Recommended Elliptic Cur Ves for Federal Government

8/14/2019 Recommended Elliptic Cur Ves for Federal Government

1/43

R E C O M M E N D E D E L L I P T I C C U R V E S F O R F E D E R A L

G O V E R N M E N T U S E

J u l y 1 9 9 9

T h i s c o l l e c t i o n o f e l l i p t i c c u r v e s i s r e c o m m e n d e d f o r F e d e r a l g o v e r n -

m e n t u s e a n d c o n t a i n s c h o i c e s o f p r i v a t e k e y l e n g t h a n d u n d e r l y i n g e l d s .

x 1 . P a r a m e t e r C h o i c e s

1 . 1 C h o i c e o f K e y L e n g t h s

T h e p r i n c i p a l p a r a m e t e r s f o r e l l i p t i c c u r v e c r y p t o g r a p h y a r e t h e e l -

l i p t i c c u r v e E a n d a d e s i g n a t e d p o i n t G o n E c a l l e d t h e b a s e p o i n t . T h e

b a s e p o i n t h a s o r d e r r , a l a r g e p r i m e . T h e n u m b e r o f p o i n t s o n t h e c u r v e

i s n = f r f o r s o m e i n t e g e r f ( t h e c o f a c t o r ) n o t d i v i s i b l e b y r . F o r e c i e n c y

r e a s o n s , i t i s d e s i r a b l e t o t a k e t h e c o f a c t o r t o b e a s s m a l l a s p o s s i b l e .

A l l o f t h e c u r v e s g i v e n b e l o w h a v e c o f a c t o r s 1 , 2 , o r 4 . A s a r e s u l t , t h e

p r i v a t e a n d p u b l i c k e y s a r e a p p r o x i m a t e l y t h e s a m e l e n g t h . E a c h l e n g t h i s

c h o s e n t o c o r r e s p o n d t o t h e c r y p t o v a r i a b l e l e n g t h o f a c o m m o n s y m m e t r i c

c r y p t o l o g i c . I n e a c h c a s e , t h e p r i v a t e k e y l e n g t h i s , a t l e a s t , a p p r o x i m a t e l y

t w i c e t h e s y m m e t r i c c r y p t o v a r i a b l e l e n g t h .

1 . 2 C h o i c e o f U n d e r l y i n g F i e l d s

F o r e a c h c r y p t o v a r i a b l e l e n g t h , t h e r e a r e g i v e n t w o k i n d s o f e l d s .

A p r i m e e l d i s t h e e l d G F ( p ) w h i c h c o n t a i n s a p r i m e n u m b e r p o f

e l e m e n t s . T h e e l e m e n t s o f t h i s e l d a r e t h e i n t e g e r s m o d u l o p , a n d t h e

e l d a r i t h m e t i c i s i m p l e m e n t e d i n t e r m s o f t h e a r i t h m e t i c o f i n t e g e r s

m o d u l o p .


2/43

A b i n a r y e l d i s t h e e l d G F ( 2

m

) w h i c h c o n t a i n s 2

m

e l e m e n t s f o r

s o m e m ( c a l l e d t h e d e g r e e o f t h e e l d ) . T h e e l e m e n t s o f t h i s e l d a r e

t h e b i t s t r i n g s o f l e n g t h m , a n d t h e e l d a r i t h m e t i c i s i m p l e m e n t e d

i n t e r m s o f o p e r a t i o n s o n t h e b i t s .

T h e f o l l o w i n g t a b l e g i v e s t h e s i z e s o f t h e v a r i o u s u n d e r l y i n g e l d s . B y k p k

i s m e a n t t h e l e n g t h o f t h e b i n a r y e x p a n s i o n o f t h e i n t e g e r p .

S y m m e t r i c E x a m p l e

C V L e n g t h A l g o r i t h m P r i m e F i e l d B i n a r y F i e l d

8 0 S K I P J A C K k p k = 1 9 2 m = 1 6 3

1 1 2 T r i p l e - D E S k p k = 2 2 4 m = 2 3 3

1 2 8 A E S S m a l l k p k = 2 5 6 m = 2 8 3

1 9 2 A E S M e d i u m k p k = 3 8 4 m = 4 0 9

2 5 6 A E S L a r g e k p k = 5 2 1 m = 5 7 1

1 . 3 C h o i c e o f B a s i s

T o d e s c r i b e t h e a r i t h m e t i c o f a b i n a r y e l d , i t i s r s t n e c e s s a r y t o

s p e c i f y h o w a b i t s t r i n g i s t o b e i n t e r p r e t e d . T h i s i s r e f e r r e d t o a s c h o o s i n g

a b a s i s f o r t h e e l d . T h e r e a r e t w o c o m m o n t y p e s o f b a s e s : a p o l y n o m i a l

b a s i s a n d a n o r m a l b a s i s .

A p o l y n o m i a l b a s i s i s s p e c i e d b y a n i r r e d u c i b l e p o l y n o m i a l m o d u l o

2 , c a l l e d t h e e l d p o l y n o m i a l . T h e b i t s t r i n g ( a

m 0 1

: : : a

2

a

1

a

0

) i s

t a k e n t o r e p r e s e n t t h e p o l y n o m i a l

a

m 0 1

t

m 0 1

+ 1 1 1 + a

2

t

2

+ a

1

t + a

0


3/43

o v e r G F ( 2 ) . T h e e l d a r i t h m e t i c i s i m p l e m e n t e d a s p o l y n o m i a l a r i t h -

m e t i c m o d u l o p ( t ) , w h e r e p ( t ) i s t h e e l d p o l y n o m i a l .

A n o r m a l b a s i s i s s p e c i e d b y a n e l e m e n t o f a p a r t i c u l a r k i n d . T h e

b i t s t r i n g ( a

0

a

1

a

2

: : : a

m 0 1

) i s t a k e n t o r e p r e s e n t t h e e l e m e n t

a

0

+ a

1

2

+ a

2

2

2

+ 1 1 1 + a

m 0 1

2

m 0 1

:

N o r m a l b a s i s e l d a r i t h m e t i c i s n o t e a s y t o d e s c r i b e o r e c i e n t t o

i m p l e m e n t i n g e n e r a l , b u t i s f o r a s p e c i a l c l a s s c a l l e d T y p e T l o w -

c o m p l e x i t y n o r m a l b a s e s . F o r a g i v e n e l d d e g r e e m , t h e c h o i c e o f T

s p e c i e s t h e b a s i s a n d t h e e l d a r i t h m e t i c ( s e e A p p e n d i x 2 ) .

T h e r e a r e m a n y p o l y n o m i a l b a s e s a n d n o r m a l b a s e s f r o m w h i c h t o c h o o s e .

T h e f o l l o w i n g p r o c e d u r e s a r e c o m m o n l y u s e d t o s e l e c t a b a s i s r e p r e s e n t a -

t i o n .

P o l y n o m i a l B a s i s : I f a n i r r e d u c i b l e t r i n o m i a l t

m

+ t

k

+ 1 e x i s t s o v e r

G F ( 2 ) , t h e n t h e e l d p o l y n o m i a l p ( t ) i s c h o s e n t o b e t h e i r r e d u c i b l e

t r i n o m i a l w i t h t h e l o w e s t - d e g r e e m i d d l e t e r m t

k

. I f n o i r r e d u c i b l e t r i -

n o m i a l e x i s t s , t h e n o n e s e l e c t s i n s t e a d a p e n t a n o m i a l t

m

+ t

a

+ t

b

+ t

c

+ 1 .

T h e p a r t i c u l a r p e n t a n o m i a l c h o s e n h a s t h e f o l l o w i n g p r o p e r t i e s : t h e

s e c o n d t e r m t

a

h a s t h e l o w e s t d e g r e e a m o n g a l l i r r e d u c i b l e p e n t a n o m i -

a l s o f d e g r e e m ; t h e t h i r d t e r m t

b

h a s t h e l o w e s t d e g r e e a m o n g a l l i r r e -

d u c i b l e p e n t a n o m i a l s o f d e g r e e m a n d s e c o n d t e r m t

a

; a n d t h e f o u r t h

t e r m t

c

h a s t h e l o w e s t d e g r e e a m o n g a l l i r r e d u c i b l e p e n t a n o m i a l s o f

d e g r e e m , s e c o n d t e r m t

a

, a n d t h i r d t e r m t

b

.

N o r m a l B a s i s : C h o o s e t h e T y p e T l o w - c o m p l e x i t y n o r m a l b a s i s w i t h

t h e s m a l l e s t T .


4/43

F o r e a c h b i n a r y e l d , t h e p a r a m e t e r s a r e g i v e n f o r t h e a b o v e b a s i s r e p r e -

s e n t a t i o n s .

1 . 4 C h o i c e o f C u r v e s

T w o k i n d s o f c u r v e s a r e g i v e n :

P s e u d o - r a n d o m c u r v e s a r e t h o s e w h o s e c o e c i e n t s a r e g e n e r a t e d f r o m

t h e o u t p u t o f a s e e d e d c r y p t o g r a p h i c h a s h . I f t h e s e e d v a l u e i s g i v e n

a l o n g w i t h t h e c o e c i e n t s , i t c a n b e v e r i e d e a s i l y t h a t t h e c o e c i e n t s

w e r e i n d e e d g e n e r a t e d b y t h a t m e t h o d .

S p e c i a l c u r v e s w h o s e c o e c i e n t s a n d u n d e r l y i n g e l d h a v e b e e n s e -

l e c t e d t o o p t i m i z e t h e e c i e n c y o f t h e e l l i p t i c c u r v e o p e r a t i o n s .

F o r e a c h s i z e , t h e f o l l o w i n g c u r v e s a r e g i v e n :

! A p s e u d o - r a n d o m c u r v e o v e r G F ( p ) .

! A p s e u d o - r a n d o m c u r v e o v e r G F ( 2

m

) .

! A s p e c i a l c u r v e o v e r G F ( 2

m

) c a l l e d a K o b l i t z c u r v e o r a n o m a l o u s

b i n a r y c u r v e .

T h e p s e u d o - r a n d o m c u r v e s a r e g e n e r a t e d v i a t h e S H A - 1 b a s e d m e t h o d g i v e n

i n t h e A N S I X 9 . 6 2 a n d I E E E P 1 3 6 3 s t a n d a r d s . ( T h e g e n e r a t i o n a n d v e r i -

c a t i o n p r o c e s s e s a r e g i v e n i n A p p e n d i c e s 4 t h r o u g h 7 . )

1 . 5 C h o i c e o f B a s e P o i n t s

A n y p o i n t o f o r d e r r c a n s e r v e a s t h e b a s e p o i n t . E a c h c u r v e i s s u p -

p l i e d w i t h a s a m p l e b a s e p o i n t G = ( G

x

; G

y

) . U s e r s m a y w a n t t o g e n e r a t e

t h e i r o w n b a s e p o i n t s t o e n s u r e c r y p t o g r a p h i c s e p a r a t i o n o f n e t w o r k s .


5/43

x 2 . C u r v e s o v e r P r i m e F i e l d s

F o r e a c h p r i m e p , a p s e u d o - r a n d o m c u r v e

E : y

2

x

3

0 3 x + b ( m o d p )

o f p r i m e o r d e r r i s l i s t e d .

1

( T h u s , f o r t h e s e c u r v e s , t h e c o f a c t o r i s a l w a y s

f = 1 . ) T h e f o l l o w i n g p a r a m e t e r s a r e g i v e n :

T h e p r i m e m o d u l u s p

T h e o r d e r r

T h e 1 6 0 - b i t i n p u t s e e d s t o t h e S H A - 1 b a s e d a l g o r i t h m

T h e o u t p u t c o f t h e S H A - 1 b a s e d a l g o r i t h m

T h e c o e c i e n t b ( s a t i s f y i n g b

2

c 0 2 7 ( m o d p ) )

T h e b a s e p o i n t x c o o r d i n a t e G

x

T h e b a s e p o i n t y c o o r d i n a t e G

y

T h e i n t e g e r s p a n d r a r e g i v e n i n d e c i m a l f o r m ; b i t s t r i n g s a n d e l d e l e m e n t s

a r e g i v e n i n h e x .

