Scalar Multiplication Using Frobenius Expansion over Twisted Elliptic Curve for Ate Pairing Based Cryptography

概要

論文の詳細を見る
For ID-based cryptography, not only pairing but also scalar multiplication must be efficiently computable. In this paper, we propose a scalar multiplication method on the circumstances that we work at Ate pairing with Barreto-Naehrig (BN) curve. Note that the parameters of BN curve are given by a certain integer, namely mother parameter. Adhering the authors previous policy that we execute scalar multiplication on subfield-twisted curve $\\tilde{E} (\\boldsymbol{F}_{p^2}$) instead of doing on the original curve $E(\\boldsymbol{F}_{p^{12}}$), we at first show sextic twisted subfield Frobenius mapping (ST-SFM) $\\tilde{\\varphi}$ in $\\tilde{E} (\\boldsymbol{F}_{p^2})$. On BN curves, note $\\tilde{\\varphi}$ is identified with the scalar multiplication by p. However a scalar is always smaller than the order r of BN curve for Ate pairing, so ST-SFM does not directly applicable to the above circumstances. We then exploit the expressions of the curve order r and the characteristic p by the mother parameter to derive some radices such that they are expressed as a polynomial of p. Thus, a scalar multiplication [s] can be written by the series of ST-SFMs $\\tilde{\\varphi}$. In combination with the binary method or multi-exponentiation technique, this paper shows that the proposed method runs about twice or more faster than plain binary method.
（社）電子情報通信学会の論文
2009-01-01