http://www.mollerhansen.com/index.htmlDavids ideas and experience in his lifeendavid@mollerhansen.comCopyright 2008 David Hansen2010-01-12T22:53:30+01:00 hourly 1 2000-01-01T12:00+00:00 Tue, 12 Jan 2010 23:09:07 +0100david@mollerhansen.com@surveillance@random2010-01-12T22:53:30+01:00http://www.mollerhansen.com/Blog/files/5867b4c040b5c3fd784e5852d6c426c0-14.php#unique-entry-id-14http://www.mollerhansen.com/Blog/files/5867b4c040b5c3fd784e5852d6c426c0-14.php#unique-entry-id-14david@mollerhansen.com@dtu@cryptography@math@code2009-03-02T21:04:24+01:00http://www.mollerhansen.com/Blog/files/b8dde11467724168f64c3b0e81345dbd-13.php#unique-entry-id-13http://www.mollerhansen.com/Blog/files/b8dde11467724168f64c3b0e81345dbd-13.php#unique-entry-id-13david@mollerhansen.com@code@cryptography@dtu@math2008-12-14T13:16:53+01:00http://www.mollerhansen.com/Blog/files/dae4a52f93b417ebbc55b621f4c2a18c-11.php#unique-entry-id-11http://www.mollerhansen.com/Blog/files/dae4a52f93b417ebbc55b621f4c2a18c-11.php#unique-entry-id-11 where is the set of n’th roots of unity. The pairing have the following properties (and more): i is billinear in each variable ii is non-degenerate in each variable iii is alternating iv preserves skew symmetry From the billinearity we get that linear depending points will always have the pairing value . Also remember that it was the property billinearity we needed to make our short signature scheme possible. The Weil pairing can be computed as Let and be divisors of degree 0 such that , and and share no points. Let and be functions s.t. and . Then the Weil pairing can be written on the form Suppose further that a point is given. Then (divisors share class), and do not have any points in common and . Let , Miller realised that the function f can be constructed using an double-and-add in n algorithm by values of straight lines in points. Let be the value of the equation for the straight line intersecting in P and Q taking in the point S. Note that it S will not lie on the line and therefore not give the value zero. Then Millers algorithm for computing the value of : Taking advantage of the representation of n. In the article Refinements of Miller's algorithm for computing the Weil/Tate pairing Blake et al. describe algorithms for the case of low or average Hamming weight of n. The Hamming weight of n clearly have some impact on the running time of the above algorithm. To give a picture of the algorithm choice I made a SAGE interact that writes out in latex the unevaluated expression generated in the algorithm for computing f. This will in some way let us see the “length” of the expression and theirby provide us a loose measure of the time to compute f. The interact is included in the still very early release of my digital signature implementation in SAGE. Tripling in base 3 The reason for including the base three algorithms is that I look at curves over finite fields of characteristic three in my thesis. In these fields tripling a value is faster than doubling, and if in a normal base in the field then the tripling operation becomes just a shift operation. ]]>david@mollerhansen.com@code@cryptography@dtu2008-11-16T19:20:38+01:00http://www.mollerhansen.com/Blog/files/053c9a949df022172b66d72a28b3a688-10.php#unique-entry-id-10http://www.mollerhansen.com/Blog/files/053c9a949df022172b66d72a28b3a688-10.php#unique-entry-id-10david@mollerhansen.com@dtu@cryptography@math2008-11-14T22:20:31+01:00http://www.mollerhansen.com/Blog/files/ac1918115af9566d0dcb72c2c3946a59-9.php#unique-entry-id-9http://www.mollerhansen.com/Blog/files/ac1918115af9566d0dcb72c2c3946a59-9.php#unique-entry-id-9david@mollerhansen.com@code@dtu@math2008-11-05T22:13:56+01:00http://www.mollerhansen.com/Blog/files/7709621350b38782cb70c65e0aa923a5-8.php#unique-entry-id-8http://www.mollerhansen.com/Blog/files/7709621350b38782cb70c65e0aa923a5-8.php#unique-entry-id-8david@mollerhansen.com@home@math@cryptography2008-11-03T20:14:29+01:00http://www.mollerhansen.com/Blog/files/e64ec13a26870c9be6cbc06b2aefe8df-6.php#unique-entry-id-6http://www.mollerhansen.com/Blog/files/e64ec13a26870c9be6cbc06b2aefe8df-6.php#unique-entry-id-6david@mollerhansen.com@code@home2008-10-24T14:34:08+02:00http://www.mollerhansen.com/Blog/files/e19a3fe840ba56480a2a85eba590ca28-3.php#unique-entry-id-3http://www.mollerhansen.com/Blog/files/e19a3fe840ba56480a2a85eba590ca28-3.php#unique-entry-id-3david@mollerhansen.com@math@dtu2008-10-22T22:53:55+02:00http://www.mollerhansen.com/Blog/files/e924db0b21bc53d9eee323a5517c9729-2.php#unique-entry-id-2http://www.mollerhansen.com/Blog/files/e924db0b21bc53d9eee323a5517c9729-2.php#unique-entry-id-21). These curves was proposed to be used for cryptography early on but had inefficient methods of doing arithemetic, this have since changed. Maybe I will get back to this when I myself know more about it. ]]>david@mollerhansen.com@home@code2008-10-17T02:24:48+02:00http://www.mollerhansen.com/Blog/files/96357eb73af994183557fd32118e125e-1.php#unique-entry-id-1http://www.mollerhansen.com/Blog/files/96357eb73af994183557fd32118e125e-1.php#unique-entry-id-1