1

T h e s e l e c t i o n a = 0 3 f o r t h e c o e c i e n t o f x w a s m a d e f o r r e a s o n s o f e c i e n c y ;

s e e I E E E P 1 3 6 3 .


6/43

C u r v e P - 1 9 2

p = 6 2 7 7 1 0 1 7 3 5 3 8 6 6 8 0 7 6 3 8 3 5 7 8 9 4 2 3 2 0 7 6 6 6 4 1 6 0 8 3 9 0 8 7 n

0 0 3 9 0 3 2 4 9 6 1 2 7 9

r = 6 2 7 7 1 0 1 7 3 5 3 8 6 6 8 0 7 6 3 8 3 5 7 8 9 4 2 3 1 7 6 0 5 9 0 1 3 7 6 7 1 9 4 7 n

7 3 1 8 2 8 4 2 2 8 4 0 8 1

s = 3 0 4 5 a e 6 f c 8 4 2 2 f 6 4 e d 5 7 9 5 2 8 d 3 8 1 2 0 e a e 1 2 1 9 6 d 5

c = 3 0 9 9 d 2 b b

b f c b 2 5 3 8 5 4 2 d c d 5 f b 0 7 8 b 6 e f 5 f 3 d 6 f e 2 c 7 4 5 d e 6 5

b = 6 4 2 1 0 5 1 9

e 5 9 c 8 0 e 7 0 f a 7 e 9 a b 7 2 2 4 3 0 4 9 f e b 8 d e e c c 1 4 6 b 9 b 1

G

x

= 1 8 8 d a 8 0 e

b 0 3 0 9 0 f 6 7 c b f 2 0 e b 4 3 a 1 8 8 0 0 f 4 f f 0 a f d 8 2 f f 1 0 1 2

G

y

= 0 7 1 9 2 b 9 5

f f c 8 d a 7 8 6 3 1 0 1 1 e d 6 b 2 4 c d d 5 7 3 f 9 7 7 a 1 1 e 7 9 4 8 1 1


7/43

C u r v e P - 2 2 4

p = 2 6 9 5 9 9 4 6 6 6 7 1 5 0 6 3 9 7 9 4 6 6 7 0 1 5 0 8 7 0 1 9 6 3 0 6 7 3 5 5 7 9 1 6 n

2 6 0 0 2 6 3 0 8 1 4 3 5 1 0 0 6 6 2 9 8 8 8 1

r = 2 6 9 5 9 9 4 6 6 6 7 1 5 0 6 3 9 7 9 4 6 6 7 0 1 5 0 8 7 0 1 9 6 2 5 9 4 0 4 5 7 8 0 7 n

7 1 4 4 2 4 3 9 1 7 2 1 6 8 2 7 2 2 3 6 8 0 6 1

s = b d 7 1 3 4 4 7 9 9 d 5 c 7 f c d c 4 5 b 5 9 f a 3 b 9 a b 8 f 6 a 9 4 8 b c 5

c = 5 b 0 5 6 c 7 e 1 1 d d 6 8 f 4

0 4 6 9 e e 7 f 3 c 7 a 7 d 7 4 f 7 d 1 2 1 1 1 6 5 0 6 d 0 3 1 2 1 8 2 9 1 f b

b = b 4 0 5 0 a 8 5 0 c 0 4 b 3 a b

f 5 4 1 3 2 5 6 5 0 4 4 b 0 b 7 d 7 b f d 8 b a 2 7 0 b 3 9 4 3 2 3 5 5 f f b 4

G

x

= b 7 0 e 0 c b d 6 b b 4 b f 7 f

3 2 1 3 9 0 b 9 4 a 0 3 c 1 d 3 5 6 c 2 1 1 2 2 3 4 3 2 8 0 d 6 1 1 5 c 1 d 2 1

G

y

= b d 3 7 6 3 8 8 b 5 f 7 2 3 f b

4 c 2 2 d f e 6 c d 4 3 7 5 a 0 5 a 0 7 4 7 6 4 4 4 d 5 8 1 9 9 8 5 0 0 7 e 3 4


8/43

C u r v e P - 2 5 6

p = 1 1 5 7 9 2 0 8 9 2 1 0 3 5 6 2 4 8 7 6 2 6 9 7 4 4 6 9 4 9 4 0 7 5 7 3 5 3 0 0 8 6 1 4 n

3 4 1 5 2 9 0 3 1 4 1 9 5 5 3 3 6 3 1 3 0 8 8 6 7 0 9 7 8 5 3 9 5 1

r = 1 1 5 7 9 2 0 8 9 2 1 0 3 5 6 2 4 8 7 6 2 6 9 7 4 4 6 9 4 9 4 0 7 5 7 3 5 2 9 9 9 6 9 5 n

5 2 2 4 1 3 5 7 6 0 3 4 2 4 2 2 2 5 9 0 6 1 0 6 8 5 1 2 0 4 4 3 6 9

s = c 4 9 d 3 6 0 8 8 6 e 7 0 4 9 3 6 a 6 6 7 8 e 1 1 3 9 d 2 6 b 7 8 1 9 f 7 e 9 0

c = 7 e f b a 1 6 6 2 9 8 5 b e 9 4 0 3 c b 0 5 5 c

7 5 d 4 f 7 e 0 c e 8 d 8 4 a 9 c 5 1 1 4 a b c a f 3 1 7 7 6 8 0 1 0 4 f a 0 d

b = 5 a c 6 3 5 d 8 a a 3 a 9 3 e 7 b 3 e b b d 5 5

7 6 9 8 8 6 b c 6 5 1 d 0 6 b 0 c c 5 3 b 0 f 6 3 b c e 3 c 3 e 2 7 d 2 6 0 4 b

G

x

= 6 b 1 7 d 1 f 2 e 1 2 c 4 2 4 7 f 8 b c e 6 e 5

6 3 a 4 4 0 f 2 7 7 0 3 7 d 8 1 2 d e b 3 3 a 0 f 4 a 1 3 9 4 5 d 8 9 8 c 2 9 6

G

y

= 4 f e 3 4 2 e 2 f e 1 a 7 f 9 b 8 e e 7 e b 4 a

7 c 0 f 9 e 1 6 2 b c e 3 3 5 7 6 b 3 1 5 e c e c b b 6 4 0 6 8 3 7 b f 5 1 f 5


9/43

C u r v e P - 3 8 4

p = 3 9 4 0 2 0 0 6 1 9 6 3 9 4 4 7 9 2 1 2 2 7 9 0 4 0 1 0 0 1 4 3 6 1 3 8 0 5 0 7 9 7 3 9 n

2 7 0 4 6 5 4 4 6 6 6 7 9 4 8 2 9 3 4 0 4 2 4 5 7 2 1 7 7 1 4 9 6 8 7 0 3 2 9 0 4 7 2 6 n

6 0 8 8 2 5 8 9 3 8 0 0 1 8 6 1 6 0 6 9 7 3 1 1 2 3 1 9

r = 3 9 4 0 2 0 0 6 1 9 6 3 9 4 4 7 9 2 1 2 2 7 9 0 4 0 1 0 0 1 4 3 6 1 3 8 0 5 0 7 9 7 3 9 n

2 7 0 4 6 5 4 4 6 6 6 7 9 4 6 9 0 5 2 7 9 6 2 7 6 5 9 3 9 9 1 1 3 2 6 3 5 6 9 3 9 8 9 5 n

6 3 0 8 1 5 2 2 9 4 9 1 3 5 5 4 4 3 3 6 5 3 9 4 2 6 4 3

s = a 3 3 5 9 2 6 a a 3 1 9 a 2 7 a 1 d 0 0 8 9 6 a 6 7 7 3 a 4 8 2 7 a c d a c 7 3

c = 7 9 d 1 e 6 5 5 f 8 6 8 f 0 2 f

f f 4 8 d c d e e 1 4 1 5 1 d d b 8 0 6 4 3 c 1 4 0 6 d 0 c a 1 0 d f e 6 f c 5

2 0 0 9 5 4 0 a 4 9 5 e 8 0 4 2 e a 5 f 7 4 4 f 6 e 1 8 4 6 6 7 c c 7 2 2 4 8 3

b = b 3 3 1 2 f a 7 e 2 3 e e 7 e 4

9 8 8 e 0 5 6 b e 3 f 8 2 d 1 9 1 8 1 d 9 c 6 e f e 8 1 4 1 1 2 0 3 1 4 0 8 8 f

5 0 1 3 8 7 5 a c 6 5 6 3 9 8 d 8 a 2 e d 1 9 d 2 a 8 5 c 8 e d d 3 e c 2 a e f

G

x

= a a 8 7 c a 2 2 b e 8 b 0 5 3 7

8 e b 1 c 7 1 e f 3 2 0 a d 7 4 6 e 1 d 3 b 6 2 8 b a 7 9 b 9 8 5 9 f 7 4 1 e 0

8 2 5 4 2 a 3 8 5 5 0 2 f 2 5 d b f 5 5 2 9 6 c 3 a 5 4 5 e 3 8 7 2 7 6 0 a b 7

G

y

= 3 6 1 7 d e 4 a 9 6 2 6 2 c 6 f

5 d 9 e 9 8 b f 9 2 9 2 d c 2 9 f 8 f 4 1 d b d 2 8 9 a 1 4 7 c e 9 d a 3 1 1 3

b 5 f 0 b 8 c 0 0 a 6 0 b 1 c e 1 d 7 e 8 1 9 d 7 a 4 3 1 d 7 c 9 0 e a 0 e 5 f


10/43

C u r v e P - 5 2 1

p = 6 8 6 4 7 9 7 6 6 0 1 3 0 6 0 9 7 1 4 9 8 1 9 0 0 7 9 9 0 8 1 3 9 3 2 1 7 2 6 9 4 3 5 3 n

0 0 1 4 3 3 0 5 4 0 9 3 9 4 4 6 3 4 5 9 1 8 5 5 4 3 1 8 3 3 9 7 6 5 6 0 5 2 1 2 2 5 5 9 n

6 4 0 6 6 1 4 5 4 5 5 4 9 7 7 2 9 6 3 1 1 3 9 1 4 8 0 8 5 8 0 3 7 1 2 1 9 8 7 9 9 9 7 1 n

6 6 4 3 8 1 2 5 7 4 0 2 8 2 9 1 1 1 5 0 5 7 1 5 1

r = 6 8 6 4 7 9 7 6 6 0 1 3 0 6 0 9 7 1 4 9 8 1 9 0 0 7 9 9 0 8 1 3 9 3 2 1 7 2 6 9 4 3 5 3 n

0 0 1 4 3 3 0 5 4 0 9 3 9 4 4 6 3 4 5 9 1 8 5 5 4 3 1 8 3 3 9 7 6 5 5 3 9 4 2 4 5 0 5 7 n

7 4 6 3 3 3 2 1 7 1 9 7 5 3 2 9 6 3 9 9 6 3 7 1 3 6 3 3 2 1 1 1 3 8 6 4 7 6 8 6 1 2 4 4 n

