Fast exponentiation using split exponents

Jung Hee Cheon; Stanislaw Jarecki; Taekyoung Kwon; Mun Kyu Lee

doi:10.1109/TIT.2010.2059831

Fast exponentiation using split exponents

Jung Hee Cheon, Stanislaw Jarecki, Taekyoung Kwon, Mun Kyu Lee

Graduate School of Information

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.

Original language	English
Article number	5714254
Pages (from-to)	1816-1826
Number of pages	11
Journal	IEEE Transactions on Information Theory
Volume	57
Issue number	3
DOIs	https://doi.org/10.1109/TIT.2010.2059831
Publication status	Published - 2011 Mar

Bibliographical note

Funding Information:
Manuscript received October 01, 2009; revised March 30, 2010; accepted May 11, 2010. Date of current version February 18, 2011. J. H. Cheon and T. Kwon were supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korean government (KRF-2007-314-D00254). J. H. Cheon was also supported in part by the NRF grant funded by the Korean government (MEST) (No. 2010-0000218). S. Jarecki was supported in part by the NSF CAREER award #0747541. M.-K. Lee was supported in part by the NRF grant funded by the Korean government (MEST) (No. 2010-0016787).

All Science Journal Classification (ASJC) codes

Information Systems
Computer Science Applications
Library and Information Sciences

Access to Document

10.1109/TIT.2010.2059831

Cite this

@article{8949e3600255459a9dbbea0bb333642f,

title = "Fast exponentiation using split exponents",

abstract = "We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.",

author = "Cheon, {Jung Hee} and Stanislaw Jarecki and Taekyoung Kwon and Lee, {Mun Kyu}",

note = "Funding Information: Manuscript received October 01, 2009; revised March 30, 2010; accepted May 11, 2010. Date of current version February 18, 2011. J. H. Cheon and T. Kwon were supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korean government (KRF-2007-314-D00254). J. H. Cheon was also supported in part by the NRF grant funded by the Korean government (MEST) (No. 2010-0000218). S. Jarecki was supported in part by the NSF CAREER award #0747541. M.-K. Lee was supported in part by the NRF grant funded by the Korean government (MEST) (No. 2010-0016787).",

year = "2011",

month = mar,

doi = "10.1109/TIT.2010.2059831",

language = "English",

volume = "57",

pages = "1816--1826",

journal = "IEEE Transactions on Information Theory",

issn = "0018-9448",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Fast exponentiation using split exponents

AU - Cheon, Jung Hee

AU - Jarecki, Stanislaw

AU - Kwon, Taekyoung

AU - Lee, Mun Kyu

N1 - Funding Information: Manuscript received October 01, 2009; revised March 30, 2010; accepted May 11, 2010. Date of current version February 18, 2011. J. H. Cheon and T. Kwon were supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korean government (KRF-2007-314-D00254). J. H. Cheon was also supported in part by the NRF grant funded by the Korean government (MEST) (No. 2010-0000218). S. Jarecki was supported in part by the NSF CAREER award #0747541. M.-K. Lee was supported in part by the NRF grant funded by the Korean government (MEST) (No. 2010-0016787).

PY - 2011/3

Y1 - 2011/3

N2 - We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.

AB - We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.

UR - http://www.scopus.com/inward/record.url?scp=79951905815&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79951905815&partnerID=8YFLogxK

U2 - 10.1109/TIT.2010.2059831

DO - 10.1109/TIT.2010.2059831

M3 - Article

AN - SCOPUS:79951905815

SN - 0018-9448

VL - 57

SP - 1816

EP - 1826

JO - IEEE Transactions on Information Theory

JF - IEEE Transactions on Information Theory

IS - 3

M1 - 5714254

ER -

Fast exponentiation using split exponents

Abstract

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this