Skip Navigation

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 2006 E89-A(1):115-123; doi:10.1093/ietfec/e89-a.1.115
This Article
Right arrow Full Text (PDF)
Right arrow References
Right arrow Alert me when this article is cited
Right arrow Alert me if a correction is posted
Services
Right arrow Email this article to a friend
Right arrow Similar articles in this journal
Right arrow Alert me to new issues of the journal
Right arrow Add to My Personal Archive
Right arrow Download to citation manager
Right arrow Request Permissions
Google Scholar
Right arrow Articles by TAKAGI, T.
Right arrow Articles by WU, B.-C.
Right arrow Search for Related Content
Social Bookmarking
Add to CiteULike   Add to Connotea   Add to Del.icio.us  
What's this?

Copyright © 2006 The Institute of Electronics, Information and Communication Engineers

Special Section on Cryptography and Information Security -- Papers -- Elliptic Curve Cryptography

Radix-r Non-Adjacent Form and Its Application to Pairing-Based Cryptosystem*

Tsuyoshi TAKAGI1, David REIS, Jr.2, Sung-Ming YEN3 and Bo-Ching WU3

1 The author is with the School of Systems Information Science, Future University-Hakodate, Hakodate-shi, 041-8655 Japan. E-mail: takagi{at}fun.ac.jp, 2 The author is with the School of Electrical and Computer Engineering, State University of Campinas, Caixa Postal 6101, Brazil. E-mail: davidjr{at}dca.fee.unicamp.br, 3 The authors are with the Laboratory of Cryptography and Information Security (LCIS), Department of Computer Science and Information Engineering, National Central University, Taiwan 320, R.O.C. E-mail: yensm{at}csie.ncu.edu.tw, E-mail: wubq{at}csie.ncu.edu.tw

Recently, the radix-3 representation of integers is used for the efficient implementation of pairing based cryptosystems. In this paper, we propose non-adjacent form of radix-r representation (rNAF) and efficient algorithms for generating rNAF. The number of non-trivial digits is (r – 2)(r + 1)/2 and its average density of non-zero digit is asymptotically (r – 1)/(2r – 1). For r = 3, the non-trivial digits are {± 2, ± 4} and the non-zero density is 0.4. We then investigate the width-w version of rNAF for the general radix-r representation, which is a natural extension of the width-w NAF. Finally we compare the proposed algorithms with the generalized NAF (gNAF) discussed by Joye and Yen. The proposed scheme requires a larger table but its non-zero density is smaller even for large radix. We explain that gNAF is a simple degeneration of rNAF—we can consider that rNAF is a canonical form for the radix-r representation. Therefore, rNAF is a good alternative to gNAF.

Key Words: non-adjacent form, radix-r representation, signed window method, elliptic curve cryptosystem, pairing based cryptosystem

Manuscript received March 7, 2005. Manuscript revised June 24, 2005. Final manuscript received September 5, 2005.

* The preliminary version of this paper was presented at the 7th Information Security Conference (ISC 2004), held in Palo Alto.


Add to CiteULike CiteULike   Add to Connotea Connotea   Add to Del.icio.us Del.icio.us    What's this?




Disclaimer:
Please note that abstracts for content published before 1996 were created through digital scanning and may therefore not exactly replicate the text of the original print issues. All efforts have been made to ensure accuracy, but the Publisher will not be held responsible for any remaining inaccuracies. If you require any further clarification, please contact our Customer Services Department.