0 3 8 0 3 4 0 3 7 2 8 0 8 8 9 2 7 0 7 0 0 5 4 4 9

s = d 0 9 e 8 8 0 0 2 9 1 c b 8 5 3 9 6 c c 6 7 1 7 3 9 3 2 8 4 a a a 0 d a 6 4 b a

c = 0 b 4 8 b f a 5 f 4 2

0 a 3 4 9 4 9 5 3 9 d 2 b d f c 2 6 4 e e e e b 0 7 7 6 8 8 e 4 4 f b f 0 a d 8

f 6 d 0 e d b 3 7 b d 6 b 5 3 3 2 8 1 0 0 0 5 1 8 e 1 9 f 1 b 9 f f b e 0 f e 9

e d 8 a 3 c 2 2 0 0 b 8 f 8 7 5 e 5 2 3 8 6 8 c 7 0 c 1 e 5 b f 5 5 b a d 6 3 7

b = 0 5 1 9 5 3 e b 9 6 1

8 e 1 c 9 a 1 f 9 2 9 a 2 1 a 0 b 6 8 5 4 0 e e a 2 d a 7 2 5 b 9 9 b 3 1 5 f 3

b 8 b 4 8 9 9 1 8 e f 1 0 9 e 1 5 6 1 9 3 9 5 1 e c 7 e 9 3 7 b 1 6 5 2 c 0 b d

3 b b 1 b f 0 7 3 5 7 3 d f 8 8 3 d 2 c 3 4 f 1 e f 4 5 1 f d 4 6 b 5 0 3 f 0 0

G

x

= c 6 8 5 8 e 0 6 b 7

0 4 0 4 e 9 c d 9 e 3 e c b 6 6 2 3 9 5 b 4 4 2 9 c 6 4 8 1 3 9 0 5 3 f b 5 2 1

f 8 2 8 a f 6 0 6 b 4 d 3 d b a a 1 4 b 5 e 7 7 e f e 7 5 9 2 8 f e 1 d c 1 2 7

a 2 f f a 8 d e 3 3 4 8 b 3 c 1 8 5 6 a 4 2 9 b f 9 7 e 7 e 3 1 c 2 e 5 b d 6 6

G

y

= 1 1 8 3 9 2 9 6 a 7 8

9 a 3 b c 0 0 4 5 c 8 a 5 f b 4 2 c 7 d 1 b d 9 9 8 f 5 4 4 4 9 5 7 9 b 4 4 6 8

1 7 a f b d 1 7 2 7 3 e 6 6 2 c 9 7 e e 7 2 9 9 5 e f 4 2 6 4 0 c 5 5 0 b 9 0 1

3 f a d 0 7 6 1 3 5 3 c 7 0 8 6 a 2 7 2 c 2 4 0 8 8 b e 9 4 7 6 9 f d 1 6 6 5 0


11/43

x 3 . C u r v e s o v e r B i n a r y F i e l d s

F o r e a c h e l d d e g r e e m , a p s e u d o - r a n d o m c u r v e i s g i v e n , a l o n g w i t h

a K o b l i t z c u r v e . T h e p s e u d o - r a n d o m c u r v e h a s t h e f o r m

E : y

2

+ x y = x

3

+ x

2

+ b ;

a n d t h e K o b l i t z c u r v e h a s t h e f o r m

E

a

: y

2

+ x y = x

3

+ a x

2

+ 1

w h e r e a = 0 o r 1 .

F o r e a c h p s e u d o - r a n d o m c u r v e , t h e c o f a c t o r i s f = 2 . T h e c o f a c t o r o f

e a c h K o b l i t z c u r v e i s f = 2 i f a = 1 a n d f = 4 i f a = 0 .

T h e c o e c i e n t s o f t h e p s e u d o - r a n d o m c u r v e s , a n d t h e c o o r d i n a t e s o f

t h e b a s e p o i n t s o f b o t h k i n d s o f c u r v e s , a r e g i v e n i n t e r m s o f b o t h t h e

p o l y n o m i a l a n d n o r m a l b a s i s r e p r e s e n t a t i o n s d i s c u s s e d i n x 1 . 3 .


12/43

F o r e a c h m , t h e f o l l o w i n g p a r a m e t e r s a r e g i v e n :

F i e l d R e p r e s e n t a t i o n :

T h e n o r m a l b a s i s t y p e T

T h e e l d p o l y n o m i a l ( t r i n o m i a l o r p e n t a n o m i a l )

K o b l i t z C u r v e :

T h e c o e c i e n t a

T h e b a s e p o i n t o r d e r r


x


y

P s e u d o - r a n d o m c u r v e :

T h e b a s e p o i n t o r d e r r

P s e u d o - r a n d o m c u r v e ( P o l y n o m i a l B a s i s r e p r e s e n t a t i o n ) :

T h e c o e c i e n t b


x


y

P s e u d o - r a n d o m c u r v e ( N o r m a l B a s i s r e p r e s e n t a t i o n ) :

T h e 1 6 0 - b i t i n p u t s e e d s t o t h e S H A - 1 b a s e d a l g o r i t h m

T h e c o e c i e n t b ( i . e . , t h e o u t p u t o f t h e S H A - 1 b a s e d a l g o r i t h m )


x


y

I n t e g e r s ( s u c h a s T , m , a n d r ) a r e g i v e n i n d e c i m a l f o r m ; b i t s t r i n g s a n d

e l d e l e m e n t s a r e g i v e n i n h e x .


13/43

D e g r e e 1 6 3 B i n a r y F i e l d

T = 4

p ( t ) = t

1 6 3

+ t

7

+ t

6

+ t

3

+ 1

C u r v e K - 1 6 3

a = 1

r = 5 8 4 6 0 0 6 5 4 9 3 2 3 6 1 1 6 7 2 8 1 4 7 4 1 7 5 3 5 9 8 4 4 8 3 4 8 3 2 9 1 1 8 5 7 4 0 6 3

P o l y n o m i a l B a s i s :

G

x

= 2 f e 1 3 c 0 5 3 7 b b c 1 1 a c a a 0 7 d 7 9 3 d e 4 e 6 d 5 e 5 c 9 4 e e e 8

G

y

= 2 8 9 0 7 0 f b 0 5 d 3 8 f f 5 8 3 2 1 f 2 e 8 0 0 5 3 6 d 5 3 8 c c d a a 3 d 9

N o r m a l B a s i s :

G

x

= 0 5 6 7 9 b 3 5 3 c a a 4 6 8 2 5 f e a 2 d 3 7 1 3 b a 4 5 0 d a 0 c 2 a 4 5 4 1

G

y

= 2 3 5 b 7 c 6 7 1 0 0 5 0 6 8 9 9 0 6 b a c 3 d 9 d e c 7 6 a 8 3 5 5 9 1 e d b 2

C u r v e B - 1 6 3

r = 5 8 4 6 0 0 6 5 4 9 3 2 3 6 1 1 6 7 2 8 1 4 7 4 2 4 4 2 8 7 6 3 9 0 6 8 9 2 5 6 8 4 3 2 0 1 5 8 7


b = 2 0 a 6 0 1 9 0 7 b 8 c 9 5 3 c a 1 4 8 1 e b 1 0 5 1 2 f 7 8 7 4 4 a 3 2 0 5 f d

G

x

= 3 f 0 e b a 1 6 2 8 6 a 2 d 5 7 e a 0 9 9 1 1 6 8 d 4 9 9 4 6 3 7 e 8 3 4 3 e 3 6

G

y

= 0 d 5 1 f b c 6 c 7 1 a 0 0 9 4 f a 2 c d d 5 4 5 b 1 1 c 5 c 0 c 7 9 7 3 2 4 f 1


14/43


s = 8 5 e 2 5 b f e 5 c 8 6 2 2 6 c d b 1 2 0 1 6 f 7 5 5 3 f 9 d 0 e 6 9 3 a 2 6 8

b = 6 6 4 5 f 3 c a c f 1 6 3 8 e 1 3 9 c 6 c d 1 3 e f 6 1 7 3 4 f b c 9 e 3 d 9 f b

G

x

= 0 3 1 1 1 0 3 c 1 7 1 6 7 5 6 4 a c e 7 7 c c b 0 9 c 6 8 1 f 8 8 6 b a 5 4 e e 8

G

y

= 3 3 3 a c 1 3 c 6 4 4 7 f 2 e 6 7 6 1 3 b f 7 0 0 9 d a f 9 8 c 8 7 b b 5 0 c 7 f


T = 2

p ( t ) = t

2 3 3

+ t

7 4

+ 1

C u r v e K - 2 3 3

a = 0

r = 3 4 5 0 8 7 3 1 7 3 3 9 5 2 8 1 8 9 3 7 1 7 3 7 7 9 3 1 1 3 8 5 1 2 7 6 0 5 7 0 9 4 0 9 8 8 8 6 2 2 5 2 1 n

2 6 3 2 8 0 8 7 0 2 4 7 4 1 3 4 3


G

x

= 1 7 2 3 2 b a 8 5 3 a 7 e 7 3 1 a f 1

2 9 f 2 2 f f 4 1 4 9 5 6 3 a 4 1 9 c 2 6 b f 5 0 a 4 c 9 d 6 e e f a d 6 1 2 6

G

y

= 1 d b 5 3 7 d e c e 8 1 9 b 7 f 7 0 f

5 5 5 a 6 7 c 4 2 7 a 8 c d 9 b f 1 8 a e b 9 b 5 6 e 0 c 1 1 0 5 6 f a e 6 a 3


G

x

= 0 f d e 7 6 d 9 d c d 2 6 e 6 4 3 a c

2 6 f 1 a a 9 0 1 a a 1 2 9 7 8 4 b 7 1 f c 0 7 2 2 b 2 d 0 5 6 1 4 d 6 5 0 b 3

G

y

= 0 6 4 3 e 3 1 7 6 3 3 1 5 5 c 9 e 0 4

4 7 b a 8 0 2 0 a 3 c 4 3 1 7 7 4 5 0 e e 0 3 6 d 6 3 3 5 0 1 4 3 4 c a c 9 7 8


15/43

C u r v e B - 2 3 3

r = 6 9 0 1 7 4 6 3 4 6 7 9 0 5 6 3 7 8 7 4 3 4 7 5 5 8 6 2 2 7 7 0 2 5 5 5 5 8 3 9 8 1 2 7 3 7 3 4 5 0 1 3 5 n

5 5 3 7 9 3 8 3 6 3 4 4 8 5 4 6 3


b = 0 6 6 6 4 7 e d e 6 c 3 3 2 c 7 f 8 c

0 9 2 3 b b 5 8 2 1 3 b 3 3 3 b 2 0 e 9 c e 4 2 8 1 f e 1 1 5 f 7 d 8 f 9 0 a d

G

x

= 0 f a c 9 d f c b a c 8 3 1 3 b b 2 1

3 9 f 1 b b 7 5 5 f e f 6 5 b c 3 9 1 f 8 b 3 6 f 8 f 8 e b 7 3 7 1 f d 5 5 8 b

G

y

= 1 0 0 6 a 0 8 a 4 1 9 0 3 3 5 0 6 7 8

e 5 8 5 2 8 b e b f 8 a 0 b e f f 8 6 7 a 7 c a 3 6 7 1 6 f 7 e 0 1 f 8 1 0 5 2


s = 7 4 d 5 9 f f 0 7 f 6 b 4 1 3 d 0 e a 1 4 b 3 4 4 b 2 0 a 2 d b 0 4 9 b 5 0 c 3

b = 1 a 0 0 3 e 0 9 6 2 d 4 f 9 a 8 e 4 0

7 c 9 0 4 a 9 5 3 8 1 6 3 a d b 8 2 5 2 1 2 6 0 0 c 7 7 5 2 a d 5 2 2 3 3 2 7 9

G

x

= 1 8 b 8 6 3 5 2 4 b 3 c d f e f b 9 4

f 2 7 8 4 e 0 b 1 1 6 f a a c 5 4 4 0 4 b c 9 1 6 2 a 3 6 3 b a b 8 4 a 1 4 c 5

G

y

= 0 4 9 2 5 d f 7 7 b d 8 b 8 f f 1 a 5

f f 5 1 9 4 1 7 8 2 2 b f e d f 2 b b d 7 5 2 6 4 4 2 9 2 c 9 8 c 7 a f 6 e 0 2


16/43


T = 6

p ( t ) = t

2 8 3

+ t

1 2

+ t

7

+ t

5

+ 1

C u r v e K - 2 8 3

a = 0

r = 3 8 8 5 3 3 7 7 8 4 4 5 1 4 5 8 1 4 1 8 3 8 9 2 3 8 1 3 6 4 7 0 3 7 8 1 3 2 8 4 8 1 1 7 3 3 7 9 3 0 6 1 3 n

