Reduction Optimal Trinomials for Efficient Software Implementation of the ηT Pairing

概要

論文の詳細を見る
The ηT pairing for supersingular elliptic curves over GF(3m) has been paid attention because of its computational efficiency. Since most computation parts of the ηT pairing are GF(3m) multiplications, it is important to improve the speed of the multiplication when implementing the ηT pairing. In this paper we investigate software implementation of GF(3m) multiplication and propose using irreducible trinomials xm+axk+b over GF(3) such that k is a multiple of w, where w is the bit length of the word of targeted CPU. We call the trinomials “reduction optimal trinomials (ROTs).” ROTs actually exist for several ms and for typical values of w=16 and 32. We list them for extension degrees m=97, 167, 193, 239, 317, and 487. These ms are derived from security considerations. Using ROTs, we are able to implement efficient modulo operations (reductions) for GF(3m) multiplication compared with cases in which other types of irreducible trinomials are used (e. g., trinomials with a minimum k for each m). The reason for this is that for cases using ROTsa, the number of shift operations on multiple precision data is reduced to less than half compared with cases using other trinomials. Our implementation results show that programs of reduction specialized for ROTs are 20-30% faster on 32-bit CPU and approximately 40% faster on 16-bit CPU compared with programs using irreducible trinomials with general k.
（社）電子情報通信学会の論文
2008-09-01