Fast exponentiation using split exponents

Jung Hee Cheon, Stanislaw Jarecki, Taekyoung Kwon, Mun Kyu Lee

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.

Original languageEnglish
Article number5714254
Pages (from-to)1816-1826
Number of pages11
JournalIEEE Transactions on Information Theory
Volume57
Issue number3
DOIs
Publication statusPublished - 2011 Mar 1

Fingerprint

Cryptography
Data storage equipment

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Science Applications
  • Library and Information Sciences

Cite this

Cheon, Jung Hee ; Jarecki, Stanislaw ; Kwon, Taekyoung ; Lee, Mun Kyu. / Fast exponentiation using split exponents. In: IEEE Transactions on Information Theory. 2011 ; Vol. 57, No. 3. pp. 1816-1826.
@article{8949e3600255459a9dbbea0bb333642f,
title = "Fast exponentiation using split exponents",
abstract = "We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5{\%} and 23.5{\%} at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.",
author = "Cheon, {Jung Hee} and Stanislaw Jarecki and Taekyoung Kwon and Lee, {Mun Kyu}",
year = "2011",
month = "3",
day = "1",
doi = "10.1109/TIT.2010.2059831",
language = "English",
volume = "57",
pages = "1816--1826",
journal = "IEEE Transactions on Information Theory",
issn = "0018-9448",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

Fast exponentiation using split exponents. / Cheon, Jung Hee; Jarecki, Stanislaw; Kwon, Taekyoung; Lee, Mun Kyu.

In: IEEE Transactions on Information Theory, Vol. 57, No. 3, 5714254, 01.03.2011, p. 1816-1826.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Fast exponentiation using split exponents

AU - Cheon, Jung Hee

AU - Jarecki, Stanislaw

AU - Kwon, Taekyoung

AU - Lee, Mun Kyu

PY - 2011/3/1

Y1 - 2011/3/1

N2 - We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.

AB - We propose a new method to speed up discrete logarithm (DL)-based cryptosystems by considering a new variant of the DL problem, where the exponents are formed as e1 + αe2 for some fixed α and two integers e1,e2 with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than best exponentiation algorithms given for standard exponents. For example, the speed of scalar multiplication on the standard Koblitz curve K163 is estimated to be accelerated by up to 51.5% and 23.5% at the cost of memory for one precomputed point, compared to the TNAF and window TNAF methods, respectively. As for security, we show that the provable security of the DL problem using split exponents is only by a small constant, e.g., 1/4, worse than the security of the standard DL problem. Split exponents can be adopted to speed up various DL-based cryptosystems. We exemplify this on the recent CCA-secure public key encryption of Bellare, Kohno, and Shoup.

UR - http://www.scopus.com/inward/record.url?scp=79951905815&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79951905815&partnerID=8YFLogxK

U2 - 10.1109/TIT.2010.2059831

DO - 10.1109/TIT.2010.2059831

M3 - Article

VL - 57

SP - 1816

EP - 1826

JO - IEEE Transactions on Information Theory

JF - IEEE Transactions on Information Theory

SN - 0018-9448

IS - 3

M1 - 5714254

ER -