2 4 2 9 5 8 7 4 9 9 7 5 2 9 8 1 5 8 2 9 7 0 4 4 2 2 6 0 3 8 7 3


G

x

= 5 0 3 2 1 3 f 7 8 c a 4 4 8 8 3 f 1 a 3 b 8 1 6 2 f 1 8 8 e 5

5 3 c d 2 6 5 f 2 3 c 1 5 6 7 a 1 6 8 7 6 9 1 3 b 0 c 2 a c 2 4 5 8 4 9 2 8 3 6

G

y

= 1 c c d a 3 8 0 f 1 c 9 e 3 1 8 d 9 0 f 9 5 d 0 7 e 5 4 2 6 f

e 8 7 e 4 5 c 0 e 8 1 8 4 6 9 8 e 4 5 9 6 2 3 6 4 e 3 4 1 1 6 1 7 7 d d 2 2 5 9


G

x

= 3 a b 9 5 9 3 f 8 d b 0 9 f c 1 8 8 f 1 d 7 c 4 a c 9 f c c 3

e 5 7 f c d 3 b d b 1 5 0 2 4 b 2 1 2 c 7 0 2 2 9 d e 5 f c d 9 2 e b 0 e a 6 0

G

y

= 2 1 1 8 c 4 7 5 5 e 7 3 4 5 c d 8 f 6 0 3 e f 9 3 b 9 8 b 1 0

6 f e 8 8 5 4 f f e b 9 a 3 b 3 0 4 6 3 4 c c 8 3 a 0 e 7 5 9 f 0 c 2 6 8 6 b 1


17/43

C u r v e B - 2 8 3

r = 7 7 7 0 6 7 5 5 6 8 9 0 2 9 1 6 2 8 3 6 7 7 8 4 7 6 2 7 2 9 4 0 7 5 6 2 6 5 6 9 6 2 5 9 2 4 3 7 6 9 0 4 8 n

8 9 1 0 9 1 9 6 5 2 6 7 7 0 0 4 4 2 7 7 7 8 7 3 7 8 6 9 2 8 7 1


b = 2 7 b 6 8 0 a c 8 b 8 5 9 6 d a 5 a 4 a f 8 a 1 9 a 0 3 0 3 f

c a 9 7 f d 7 6 4 5 3 0 9 f a 2 a 5 8 1 4 8 5 a f 6 2 6 3 e 3 1 3 b 7 9 a 2 f 5

G

x

= 5 f 9 3 9 2 5 8 d b 7 d d 9 0 e 1 9 3 4 f 8 c 7 0 b 0 d f e c

2 e e d 2 5 b 8 5 5 7 e a c 9 c 8 0 e 2 e 1 9 8 f 8 c d b e c d 8 6 b 1 2 0 5 3

G

y

= 3 6 7 6 8 5 4 f e 2 4 1 4 1 c b 9 8 f e 6 d 4 b 2 0 d 0 2 b 4

5 1 6 f f 7 0 2 3 5 0 e d d b 0 8 2 6 7 7 9 c 8 1 3 f 0 d f 4 5 b e 8 1 1 2 f 4


s = 7 7 e 2 b 0 7 3 7 0 e b 0 f 8 3 2 a 6 d d 5 b 6 2 d f c 8 8 c d 0 6 b b 8 4 b e

b = 1 5 7 2 6 1 b 8 9 4 7 3 9 f b 5 a 1 3 5 0 3 f 5 5 f 0 b 3 f 1

0 c 5 6 0 1 1 6 6 6 3 3 1 0 2 2 0 1 1 3 8 c c 1 8 0 c 0 2 0 6 b d a f b c 9 5 1

G

x

= 7 4 9 4 6 8 e 4 6 4 e e 4 6 8 6 3 4 b 2 1 f 7 f 6 1 c b 7 0 0

7 0 1 8 1 7 e 6 b c 3 6 a 2 3 6 4 c b 8 9 0 6 e 9 4 0 9 4 8 e a a 4 6 3 c 3 5 d

G

y

= 6 2 9 6 8 b d 3 b 4 8 9 a c 5 c 9 b 8 5 9 d a 6 8 4 7 5 c 3 1

5 b a f c d c 4 c c d 0 d c 9 0 5 b 7 0 f 6 2 4 4 6 f 4 9 c 0 5 2 f 4 9 c 0 8 c


18/43


T = 4

p ( t ) = t

4 0 9

+ t

8 7

+ 1

C u r v e K - 4 0 9

a = 0

r = 3 3 0 5 2 7 9 8 4 3 9 5 1 2 4 2 9 9 4 7 5 9 5 7 6 5 4 0 1 6 3 8 5 5 1 9 9 1 4 2 0 2 3 4 1 4 8 2 1 4 0 6 0 n

9 6 4 2 3 2 4 3 9 5 0 2 2 8 8 0 7 1 1 2 8 9 2 4 9 1 9 1 0 5 0 6 7 3 2 5 8 4 5 7 7 7 7 4 5 8 0 1 4 0 9 6 3 n

6 6 5 9 0 6 1 7 7 3 1 3 5 8 6 7 1


G

x

= 0 6 0 f 0 5 f 6 5 8 f 4 9 c 1 a d 3 a b 1 8 9

0 f 7 1 8 4 2 1 0 e f d 0 9 8 7 e 3 0 7 c 8 4 c 2 7 a c c f b 8 f 9 f 6 7 c c 2

c 4 6 0 1 8 9 e b 5 a a a a 6 2 e e 2 2 2 e b 1 b 3 5 5 4 0 c f e 9 0 2 3 7 4 6

G

y

= 1 e 3 6 9 0 5 0 b 7 c 4 e 4 2 a c b a 1 d a c

b f 0 4 2 9 9 c 3 4 6 0 7 8 2 f 9 1 8 e a 4 2 7 e 6 3 2 5 1 6 5 e 9 e a 1 0 e 3

d a 5 f 6 c 4 2 e 9 c 5 5 2 1 5 a a 9 c a 2 7 a 5 8 6 3 e c 4 8 d 8 e 0 2 8 6 b


G

x

= 1 b 5 5 9 c 7 c b a 2 4 2 2 e 3 a f f e 1 3 3

4 3 e 8 0 8 b 5 5 e 0 1 2 d 7 2 6 c a 0 b 7 e 6 a 6 3 a e a f b c 1 e 3 a 9 8 e

1 0 c a 0 f c f 9 8 3 5 0 c 3 b 7 f 8 9 a 9 7 5 4 a 8 e 1 d c 0 7 1 3 c e c 4 a

G

y

= 1 6 d 8 c 4 2 0 5 2 f 0 7 e 7 7 1 3 e 7 4 9 0

e f f 3 1 8 b a 1 a b d 6 f e f 8 a 5 4 3 3 c 8 9 4 b 2 4 f 5 c 8 1 7 a e b 7 9

8 5 2 4 9 6 f b e e 8 0 3 a 4 7 b c 8 a 2 0 3 8 7 8 e b f 1 c 4 9 9 a f d 7 d 6


19/43

C u r v e B - 4 0 9

r = 6 6 1 0 5 5 9 6 8 7 9 0 2 4 8 5 9 8 9 5 1 9 1 5 3 0 8 0 3 2 7 7 1 0 3 9 8 2 8 4 0 4 6 8 2 9 6 4 2 8 1 2 1 n

9 2 8 4 6 4 8 7 9 8 3 0 4 1 5 7 7 7 4 8 2 7 3 7 4 8 0 5 2 0 8 1 4 3 7 2 3 7 6 2 1 7 9 1 1 0 9 6 5 9 7 9 8 n

6 7 2 8 8 3 6 6 5 6 7 5 2 6 7 7 1


b = 0 2 1 a 5 c 2 c 8 e e 9 f e b 5 c 4 b 9 a 7 5

3 b 7 b 4 7 6 b 7 f d 6 4 2 2 e f 1 f 3 d d 6 7 4 7 6 1 f a 9 9 d 6 a c 2 7 c 8

a 9 a 1 9 7 b 2 7 2 8 2 2 f 6 c d 5 7 a 5 5 a a 4 f 5 0 a e 3 1 7 b 1 3 5 4 5 f

G

x

= 1 5 d 4 8 6 0 d 0 8 8 d d b 3 4 9 6 b 0 c 6 0

6 4 7 5 6 2 6 0 4 4 1 c d e 4 a f 1 7 7 1 d 4 d b 0 1 f f e 5 b 3 4 e 5 9 7 0 3

d c 2 5 5 a 8 6 8 a 1 1 8 0 5 1 5 6 0 3 a e a b 6 0 7 9 4 e 5 4 b b 7 9 9 6 a 7

G

y

= 0 6 1 b 1 c f a b 6 b e 5 f 3 2 b b f a 7 8 3

2 4 e d 1 0 6 a 7 6 3 6 b 9 c 5 a 7 b d 1 9 8 d 0 1 5 8 a a 4 f 5 4 8 8 d 0 8 f

3 8 5 1 4 f 1 f d f 4 b 4 f 4 0 d 2 1 8 1 b 3 6 8 1 c 3 6 4 b a 0 2 7 3 c 7 0 6


s = 4 0 9 9 b 5 a 4 5 7 f 9 d 6 9 f 7 9 2 1 3 d 0 9 4 c 4 b c d 4 d 4 2 6 2 2 1 0 b

b = 1 2 4 d 0 6 5 1 c 3 d 3 7 7 2 f 7 f 5 a 1 f e

6 e 7 1 5 5 5 9 e 2 1 2 9 b d f a 0 4 d 5 2 f 7 b 6 a c 7 c 5 3 2 c f 0 e d 0 6

f 6 1 0 0 7 2 d 8 8 a d 2 f d c c 5 0 c 6 f d e 7 2 8 4 3 6 7 0 f 8 b 3 7 4 2 a

G

x

= 0 c e a c b c 9 f 4 7 5 7 6 7 d 8 e 6 9 f 3 b

5 d f a b 3 9 8 1 3 6 8 5 2 6 2 b c a c f 2 2 b 8 4 c 7 b 6 d d 9 8 1 8 9 9 e 7

3 1 8 c 9 6 f 0 7 6 1 f 7 7 c 6 0 2 c 0 1 6 c e d 7 c 5 4 8 d e 8 3 0 d 7 0 8 f

G

y

= 1 9 9 d 6 4 b a 8 f 0 8 9 c 6 d b 0 e 0 b 6 1

e 8 0 b b 9 5 9 3 4 a f d 0 c a f 2 e 8 b e 7 6 d 1 c 5 e 9 a f f c 7 4 7 6 d f

4 9 1 4 2 6 9 1 a d 3 0 3 9 0 2 8 8 a a 0 9 b c c 5 9 c 1 5 7 3 a a 3 c 0 0 9 a


20/43


T = 1 0

p ( t ) = t

5 7 1

+ t

1 0

+ t

5

+ t

2

+ 1

C u r v e K - 5 7 1

a = 0

r = 1 9 3 2 2 6 8 7 6 1 5 0 8 6 2 9 1 7 2 3 4 7 6 7 5 9 4 5 4 6 5 9 9 3 6 7 2 1 4 9 4 6 3 6 6 4 8 5 3 2 1 7 4 n

9 9 3 2 8 6 1 7 6 2 5 7 2 5 7 5 9 5 7 1 1 4 4 7 8 0 2 1 2 2 6 8 1 3 3 9 7 8 5 2 2 7 0 6 7 1 1 8 3 4 7 0 6 n

