorithm for an adaptive filter is presented. This parallel structure
is based on the Gradient Vector Estimation Algorithm, which minimizes the Mean Square Error. In the parallel method, the tap
weights of the adaptive filter are updated everys steps, whereas in the recursive algorithms, the tap weights are updated at each step. Fors step update, bit strings of lengths are used to derive the terms with which the tap weights of the adaptive filter are calculated. The algorithm presented computes
the tap weights at timen+s as a function of the tap weights at timen, the inputs from timen+1 ton+s−1, and the desired output from timen+1 ton+s−1. The algorithm also can be mapped to a VLSI architecture that is both regular and modular and allows either expansion of
the order of the filter or the degree of parallelism obtainable. A comparison between the performance of the sequential LMS
algorithm, Fast Exact LMS algorithm, and the parallel binary structured LMS algorithm is presented. 相似文献
18.
Steffen Tarnick 《Journal of Electronic Testing》2008,24(6):509-527
Borden codes are optimal nonsystematic t-unidirectional error detecting (t-UED) codes. A possible method to design a Borden code checker is to map the Borden code words to words of an AN arithmetic code and to check the obtained words with an appropriate AN code checker. For t = q − 1 with q = 2
m
− 1 we show how this method can be modified such that the Borden code checkers achieve the self-testing property under very
weak conditions. It is only required that no checker input line gets a constant signal and that the Borden code words occur
in a random order, making the proposed checkers very suitable for use as embedded checkers. Based on these checkers it is
then possible to design embedded Borden t-UED code checkers for t = 2
k
q − 1 with q = 2
m
− 1.
相似文献
Steffen TarnickEmail: |
19.
The current response of a TlBr detector to 137Cs γ-ray radiation has been studied in the dose-rate range 0.033–3.84 Gy/min and within the voltage range 1–300 V; the detectors
are based on pure and doped TlBr crystals grown from the melt by the Bridgman-Stockbarger method. The mass fraction of Pb
or Ca introduced into the TlBr crystals was 1–10 ppm for Pb and 150 ppm for Ca. The current response of nominally undoped
TlBr samples was nearly linear over two decades of studied dose rates. Deep hole levels associated with cationic vacancies
V
c
− determine the dependence of the current response on the voltage in the high electric fields. The parameters of the carriers’
transport μτ are determined. The TlBr crystals grown in vacuum and in the bromine vapor exhibit a large mobility-lifetime
product of 4.3 × 10−4 and 6.4 × 10−5 cm2V−1, respectively. The value of μτ is in the range (4–9) × 10−5 cm2V−1 for crystals doped with a divalent cation. 相似文献
20.
We have investigated, as a function of indium content x, the galvanomagnetic and Shubnikov de Haas (SdH) properties of two-dimensional
electron gases (2DEG) formed at lattice matched, strain relaxed InAlAs/InGaAs heterojunctions. These were grown by molecular
beam epitaxy on GaAs misoriented substrates with a two degree offcut toward the nearest (110) plane. Variable temperature
resistivity and Hall measurements indicate an increase in the electron sheet density ns from 0.78×1012cm−2 for x=0.15 to 1.80×1012 cm−2 for x=0.40 at 300K, and from 0.75×1012cm−2 to 1.67×1012cm−2 at T=1.6K. The room temperature electron mobility, measured along the in plane [110], direction is independent of indium
content and equals approximately 9500 cm2/Vs. For T<50K, the mobility is independent of temperature decreasing with increasing x from 82000 cm2/Vs for x=0.15 to 33000 cm2/Vs for x=0.40. The ratios (τt/τq) at 1.6K between the electron relaxation time τt and the single particle relaxation time τq, for the strain relaxed specimens, as well as for pseudomorphically strained Al0.35Ga0.65As/In0.15Ga0.85As structures grown on GaAs substrates, and In0.52Al0.48As/In0.53Ga0.47As heterostructures grown lattice matched on InP substrates. Such a study indicates the presence of inhomogeneities in the
2DEGs of the strain relaxed specimens which appear to be related to the process of strain relaxation. Such inhomogeneities,
however, have little effect on the electron relaxation time τt which, at low temperatures, is limited principally by alloy scattering. 相似文献