한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

페어링 및 ECC 상수배 연산의 계산 비용에 관하여

On the Computational Cost of Pairing and ECC Scalar Multiplication

  • 투고 : 2009.09.07
  • 심사 : 2010.12.17
  • 발행 : 2011.01.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

겹선형 페어링(bilinear pairing)을 기반으로 하는 암호 프로토콜들은 이산 대수 문제를 기반으로 하는 전통적인 타원 곡선 암호시스템을 대신하여 여러 방면에의 응용성을 제공한다. 겹선형 페어링의 빠른 계산을 위하여 최근 활발한 연구가 진행 중이지만, 여전히 ECC 상수배 연산에 비해서 페어링 연산에 사용되는 계산 비용은 상당히 크다고 여겨진다. 그러나 이진 유한체상의 페어링 계산 연구는 최근 많은 발전이 이루어졌다. 본 논문에서는 이진 유한체상에서의 BLS 서명스킴과 ECDSA 서명 스킴의 복잡도를 비교한다. 공정한 비교를 위하여 1024-bit RSA와 같은 레벨의 보안성을 가지는 160-bit ECDSA와 250-bit BLS를 선택하였다. 분석결과 BLS 스킴은 ECDSA에 비해 하드웨어 복잡도 및 계산 지연시간의 측면에서 많은 차이가 나지 않음을 설명해준다.

Cryptographic protocols based on bilinear pairings provide excellent alternatives to conventional elliptic curve cryptosystems based on discrete logarithm problems. Through active research has been done toward fast computation of the bilinear pairings, it is still believed that the computational cost of one pairing computation is heavier than the cost of one ECC scalar multiplication. However, there have been many progresses in pairing computations over binary fields. In this paper, we compare the cost of BLS signature scheme with ECDSA with equvalent level of security parameters. Analysis shows that the cost of the pairing computation is quite comparable to the cost of ECC scalar multiplication for the case of binary fields.

키워드

과제정보

연구 과제 주관 기관 : 한국학술진흥재단

참고문헌

  1. D. Boneh and M. Franklin, "Identity based encryption from the Weil pairing," Crypto 2001, Lecture Notes in Computer Science, Vol.2139, pp.213-229, 2001.
  2. D. Boneh, B. Lynn, and H. Shacham, "Short signatures from the Weil pairing," Asiacrypt 2001, Lecture Notes in Computer Science, Vol.2248, pp.514-532, 2002.
  3. A. Joux, "A one round protocol for tripartite Diffie-Hellman," ANTS 2000, Lecture Notes in Computer Science, Vol.1838, pp.385-394, 2000.
  4. N.P. Smart, "An identity based authentication key agreement protocol based on pairing," Electronics Letters, Vol.38, pp.630-632, 2002. https://doi.org/10.1049/el:20020387
  5. R. Granger, D. Page, and M. Stam, "Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three," preprint, available at http://eprint.iacr.org/2004/157.pdf, 2004.
  6. R. Granger, D. Page, and M. Stam, "On small characteristic algebraic tori in pairing based cryptography," LMS J. Comput. Math., Vol.9, pp.64-85, 2006. https://doi.org/10.1112/S1461157000001194
  7. 장남수, 김태현, 김창한, 한동국, 김호원, "페어링 기반 암호시스템의 효율적인 유한체 연산기," 정보보호학회 논문지, Vol.18, pp.33-34, 2008.
  8. I. Duursma and H. Lee, "Tate pairing implementation for hyperelliptic curves," Asiacrypt 2003, Lecture Notes in Computer Science, Vol.2894, pp.111-123, 2003.
  9. P. Barreto, H. Kim, B. Lynn, and M. Scott, "Efficient algorithms for pairing based cryptosystems," Crypto 2002, Lecture Notes in Computer Science, Vol.2442, pp.354-368, 2002.
  10. P. Barreto, S. Galbraith, C. O hEigeartaigh, and M. Scott, "Efficient pairing computation on supersingular abelian varieties," Design, Codes and Cryptography, Vol.42, No.3, pp.239-271, 2007. https://doi.org/10.1007/s10623-006-9033-6
  11. S. Kwon, "Efficient Tate pairing computation for supersingular elliptic curves over binary fields," ACISP 2005, Lecture Notes in Computer Science, Vol.3574, pp.134-145, 2005.
  12. J. Lopez and R. Dahab, "Fast multiplication on elliptic curves over GF(2m) without precomputation," CHES 1999, Lecture Notes in Computer Science, Vol.1717, pp.316-327, 1999.
  13. N. Gura, S.C. Shantz, H. Eberle, S. Gupta, V. Gupta, D. Finchelstein, E. Goupy, and D. Stebila, "An end-to-end systems approach to elliptic curve cryptography," CHES 2002, Leture Notes in Computer Science, Vol.2523, pp.349-365, 2003.
  14. NIST, "Digital Signature Standard," FIPS Publication, 186-2, February, 2000.
  15. F. Hess, "A Note on the Tate pairing of curves over finite fields," Arch. Math. Vol.82, pp.28-32, 2004. https://doi.org/10.1007/s00013-003-4773-2
  16. A.J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publisher, 1993.
  17. H. Wu, "On complexity of polynomial basis squaring in GF(2m)," SAC 2000, Lecture Notes in Computer Science, Vol.2012, pp.118-129, 2001.
  18. C. Shu, S. Kwon, and K. Gaj, "FPGA accelerated Tate pairing based cryptosystems over binary fields," FPT 2006, IEEE Internatonal Conference on Field Programmable Technology, pp.173-180, 2006.
  19. V. Miller, "Short programs for functions on curves," unpublished manuscript, 1986.
  20. H. Brunner, A. Curiger, and M. Hofstetter, "On computing multiplicative inverses in GF(2^{m})," IEEE Trans. Computers, Vol.42, pp.1010-1015, 1993. https://doi.org/10.1109/12.238496
  21. C.H. Kim and C.P. Hong, "High-speed division architecture for GF(2^{m})," Electronics letters, Vol.38, pp.835-836, 2002. https://doi.org/10.1049/el:20020550
  22. D. Hankerson, A.J. Menezes, and S.A. Vanstone, Guide to Elliptic Curve Cryptography, Springer-Verlag, 2004.
  23. A.K. Lenstra and E.R. Verheul, "Selecting cryptographic key sizes," J. Cryptology, Vol.14, pp.255-293, 2001
  24. K. Fong, D. Hankerson, J. Lopez, and A. Menezes, "Field inversion and point halving revisited," Technical Report CORR 2003-18, Univ. of Waterloo, 2003.
  25. C. Shu, S. Kwon, and K. Gaj, "Reconfigurable Computing Approach for Tate Pairing Cryptosystems over Binary Fields," IEEE Trans. Computers, Vol.58, No.8, pp.1221-1237, 2009. https://doi.org/10.1109/TC.2009.64
  26. D. Hankerson, J.L. Hernandez, and A.J. Menezes, "Software implementation of elliptic curve cryptography over binary fields," CHES 2000, Leture Notes in Computer Science, Vol.1965, pp.1-24, 2000.
  27. C.H. Kim, S. Kwon, and C.P. Hong "FPGA implementation of high performance elliptic curve cryptographic processor over GF(2163)", Journal of Systems Architecture, Vol.54, pp.893-900, 2008. https://doi.org/10.1016/j.sysarc.2008.03.005