7 1 2 8 0 0 8 2 5 3 5 1 4 6 1 2 7 3 6 7 4 9 7 4 0 6 6 6 1 7 3 1 1 9 2 9 6 8 2 4 2 1 6 1 7 0 9 2 5 0 3 5 5 n

5 7 3 3 6 8 5 2 7 6 6 7 3


G

x

= 2 6 e b 7 a 8 5 9 9 2 3 f b c 8 2 1 8 9 6 3 1

f 8 1 0 3 f e 4 a c 9 c a 2 9 7 0 0 1 2 d 5 d 4 6 0 2 4 8 0 4 8 0 1 8 4 1 c a 4

4 3 7 0 9 5 8 4 9 3 b 2 0 5 e 6 4 7 d a 3 0 4 d b 4 c e b 0 8 c b b d 1 b a 3 9

4 9 4 7 7 6 f b 9 8 8 b 4 7 1 7 4 d c a 8 8 c 7 e 2 9 4 5 2 8 3 a 0 1 c 8 9 7 2

G

y

= 3 4 9 d c 8 0 7 f 4 f b f 3 7 4 f 4 a e a d e

3 b c a 9 5 3 1 4 d d 5 8 c e c 9 f 3 0 7 a 5 4 f f c 6 1 e f c 0 0 6 d 8 a 2 c

9 d 4 9 7 9 c 0 a c 4 4 a e a 7 4 f b e b b b 9 f 7 7 2 a e d c b 6 2 0 b 0 1 a

7 b a 7 a f 1 b 3 2 0 4 3 0 c 8 5 9 1 9 8 4 f 6 0 1 c d 4 c 1 4 3 e f 1 c 7 a 3


21/43


G

x

= 0 4 b b 2 d b a 4 1 8 d 0 d b 1 0 7 a d a e 0

0 3 4 2 7 e 5 d 7 c c 1 3 9 a c b 4 6 5 e 5 9 3 4 f 0 b e a 2 a b 2 f 3 6 2 2 b

c 2 9 b 3 d 5 b 9 a a 7 a 1 f d f d 5 d 8 b e 6 6 0 5 7 c 1 0 0 8 e 7 1 e 4 8 4

b c d 9 8 f 2 2 b f 8 4 7 6 4 2 3 7 6 7 3 6 7 4 2 9 e f 2 e c 5 b c 3 e b c f 7

G

y

= 4 4 c b b 5 7 d e 2 0 7 8 8 d 2 c 9 5 2 d 7 b

5 6 c f 3 9 b d 3 e 8 9 b 1 8 9 8 4 b d 1 2 4 e 7 5 1 c e f f 4 3 6 9 d d 8 d a

c 6 a 5 9 e 6 e 7 4 5 d f 4 4 d 8 2 2 0 c e 2 2 a a 2 c 8 5 2 c f c b b e f 4 9

e b a a 9 8 b d 2 4 8 3 e 3 3 1 8 0 e 0 4 2 8 6 f e a a 2 5 3 0 5 0 c a f f 6 0

C u r v e B - 5 7 1

r = 3 8 6 4 5 3 7 5 2 3 0 1 7 2 5 8 3 4 4 6 9 5 3 5 1 8 9 0 9 3 1 9 8 7 3 4 4 2 9 8 9 2 7 3 2 9 7 0 6 4 3 4 9 n

9 8 6 5 7 2 3 5 2 5 1 4 5 1 5 1 9 1 4 2 2 8 9 5 6 0 4 2 4 5 3 6 1 4 3 9 9 9 3 8 9 4 1 5 7 7 3 0 8 3 1 3 3 n

8 8 1 1 2 1 9 2 6 9 4 4 4 8 6 2 4 6 8 7 2 4 6 2 8 1 6 8 1 3 0 7 0 2 3 4 5 2 8 2 8 8 3 0 3 3 3 2 4 1 1 3 9 n

3 1 9 1 1 0 5 2 8 5 7 0 3


b = 2 f 4 0 e 7 e 2 2 2 1 f 2 9 5 d e 2 9 7 1 1 7

b 7 f 3 d 6 2 f 5 c 6 a 9 7 f f c b 8 c e f f 1 c d 6 b a 8 c e 4 a 9 a 1 8 a d

8 4 f f a b b d 8 e f a 5 9 3 3 2 b e 7 a d 6 7 5 6 a 6 6 e 2 9 4 a f d 1 8 5 a

7 8 f f 1 2 a a 5 2 0 e 4 d e 7 3 9 b a c a 0 c 7 f f e f f 7 f 2 9 5 5 7 2 7 a

G

x

= 3 0 3 0 0 1 d 3 4 b 8 5 6 2 9 6 c 1 6 c 0 d 4

0 d 3 c d 7 7 5 0 a 9 3 d 1 d 2 9 5 5 f a 8 0 a a 5 f 4 0 f c 8 d b 7 b 2 a b d

b d e 5 3 9 5 0 f 4 c 0 d 2 9 3 c d d 7 1 1 a 3 5 b 6 7 f b 1 4 9 9 a e 6 0 0 3

8 6 1 4 f 1 3 9 4 a b f a 3 b 4 c 8 5 0 d 9 2 7 e 1 e 7 7 6 9 c 8 e e c 2 d 1 9


22/43

G

y

= 3 7 b f 2 7 3 4 2 d a 6 3 9 b 6 d c c f f f e

b 7 3 d 6 9 d 7 8 c 6 c 2 7 a 6 0 0 9 c b b c a 1 9 8 0 f 8 5 3 3 9 2 1 e 8 a 6

8 4 4 2 3 e 4 3 b a b 0 8 a 5 7 6 2 9 1 a f 8 f 4 6 1 b b 2 a 8 b 3 5 3 1 d 2 f

0 4 8 5 c 1 9 b 1 6 e 2 f 1 5 1 6 e 2 3 d d 3 c 1 a 4 8 2 7 a f 1 b 8 a c 1 5 b


s = 2 a a 0 5 8 f 7 3 a 0 e 3 3 a b 4 8 6 b 0 f 6 1 0 4 1 0 c 5 3 a 7 f 1 3 2 3 1 0

b = 3 7 6 2 d 0 d 4 7 1 1 6 0 0 6 1 7 9 d a 3 5 6

8 8 e e a c c f 5 9 1 a 5 c d e a 7 5 0 0 0 1 1 8 d 9 6 0 8 c 5 9 1 3 2 d 4 3 4

2 6 1 0 1 a 1 d f b 3 7 7 4 1 1 5 f 5 8 6 6 2 3 f 7 5 f 0 0 0 0 1 c e 6 1 1 9 8

3 c 1 2 7 5 f a 3 1 f 5 b c 9 f 4 b e 1 a 0 f 4 6 7 f 0 1 c a 8 8 5 c 7 4 7 7 7

G

x

= 0 7 3 5 e 0 3 5 d e f 5 9 2 5 c c 3 3 1 7 3 e

b 2 a 8 c e 7 7 6 7 5 2 2 b 4 6 6 d 2 7 8 b 6 5 0 a 2 9 1 6 1 2 7 d f e a 9 d 2

d 3 6 1 0 8 9 f 0 a 7 a 0 2 4 7 a 1 8 4 e 1 c 7 0 d 4 1 7 8 6 6 e 0 f e 0 f e b

0 f f 8 f 2 f 3 f 9 1 7 6 4 1 8 f 9 7 d 1 1 7 e 6 2 4 e 2 0 1 5 d f 1 6 6 2 a 8

G

y

= 0 4 a 3 6 4 2 0 5 7 2 6 1 6 c d f 7 e 6 0 6 f

c c a d a e c f c 3 b 7 6 d a b 0 e b 1 2 4 8 d d 0 3 f b d f c 9 c d 3 2 4 2 c

4 7 2 6 b e 5 7 9 8 5 5 e 8 1 2 d e 7 e c 5 c 5 0 0 b 4 5 7 6 a 2 4 6 2 8 0 4 8

b 6 a 7 2 d 8 8 0 0 6 2 e e d 0 d d 3 4 b 1 0 9 6 d 3 a c b b 6 b 0 1 a 4 a 9 7


23/43

A p p e n d i x 1 : I m p l e m e n t a t i o n o f M o d u l a r A r i t h m e t i c

T h e p r i m e m o d u l i i n t h e a b o v e e x a m p l e s a r e o f a s p e c i a l t y p e ( c a l l e d

g e n e r a l i z e d M e r s e n n e n u m b e r s ) f o r w h i c h m o d u l a r m u l t i p l i c a t i o n c a n b e

c a r r i e d o u t m o r e e c i e n t l y t h a n i n g e n e r a l . T h i s a p p e n d i x p r o v i d e s t h e

r u l e s f o r i m p l e m e n t i n g t h i s f a s t e r a r i t h m e t i c , f o r e a c h o f t h e p r i m e m o d u l i

a p p e a r i n g i n t h e e x a m p l e s .

T h e u s u a l w a y t o m u l t i p l y t w o i n t e g e r s ( m o d m ) i s t o t a k e t h e i n t e g e r

p r o d u c t a n d r e d u c e i t ( m o d m ) . O n e t h e r e f o r e h a s t h e f o l l o w i n g p r o b l e m :

g i v e n a n i n t e g e r A l e s s t h a n m

2

, c o m p u t e

B : = A m o d m :

I n g e n e r a l , o n e m u s t o b t a i n B a s t h e r e m a i n d e r o f a n i n t e g e r d i v i s i o n .

I f m i s a g e n e r a l i z e d M e r s e n n e n u m b e r , h o w e v e r , t h e n B c a n b e e x p r e s s e d

a s a s u m o r d i e r e n c e ( m o d m ) o f a s m a l l n u m b e r o f t e r m s . T o c o m p u t e

t h i s e x p r e s s i o n , o n e c a n e v a l u a t e t h e i n t e g e r s u m o r d i e r e n c e a n d r e d u c e

t h e r e s u l t m o d u l o m . T h e l a t t e r r e d u c t i o n c a n b e a c c o m p l i s h e d b y a d d i n g

o r s u b t r a c t i n g a f e w c o p i e s o f m .

T h e p r i m e m o d u l i p f o r e a c h o f t h e v e e x a m p l e c u r v e s i s a g e n e r a l i z e d

M e r s e n n e n u m b e r .


24/43

C u r v e P - 1 9 2 :

T h e m o d u l u s f o r t h i s c u r v e i s p = 2

1 9 2

0 2

6 4

0 1 . E v e r y i n t e g e r A l e s s

t h a n p

2

c a n b e w r i t t e n

A = A

5

1 2

3 2 0

+ A

4

1 2

2 5 6

+ A

3

1 2

1 9 2

+ A

2

1 2

1 2 8

+ A

1

1 2

6 4

+ A

0

;

w h e r e e a c h A

i

i s a 6 4 - b i t i n t e g e r . T h e e x p r e s s i o n f o r B i s

B : = T + S

1

+ S

2

+ S

3

m o d p ;

w h e r e t h e 1 9 2 - b i t t e r m s a r e g i v e n b y

T = A

2

1 2

1 2 8

+ A

1

1 2

6 4

+ A

0

S

1

= A

3

1 2

6 4

+ A

3

S

2

= A

4

1 2

1 2 8

+ A

4

1 2

6 4

S

3

= A

5

1 2

1 2 8

+ A

5

1 2

6 4

+ A

5

.


