| ゼミナールI講演 |
|---|
| 日時: | 平成21年10月7日(水)3限 (13:30 -- 15:00) |
|---|---|
| 場所: | L1 |
| 講演者: | Jean-Luc Beuchat (筑波大学大学院) |
|---|---|
| 題目: | Hardware Operators for Pairing-Based Cryptography |
| 概要: |
Pairing-based cryptography is a novel and extremely active area of
research which is at the core of elegant solutions to a number of
long-standing open problems in cryptography. Thanks to an
ever-increasing number of new developments, standardization and
commercial adoption are drawing near. Among the companies taking
advantage of pairings to offer a better and easier protection of
sensitive information, let us mention for instance Fujitsu, Microsoft,
NTT, and Voltage Security. The IEEE published in May 2008 the first
draft of a standard that specifies common identity-based public-key
cryptographic techniques based on pairings (e.g. mathematical
primitives for key derivation, public-key encryption, digital
signatures, etc.).
In the mid-nineties, Menezes, Okamoto & Vanstone and Frey & Ruck introduced the Weil and Tate pairings in cryptography as a tool to attack the discrete logarithm problem on some classes of elliptic curves defined over finite fields. A few years later, Mitsunari, Sakai & Kasahara, Sakai, Oghishi & Kasahara, and Joux discovered constructive properties of pairings. Their seminal works sparked an extensive study of pairing-based cryptography, and a rapidly-growing number of protocols based on the Weil or Tate pairings have appeared in the literature: identity-based encryption, short signature, broadcast encryption, and key exchange in wireless sensor networks to mention but a few. Such protocols rely critically on efficient algorithms and implementations of pairing primitives. Several researchers estimate that a pairing takes around ten times as long to compute than the major computational task in elliptic curve cryptography. Although this ratio seems overestimated, the cost of a pairing still constitutes a major handicap, and efficient software and hardware implementations are vital for the flourish of pairing-based cryptography. At first, it was thought that the rich fine-grained parallelization potential shown by hardware platforms could be exploited in order to produce faster and more compact pairing implementations. Through the years, this assumption has been confirmed in many research works. After a short introduction to pairing-based cryptography, we will present a first hardware co-processor designed to accelerate the computation of the Tate pairing in characteristics 2 and 3. We emphasize on reducing the silicon footprint (or in our case the usage of FPGA resources) of the circuit to ensure scalability, while trying to minimize the impact on the overall performances. Then, we will focus on the other end of the hardware design spectrum and describe a second co-processor architecture, designed to achieve much lower computation times, at the expense of hardware resources. |
講演者紹介: |
略歴
2001年 Ph.D. in Computer Science and Engineering
at Swiss Federal Institute of Technology at Lausanne(スイス連邦工科大学) |