25/43

C u r v e P - 2 2 4 :


2 2 4

0 2

9 6

+ 1 . E v e r y i n t e g e r A l e s s

t h a n p

2


A = A

1 3

1 2

4 1 6

+ A

1 2

1 2

3 8 4

+ A

1 1

1 2

3 5 2

+ A

1 0

1 2

3 2 0

+

A

9

1 2

2 8 8

+ A

8

1 2

2 5 6

+ A

7

1 2

2 2 4

+ A

6

1 2

1 9 2

+ A

5

1 2

1 6 0

+

A

4

1 2

1 2 8

+ A

3

1 2

9 6

+ A

2

1 2

6 4

+ A

1

1 2

3 2

+ A

0

;

w h e r e e a c h A

i

i s a 3 2 - b i t i n t e g e r . A s a c o n c a t e n a t i o n o f 3 2 - b i t w o r d s , t h i s

c a n b e d e n o t e d b y

A = ( A

1 3

k A

1 2

k 1 1 1 k A

0

) :

T h e e x p r e s s i o n f o r B i s

B : = T + S

1

+ S

2

0 D

1

0 D

2

m o d p ;


T = ( A

6

k A

5

k A

4

k A

3

k A

2

k A

1

k A

0

)

S

1

= ( A

1 0

k A

9

k A

8

k A

7

k 0 k 0 k 0 )

S

2

= ( 0 k A

1 3

k A

1 2

k A

1 1

k 0 k 0 k 0 )

D

1

= ( A

1 3

k A

1 2

k A

1 1

k A

1 0

k A

9

k A

8

k A

7

)

D

2

= ( 0 k 0 k 0 k 0 k A

1 3

k A

1 2

k A

1 1

) :


26/43

C u r v e P - 2 5 6 :


2 5 6

0 2

2 2 4

+ 2

1 9 2

+ 2

9 6

0 1 . E v e r y

i n t e g e r A l e s s t h a n p

2


A = A

1 5

1 2

4 8 0

+ A

1 4

1 2

4 4 8

+ A

1 3

1 2

4 1 6

+ A

1 2

1 2

3 8 4

+ A

1 1

1 2

3 5 2

+

A

1 0

1 2

3 2 0

+ A

9

1 2

2 8 8

+ A

8

1 2

2 5 6

+ A

7

1 2

2 2 4

+ A

6

1 2

1 9 2

+

A

5

1 2

1 6 0

+ A

4

1 2

1 2 8

+ A

3

1 2

9 6

+ A

2

1 2

6 4

+ A

1

1 2

3 2

+ A

0

;

w h e r e e a c h A

i



A = ( A

1 5

k A

1 4

k 1 1 1 k A

0

) :


B : = T + 2 S

1

+ 2 S

2

+ S

3

+ S

4

0 D

1

0 D

2

0 D

3

0 D

4

m o d p ;


T = ( A

7

k A

6

k A

5

k A

4

k A

3

k A

2

k A

1

k A

0

)

S

1

= ( A

1 5

k A

1 4

k A

1 3

k A

1 2

k A

1 1

k 0 k 0 k 0 )

S

2

= ( 0 k A

1 5

k A

1 4

k A

1 3

k A

1 2

k 0 k 0 k 0 )

S

3

= ( A

1 5

k A

1 4

k 0 k 0 k 0 k A

1 0

k A

9

k A

8

)

S

4

= ( A

8

k A

1 3

k A

1 5

k A

1 4

k A

1 3

k A

1 1

k A

1 0

k A

9

)

D

1

= ( A

1 0

k A

8

k 0 k 0 k 0 k A

1 3

k A

1 2

k A

1 1

)

D

2

= ( A

1 1

k A

9

k 0 k 0 k A

1 5

k A

1 4

k A

1 3

k A

1 2

)

D

3

= ( A

1 2

k 0 k A

1 0

k A

9

k A

8

k A

1 5

k A

1 4

k A

1 3

)

D

4

= ( A

1 3

k 0 k A

1 1

k A

1 0

k A

9

k 0 k A

1 5

k A

1 4

) :


27/43

C u r v e P - 3 8 4 :


3 8 4

0 2

1 2 8

0 2

9 6

+ 2

3 2

0 1 . E v e r y

i n t e g e r A l e s s t h a n p

2


A = A

2 3

1 2

7 3 6

+ A

2 2

1 2

7 0 4

+ A

2 1

1 2

6 7 2

+ A

2 0

1 2

6 4 0

+ A

1 9

1 2

6 0 8

+

A

1 8

1 2

5 7 6

+ A

1 7

1 2

5 4 4

+ A

1 6

1 2

5 1 2

+ A

1 5

1 2

4 8 0

+ A

1 4

1 2

4 4 8

+

A

1 3

1 2

4 1 6

+ A

1 2

1 2

3 8 4

+ A

1 1

1 2

3 5 2

+ A

1 0

1 2

3 2 0

+ A

9

1 2

2 8 8

+

A

8

1 2

2 5 6

+ A

7

1 2

2 2 4

+ A

6

1 2

1 9 2

+ A

5

1 2

1 6 0

+ A

4

1 2

1 2 8

+

A

3

1 2

9 6

+ A

2

1 2

6 4

+ A

1

1 2

3 2

+ A

0

;

w h e r e e a c h A

i



A = ( A

2 3

k A

2 2

k 1 1 1 k A

0

) :


B : = T + 2 S

1

+ S

2

+ S

3

+ S

4

+ S

5

+ S

6

0 D

1

0 D

2

0 D

3

m o d p ;


T = ( A

1 1

k A

1 0

k A

9

k A

8

k A

7

k A

6

k A

5

k A

4

k A

3

k A

2

k A

1

k A

0

)

S

1

= ( 0 k 0 k 0 k 0 k 0 k A

2 3

k A

2 2

k A

2 1

k 0 k 0 k 0 k 0 )

S

2

= ( A

2 3

k A

2 2

k A

2 1

k A

2 0

k A

1 9

k A

1 8

k A

1 7

k A

1 6

k A

1 5

k A

1 4

k A

1 3

k A

1 2

)

S

3

= ( A

2 0

k A

1 9

k A

1 8

k A

1 7

k A

1 6

k A

1 5

k A

1 4

k A

1 3

k A

1 2

k A

2 3

k A

2 2

k A

2 1

)

S

4

= ( A

1 9

k A

1 8

k A

1 7

k A

1 6

k A

1 5

k A

1 4

k A

1 3

k A

1 2

k A

2 0

k 0 k A

2 3

k 0 )

S

5

= ( 0 k 0 k 0 k 0 k A

2 3

k A

2 2

k A

2 1

k A

2 0

k 0 k 0 k 0 k 0 )

S

6

= ( 0 k 0 k 0 k 0 k 0 k 0 k A

2 3

k A

2 2

k A

2 1

k 0 k 0 k A

2 0

)

D

1

= ( A

2 2

k A

2 1

k A

2 0

k A

1 9

k A

1 8

k A

1 7

k A

1 6

k A

1 5

k A

1 4

k A

1 3

k A

1 2

k A

2 3

)

D

2

= ( 0 k 0 k 0 k 0 k 0 k 0 k 0 k A

2 3

k A

2 2

k A

2 1

k A

2 0

k 0 )

D

3

= ( 0 k 0 k 0 k 0 k 0 k 0 k 0 k A

2 3

k A

2 3

k 0 k 0 k 0 ) :


28/43

C u r v e P - 5 2 1 :


5 2 1

0 1 . E v e r y i n t e g e r A l e s s t h a n

p

2


A = A

1

1 2

5 2 1

+ A

0

;


B : = A

0

+ A

1

m o d p :


29/43

A p p e n d i x 2 : N o r m a l B a s e s

T h e e l e m e n t s o f G F ( 2

m

) a r e e x p r e s s e d i n t e r m s o f t h e a t y p e T n o r m a l

b a s i s

2

B f o r G F ( 2

m

) , f o r s o m e T . E a c h e l e m e n t h a s a u n i q u e r e p r e s e n t a t i o n

a s a b i t s t r i n g

( a

0

a

1

: : : a

m 0 1

) :

T h e a r i t h m e t i c o p e r a t i o n s a r e p e r f o r m e d a s f o l l o w s .

A d d i t i o n : a d d i t i o n o f t w o e l e m e n t s i s i m p l e m e n t e d b y b i t w i s e a d d i t i o n m o d -

u l o 2 . T h u s , f o r e x a m p l e ,

( 1 1 0 0 1 1 1 ) + ( 1 0 1 0 0 1 0 ) = ( 0 1 1 0 1 0 1 ) :

S q u a r i n g : i f

= ( a

0

a

1

1 1 1 a

m 0 1

) ,

t h e n

2

= ( a

m 0 1

a

0

a

1

1 1 1 a

m 0 2

) .

M u l t i p l i c a t i o n : t o p e r f o r m m u l t i p l i c a t i o n , o n e r s t c o n s t r u c t s a f u n c t i o n

F ( u ; v ) o n i n p u t s

u = ( u

0

u

1

: : : u

m 0 1

) a n d v = ( v

0

v

1

: : : v

m 0 1

)

a s f o l l o w s .

1 . S e t p T m + 1

2 . L e t u b e a n i n t e g e r h a v i n g o r d e r T m o d u l o p

2

I t i s a s s u m e d i n t h i s s e c t i o n t h a t m i s o d d a n d T e v e n , s i n c e t h i s i s t h e o n l y c a s e

c o n s i d e r e d i n t h i s s t a n d a r d .


30/43

3 . C o m p u t e t h e s e q u e n c e F ( 1 ) ; F ( 2 ) ; : : : ; F ( p 0 1 ) a s f o l l o w s :

3 . 1 S e t w 1

3 . 2 F o r j f r o m 0 t o T 0 1 d o

S e t n w

F o r i f r o m 0 t o m 0 1 d o

S e t F ( n ) i

S e t n 2 n m o d p

S e t w u w m o d p

4 . O u t p u t t h e f o r m u l a

F ( u ; v ) : =

p 0 2

X

k = 1

u

F ( k + 1 )

v

F ( p 0 k )

:

T h i s c o m p u t a t i o n n e e d o n l y b e p e r f o r m e d o n c e p e r b a s i s .

G i v e n t h e f u n c t i o n F f o r B , o n e c o m p u t e s t h e p r o d u c t

( c

0

c

1

: : : c

m 0 1

) = ( a

0

a

1

: : : a

m 0 1

) 2 ( b

0

b

1

: : : b

m 0 1

)

a s f o l l o w s .

1 . S e t ( u

0

u

1

: : : u

m 0 1

) ( a

0

a

1

: : : a

m 0 1

)

2 . S e t ( v

0

v

1

: : : v

m 0 1

) ( b

0

b

1

: : : b

m 0 1

)

3 . F o r k f r o m 0 t o m 0 1 d o

3 . 1 C o m p u t e

c

k

: = F ( u ; v )

3 . 2 S e t u L e f t S h i f t ( u ) a n d v L e f t S h i f t ( v ) , w h e r e L e f t S h i f t

d e n o t e s t h e c i r c u l a r l e f t s h i f t o p e r a t i o n .

4 . O u t p u t c : = ( c

0

c

1

: : : c

m 0 1

)


31/43

E x a m p l e . F o r t h e t y p e 4 n o r m a l b a s i s f o r G F ( 2

7

) , o n e h a s p = 2 9 a n d

u = 1 2 o r 1 7 . T h u s t h e v a l u e s o f F a r e g i v e n b y

F ( 1 ) = 0 F ( 8 ) = 3 F ( 1 5 ) = 6 F ( 2 2 ) = 5

F ( 2 ) = 1 F ( 9 ) = 3 F ( 1 6 ) = 4 F ( 2 3 ) = 6

F ( 3 ) = 5 F ( 1 0 ) = 2 F ( 1 7 ) = 0 F ( 2 4 ) = 1

F ( 4 ) = 2 F ( 1 1 ) = 4 F ( 1 8 ) = 4 F ( 2 5 ) = 2

F ( 5 ) = 1 F ( 1 2 ) = 0 F ( 1 9 ) = 2 F ( 2 6 ) = 5

F ( 6 ) = 6 F ( 1 3 ) = 4 F ( 2 0 ) = 3 F ( 2 7 ) = 1

F ( 7 ) = 5 F ( 1 4 ) = 6 F ( 2 1 ) = 3 F ( 2 8 ) = 0

T h e r e f o r e

F ( u; v ) = u

0

v

1

+ u

1

( v

0

+ v

2

+ v

5

+ v

6

) + u

2

( v

1

+ v

3

+ v

4

+ v

5

)

+ u

3

( v

2

+ v

5

) + u

4

( v

2

+ v

6

) + u

5

( v

1

+ v

2

+ v

3

+ v

6

)

+ u

6

( v

1

+ v

4

+ v

5

+ v

6

) :

T h u s , i f

a = ( 1 0 1 0 1 1 1 ) a n d b = ( 1 1 0 0 0 0 1 ) ;

t h e n

c

0

= F ( ( 1 0 1 0 1 1 1 ) ; ( 1 1 0 0 0 0 1 ) ) = 1 ;

c

1

= F ( ( 0 1 0 1 1 1 1 ) ; ( 1 0 0 0 0 1 1 ) ) = 0 ;

.

.

.

c

6

= F ( ( 1 1 0 1 0 1 1 ) ; ( 1 1 1 0 0 0 0 ) ) = 1 ;

s o t h a t c = a b = ( 1 0 1 1 0 0 1 ) :


32/43

A p p e n d i x 3 : S c a l a r M u l t i p l i c a t i o n o n K o b l i t z C u r v e s

T h i s a p p e n d i x d e s c r i b e s a p a r t i c u l a r l y e c i e n t m e t h o d o f c o m p u t i n g

t h e s c a l a r m u l t i p l e n P o n t h e K o b l i t z c u r v e E

a

o v e r G F ( 2

m

) .

T h e o p e r a t i o n i s d e n e d b y

( x ; y ) = ( x

2

; y

2

) :

W h e n t h e n o r m a l b a s i s r e p r e s e n t a t i o n i s u s e d , t h e n t h e o p e r a t i o n i s i m -

p l e m e n t e d b y p e r f o r m i n g r i g h t c i r c u l a r s h i f t s o n t h e b i t s t r i n g s r e p r e s e n t i n g

x a n d y .

G i v e n m a n d a , d e n e t h e f o l l o w i n g p a r a m e t e r s :

C i s s o m e i n t e g e r g r e a t e r t h a n 5 .

: = ( 0 1 )

1 0 a

F o r i = 0 a n d i = 1 , d e n e t h e s e q u e n c e s

i

( m ) b y

s

i

( 0 ) = 0 ; s

i

( 1 ) = 1 0 i ;

s

i

( m ) = 1 s

i

( m 0 1 ) 0 2 s

i

( m 0 2 ) + ( 0 1 )

i

:

D e n e t h e s e q u e n c e V ( m ) b y

V ( 0 ) = 2 ; V ( 1 ) = ;

V ( m ) = 1 V ( m 0 1 ) 0 2 V ( m 0 2 ) :


33/43

F o r t h e e x a m p l e c u r v e s , t h e q u a n t i t i e s s

i

( m ) a n d V ( m ) a r e a s f o l l o w s .

C u r v e K - 1 6 3 :

s

0

( 1 6 3 ) = 2 5 7 9 3 8 6 4 3 9 1 1 0 7 3 1 6 5 0 4 1 9 5 3 7

s

1

( 1 6 3 ) = 0 7 5 5 3 6 0 0 6 4 4 7 6 2 2 6 3 7 5 4 6 1 5 9 4

V ( 1 6 3 ) = 0 4 8 4 5 4 6 6 6 3 2 5 3 9 4 1 0 7 7 6 8 0 4 3 1 7

C u r v e K - 2 3 3 :

s

0

( 2 3 3 ) = 0 2 7 8 5 9 7 1 1 7 4 1 4 3 4 4 2 9 7 6 1 7 5 7 8 3 4 9 6 4 4 3 5 8 8 3

s

1

( 2 3 3 ) = 0 4 4 1 9 2 1 3 6 2 4 7 0 8 2 3 0 4 9 3 6 0 5 2 1 6 0 9 0 8 9 3 4 8 8 6

V ( 2 3 3 ) = 0 1 3 7 3 8 1 5 4 6 0 1 1 1 0 8 2 3 5 3 9 4 9 8 7 2 9 9 6 5 1 3 6 6 7 7 9

C u r v e K - 2 8 3 :

s

0

( 2 8 3 ) = 0 6 6 5 9 8 1 5 3 2 1 0 9 0 4 9 0 4 1 1 0 8 7 9 5 5 3 6 0 0 1 5 9 1 4 6 9 2 8 0 0 2 5

s

1

( 2 8 3 ) = 1 1 5 5 8 6 0 0 5 4 9 0 9 1 3 6 7 7 5 1 9 2 2 8 1 0 7 2 5 9 1 6 0 9 9 1 3 9 4 5 9 6 8

V ( 2 8 3 ) = 7 7 7 7 2 4 4 8 7 0 8 7 2 8 3 0 9 9 9 2 8 7 7 9 1 9 7 0 9 6 2 8 2 3 9 7 7 5 6 9 9 1 7

C u r v e K - 4 0 9 :

s

0

( 4 0 9 ) = 0 1 8 3 0 7 5 1 0 4 5 6 0 0 2 3 8 2 1 3 7 8 1 0 3 1 7 1 9 8 7 5 6 4 6 1 3 7 8 5 9 0 5 4 2 4 8 7 5 5 6 8 6 n

9 3 3 8 4 1 9 2 5 9

s

1

( 4 0 9 ) = 0 8 8 9 3 0 4 8 5 2 6 1 3 8 3 0 4 0 9 7 1 9 6 6 5 3 2 4 1 8 4 4 2 1 2 6 7 9 6 2 6 5 6 6 1 0 0 9 9 6 6 0 6 n

4 4 4 8 1 6 7 9 0

V ( 4 0 9 ) = 1 0 4 5 7 2 8 8 7 3 7 3 1 5 6 2 5 9 2 7 4 4 7 6 8 5 3 8 7 0 4 8 3 2 0 7 3 7 6 3 8 7 9 6 9 5 7 6 8 7 5 7 n

5 7 9 1 1 7 3 8 2 9

C u r v e K - 5 7 1 :

s

0

( 5 7 1 ) = 0 3 7 3 7 3 1 9 4 4 6 8 7 6 4 6 3 6 9 2 4 2 9 3 8 5 8 9 2 4 7 6 1 1 5 5 6 7 1 4 7 2 9 3 9 6 4 5 9 6 1 3 n


34/43

1 0 2 4 1 2 3 4 0 6 4 2 0 2 3 5 2 4 1 9 1 6 7 2 9 9 8 3 2 6 1 3 0 5

s

1

( 5 7 1 ) = 0 3 1 9 1 8 5 7 7 0 6 4 4 6 4 1 6 0 9 9 5 3 8 1 4 5 9 5 9 4 8 9 5 9 6 7 4 1 3 1 9 6 8 9 1 2 1 4 8 5 6 4 n

6 5 8 6 1 0 5 6 5 1 1 7 5 8 9 8 2 8 4 8 5 1 5 8 3 2 6 1 2 2 4 8 7 5 2

V ( 5 7 1 ) = 0 1 4 8 3 8 0 9 2 6 9 8 1 6 9 1 4 1 3 8 9 9 6 1 9 1 4 0 2 9 7 0 5 1 4 9 0 3 6 4 5 4 2 5 7 4 1 8 0 4 9 3 n

9 3 6 2 3 2 9 1 2 3 3 9 5 3 4 2 0 8 5 1 6 8 2 8 9 7 3 1 1 1 4 5 9 8 4 3

T h e f o l l o w i n g a l g o r i t h m c o m p u t e s t h e s c a l a r m u l t i p l e n P o n t h e

K o b l i t z c u r v e E

a

o v e r G F ( 2

m

) . T h e a v e r a g e n u m b e r o f e l l i p t i c a d d i t i o n s

a n d s u b t r a c t i o n s i s a t m o s t 1 + ( m = 3 ) , a n d i s a t m o s t m = 3 w i t h p r o b -

a b i l i t y a t l e a s t 1 0 2

5 0 C

.

F o r i = 0 t o 1 d o

n

4

n = 2

a 0 C + ( m 0 9 ) = 2

5

g

s

i

( m ) 1 n

h

b g

= 2

m

c

j

V ( m ) 1 h

R o u n d

0

( g

+ j

) = 2

( m + 5 ) = 2

1

i

= 2

C

f

i

R o u n d (

i

)

i

i

0 f

i

h

i

0

2

0

+

1

I f 1

t h e n

i f

0

0 3

1


35/43

e l s e

i f

0

+ 4

1

2

t h e n s e t h

1

I f


36/43

A p p e n d i x 4 : G e n e r a t i o n o f

P s e u d o - R a n d o m C u r v e s ( P r i m e C a s e )

L e t b e t h e b i t l e n g t h o f p , a n d d e n e

v = b ( 0 1 ) = 1 6 0 c

w = 0 1 6 0 v 0 1

1 . C h o o s e a n a r b i t r a r y 1 6 0 - b i t s t r i n g s .

2 . C o m p u t e h : = S H A - 1 ( s ) .

3 . L e t h

0

b e t h e b i t s t r i n g o b t a i n e d b y t a k i n g t h e w r i g h t m o s t b i t s o f h .

4 . L e t z b e t h e i n t e g e r w h o s e b i n a r y e x p a n s i o n i s g i v e n b y t h e 1 6 0 - b i t

s t r i n g s .

5 . F o r i f r o m 1 t o v d o :

5 . 1 D e n e t h e 1 6 0 - b i t s t r i n g s

i

t o b e b i n a r y e x p a n s i o n o f t h e i n t e g e r

( z + i ) m o d ( 2

1 6 0

) .

5 . 2 C o m p u t e h

i

: = S H A - 1 ( s

i

) .

6 . L e t h b e t h e b i t s t r i n g o b t a i n e d b y t h e c o n c a t e n a t i o n o f h

0

, h

1

; : : : ,

h

v

a s f o l l o w s :

h = h

0

k h

1

k : : : k h

v

:

7 . L e t c b e t h e i n t e g e r w h o s e b i n a r y e x p a n s i o n i s g i v e n b y t h e b i t s t r i n g

h .

8 . I f c = 0 o r 4 c + 2 7 0 ( m o d p ) , t h e n g o t o S t e p 1 .

9 . C h o o s e i n t e g e r s a , b 2 G F ( p ) s u c h t h a t

c b

2

a

3

( m o d p ) :

( T h e s i m p l e s t c h o i c e i s a = c a n d b = c . H o w e v e r , o n e m a y w a n t t o

c h o o s e d i e r e n t l y f o r p e r f o r m a n c e r e a s o n s . )

1 0 . C h e c k t h a t t h e e l l i p t i c c u r v e E o v e r G F ( p ) g i v e n b y y

2

= x

3

+ a x + b

h a s s u i t a b l e o r d e r . I f n o t , g o t o S t e p 1 .


37/43

A p p e n d i x 5 : V e r i f i c a t i o n o f C u r v e

P s e u d o - R a n d o m n e s s ( P r i m e C a s e )

G i v e n t h e 1 6 0 - b i t s e e d v a l u e s , o n e c a n v e r i f y t h a t t h e c o e c i e n t b

w a s o b t a i n e d f r o m s v i a t h e c r y p t o g r a p h i c h a s h f u n c t i o n S H A - 1 a s f o l l o w s .

L e t b e t h e b i t l e n g t h o f p , a n d d e n e

v = b ( 0 1 ) = 1 6 0 c

w = 0 1 6 0 v 0 1

1 . C o m p u t e h : = S H A - 1 ( s ) .

2 . L e t h

0



s t r i n g s .

4 . F o r i f r o m 1 t o v d o


i


( z + i ) m o d ( 2

1 6 0

)

4 . 2 C o m p u t e h

i

: = S H A - 1 ( s

i

) .


0

, h

1

; : : : ,

h

v

a s f o l l o w s :

h = h

0

k h

1

k : : : k h

v

:

6 . L e t c b e t h e i n t e g e r w h o s e b i n a r y e x p a n s i o n i s g i v e n b y t h e b i t s t r i n g

h .

7 . V e r i f y t h a t b

2

c 0 2 7 ( m o d p ) .


38/43

A p p e n d i x 6 : G e n e r a t i o n o f

P s e u d o - R a n d o m C u r v e s ( B i n a r y C a s e )

L e t :

v = b ( m 0 1 ) = B c

w = m 0 B v

1 . C h o o s e a n a r b i t r a r y 1 6 0 - b i t s t r i n g s .

2 . C o m p u t e h : = S H A - 1 ( s ) .

3 . L e t h

0



s t r i n g s .

5 . F o r i f r o m 1 t o v d o :


i


( z + i ) m o d ( 2

1 6 0

) .

5 . 2 C o m p u t e h

i

: = S H A - 1 ( s

i

) .


0

, h

1

; : : : ,

h

v

a s f o l l o w s :

h = h

0

k h

1

k : : : k h

v

:

7 . L e t b b e t h e e l e m e n t o f G F ( 2

m

) w h o s e b i n a r y e x p a n s i o n i s g i v e n b y

t h e b i t s t r i n g h .

8 . C h o o s e a n e l e m e n t a o f G F ( 2

m

) .

9 . C h e c k t h a t t h e e l l i p t i c c u r v e E o v e r G F ( 2

m

) g i v e n b y y

2

+ x y =

x

3

+ a x

2

+ b h a s s u i t a b l e o r d e r . I f n o t , g o t o S t e p 1 .


39/43

A p p e n d i x 7 : V e r i f i c a t i o n o f C u r v e

P s e u d o - R a n d o m n e s s ( B i n a r y C a s e )

G i v e n t h e 1 6 0 - b i t s e e d v a l u e s , o n e c a n v e r i f y t h a t t h e c o e c i e n t b

w a s o b t a i n e d f r o m s v i a t h e c r y p t o g r a p h i c h a s h f u n c t i o n S H A - 1 a s f o l l o w s .

D e n e

v = b ( m 0 1 ) = 1 6 0 c

w = m 0 1 6 0 v

1 . C o m p u t e h : = S H A - 1 ( s ) .

2 . L e t h

0



s t r i n g s .

4 . F o r i f r o m 1 t o v d o


i


( z + i ) m o d ( 2

1 6 0

)

4 . 2 C o m p u t e h

i

: = S H A - 1 ( s

i

) .


0

, h

1

; : : : ,

h

v

a s f o l l o w s :

h = h

0

k h

1

k : : : k h

v

:

6 . L e t c b e t h e e l e m e n t o f G F ( 2

m

) w h i c h i s r e p r e s e n t e d b y t h e b i t s t r i n g

h .

7 . V e r i f y t h a t c = b .


40/43

A p p e n d i x 8 : P o l y n o m i a l B a s i s t o N o r m a l B a s i s C o n v e r s i o n

S u p p o s e t h a t a n e l e m e n t o f t h e e l d G F ( 2

m

) . D e n o t e b y p t h e b i t

s t r i n g r e p r e s e n t i n g w i t h r e s p e c t t o a g i v e n p o l y n o m i a l b a s i s . I t i s d e s i r e d

t o c o m p u t e n , t h e b i t s t r i n g r e p r e s e n t i n g w i t h r e s p e c t t o a g i v e n n o r m a l

b a s i s . T h i s i s d o n e v i a t h e m a t r i x c o m p u t a t i o n

p 0 = n ;

w h e r e 0 i s a n m - b y - m m a t r i x w i t h e n t r i e s i n G F ( 2 ) . T h e m a t r i x 0 , w h i c h

d e p e n d s o n l y o n t h e b a s e s , c a n b e c o m p u t e d e a s i l y g i v e n i t s s e c o n d - t o - l a s t

r o w . T h e s e c o n d - t o - l a s t r o w f o r e a c h c o n v e r s i o n i s g i v e n i n t h e t a b l e b e l o w .

D e g r e e 1 6 3 :

3 e 1 7 3 b f a f 3 a 8 6 4 3 4 d 8 8 3 a 2 9 1 8 a 4 8 9 d d b d 6 9 f e 8 4 e 1

D e g r e e 2 3 3 :

0 b e 1 9 b 8 9 5 9 5 2 8 b b c 4 9 0

0 3 8 f 4 b c 4 d a 8 b d f c 1 c a 3 6 b b 0 5 8 5 3 f d 0 e d 0 a e 2 0 0 c e

D e g r e e 2 8 3 :

3 3 4 7 f 1 7 5 2 1 f d a b c 6 2 e c 1 5 5 1 a c f 1 5 6 f b

0 b c e b 8 5 5 f 1 7 4 d 4 c 1 7 8 0 7 5 1 1 c 9 f 7 4 5 3 8 2 a d d 5 3 b c 3

D e g r e e 4 0 9 :

0 e b 0 0 f 2 e a 9 5 f d 6 c 6 4 0 2 4 e 7 f

0 b 6 8 b 8 1 f 5 f f 8 a 4 6 7 a c c 2 b 4 c 3 b 9 3 7 2 8 4 3 6 2 6 5 c 7 f f

a 0 6 d 8 9 6 c a e 3 a 7 e 3 1 e 2 9 5 e c 3 0 3 e b 9 f 7 6 9 d e 7 8 b e f 5


41/43

D e g r e e 5 7 1 :

7 9 4 0 f f a e f 9 9 6 5 1 3 4 d 5 9 d c b f

e 5 b f 2 3 9 b e 4 f e 4 b 4 1 0 5 9 5 9 c 5 d 4 d 9 4 2 f f d 4 6 e a 3 5 f 3

e 3 c d b 0 e 1 0 4 a 2 a a 0 1 c e f 3 0 a 3 a 4 9 4 7 8 0 1 1 1 9 6 b f b 4 3

c 5 5 0 9 1 b 6 1 1 7 4 d 7 c 0 8 d 0 c d d 6 1 3 b f 6 7 4 8 a b a d 9 7 2 a 4

G i v e n t h e s e c o n d - t o - l a s t r o w r o f 0 , t h e r e s t o f t h e m a t r i x i s c o m p u t e d

a s f o l l o w s . L e t b e t h e e l e m e n t o f G F ( 2

m

) w h o s e r e p r e s e n t a t i o n w i t h

r e s p e c t t o t h e n o r m a l b a s i s i s r . T h e n t h e r o w s o f 0 , f r o m t o p t o b o t t o m ,

a r e t h e b i t s t r i n g s r e p r e s e n t i n g t h e e l e m e n t s

m 0 1

;

m 0 2

; : : : ;

2

; ; 1

w i t h r e s p e c t t o t h e n o r m a l b a s i s . ( N o t e t h a t t h e e l e m e n t 1 i s r e p r e s e n t e d

b y t h e a l l - 1 b i t s t r i n g . )

A l t e r n a t i v e l y , t h e m a t r i x i s t h e i n v e r s e o f t h e m a t r i x d e s c r i b e d i n

A p p e n d i x 9 .

M o r e d e t a i l s o f t h e s e c o m p u t a t i o n s c a n b e f o u n d i n A n n e x A . 7 o f t h e

I E E E P 1 3 6 3 s t a n d a r d .


42/43

A p p e n d i x 9 : N o r m a l B a s i s t o P o l y n o m i a l B a s i s C o n v e r s i o n

S u p p o s e t h a t a n e l e m e n t o f t h e e l d G F ( 2

m

) . D e n o t e b y n t h e b i t

s t r i n g r e p r e s e n t i n g w i t h r e s p e c t t o a g i v e n n o r m a l b a s i s . I t i s d e s i r e d t o

c o m p u t e p , t h e b i t s t r i n g r e p r e s e n t i n g w i t h r e s p e c t t o a g i v e n p o l y n o m i a l

b a s i s . T h i s i s d o n e v i a t h e m a t r i x c o m p u t a t i o n

n 0 = p ;

w h e r e 0 i s a n m - b y - m m a t r i x w i t h e n t r i e s i n G F ( 2 ) . T h e m a t r i x 0 , w h i c h

d e p e n d s o n l y o n t h e b a s e s , c a n b e c o m p u t e d e a s i l y g i v e n i t s t o p r o w . T h e

t o p r o w f o r e a c h c o n v e r s i o n i s g i v e n i n t h e t a b l e b e l o w .

D e g r e e 1 6 3 :

7 1 5 1 6 9 c 1 0 9 c 6 1 2 e 3 9 0 d 3 4 7 c 7 4 8 3 4 2 b c d 3 b 0 2 a 0 b e f

D e g r e e 2 3 3 :

1 4 9 9 e 3 9 8 a c 5 d 7 9 e 3 6 8 5

5 9 b 3 5 c a 4 9 b b 7 3 0 5 d a 6 c 0 3 9 0 b c f 9 e 2 3 0 0 2 5 3 2 0 3 c 9

D e g r e e 2 8 3 :

3 1 e 0 e d 7 9 1 c 3 2 8 2 d c 5 6 2 4 a 7 2 0 8 1 8 0 4 9 d

0 5 3 e 8 c 7 a b 8 6 6 3 7 9 2 b c 1 d 7 9 2 e b a 9 8 6 7 f c 7 b 3 1 7 a 9 9

D e g r e e 4 0 9 :

0 d f a 0 6 b e 2 0 6 a a 9 7 b 7 a 4 1 f f f

b 9 b 0 c 5 5 f 8 f 0 4 8 0 6 2 f b e 8 3 8 1 b 4 2 4 8 a d f 9 2 9 1 2 c c c 8

e 3 f 9 1 a 2 4 e 1 c f b 3 9 5 0 5 3 2 b 9 8 8 9 7 1 c 2 3 0 4 2 e 8 5 7 0 8 d


43/43

D e g r e e 5 7 1 :

4 5 2 1 8 6 b b f 5 8 4 0 a 0 b c f 8 c 9 f 0

2 a 5 4 e f a 0 4 e 8 1 3 b 4 3 c 3 d 4 1 4 9 6 0 6 c 4 d 2 7 b 4 8 7 b f 1 0 7

3 9 3 c 8 9 0 7 f 7 9 d 9 7 7 8 b e b 3 5 e e 8 7 4 6 7 d 3 2 8 8 2 7 4 c a e b

d a 6 c e 0 5 a e b 4 c a 5 c f 3 c 3 0 4 4 b d 4 3 7 2 2 3 2 f 2 c 1 a 2 7 c 4

G i v e n t h e t o p r o w r o f 0 , t h e r e s t o f t h e m a t r i x i s c o m p u t e d a s f o l l o w s .

L e t b e t h e e l e m e n t o f G F ( 2

m

) w h o s e r e p r e s e n t a t i o n w i t h r e s p e c t t o t h e

p o l y n o m i a l b a s i s i s r . T h e n t h e r o w s o f 0 , f r o m t o p t o b o t t o m , a r e t h e b i t

s t r i n g s r e p r e s e n t i n g t h e e l e m e n t s

;

2

;

2

2

; : : : ;

2

m 0 1

w i t h r e s p e c t t o t h e p o l y n o m i a l b a s i s .

A l t e r n a t i v e l y , t h e m a t r i x i s t h e i n v e r s e o f t h e m a t r i x d e s c r i b e d i n

A p p e n d i x 8 .

M o r e d e t a i l s o f t h e s e c o m p u t a t i o n s c a n b e f o u n d i n A n n e x A . 7 o f t h e

I E E E P 1 3 6 3 s t a n d a r d .

Date post:	30-May-2018
Category:	Documents
Upload:	mehmetibrahim
View:	218 times
Download:	0 times

Recommended Elliptic Cur Ves for Federal Government

Documents