1 / 36

How to Implementation of Braid Group

How to Implementation of Braid Group. Presenter: 陳國璋. Outline. Practical Comparison of Fast Public-Key Cryptosystem An Efficient Implementation of Braid Group A Mathmatica-package for algebraic braid groups. Practical Comparison of Fast Public-Key Cryptosystem.

dani
Download Presentation

How to Implementation of Braid Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Implementation of Braid Group Presenter: 陳國璋

  2. Outline • Practical Comparison of Fast Public-Key Cryptosystem • An Efficient Implementation of Braid Group • A Mathmatica-package for algebraic braid groups

  3. Practical Comparison of Fast Public-Key Cryptosystem Priit Karu and Jonne Loikkanen Seminar of Network Security, 2000

  4. Introduction • 目的 • 在有限的環境下,如smart card, PDA’s或手機,實作公開金鑰加密系統。 • 回顧RSA, ECC, NTRU與Braid Group • 安全等級(Security Level) • 實作(Implementation)

  5. About RSA • 1997, Shamir, Rivest and Adelman所提出。 • 要有相當長的運算子(Operands)的模數計算(Modular arithmetic) 。 • 在有限環境下,RSA的效能非常慢。 • 由於因數分解問題,RSA的金鑰長度非常長,一般來說是1024-bits。

  6. About ECC • 1976, Whitfield Diffie and Martin Hellman所提出。 • Elliptic Curve Discrete Logarithm Problem (ECPLD) • 縮小金鑰長度,減少頻寬。 • 安全等級(Security Level) • ECC112 = RSA512 • ECC168 = RSA1024 • ECC196 = RSA2048

  7. About ECC • 實作ECC,必須選擇明確的field • Binary field GF(2n) • 適合在硬體上實作 • Prime field GF(p) • 運算速度慢 • Even composite fields GF((2n)m) • 容易被破解 • Optimal Extension Fields GF(pm)

  8. About ECC • GF(pm), p = 2n – c, this paper: GF((214 - 3)12) • Irreducible binomial P(x) = xm – w, this paper: P(x)=x12 - 2 • 選擇n,讓2n滿足處理器的暫存器長度。 • c,w是個小值,通常為1, 2或3。 • 使用加法來取代乘法。

  9. About ECC • 使用OEFs優勢 • 加速modular reductions • 2n = c mod p • 加速operations modulo polynomial P(x) • xm = w mod P(x)

  10. About ECC • Class Oef • 實作field運算 • Inversion • Polynomial version of Extended Euclidean algorithm • Binary extended gcd algorithm • Multiplication • Accumulation-and-then-reduction technique • Class Ec • 實作橢圓曲線運算 • 測試機制為ElGamal scheme

  11. About NTRU • Presented by Jeffrey Hoffstein at CRYPTO’96 and was published in 1998. • 代數結構為特殊的多項式環(Polynomial rings) • 難題為給定一個網格(Lattice),找最短的向量是困難的。 • Γ為多項式環,irreducible poly為XN – 1 • Γ = Z[X] / (XN - 1)

  12. About NTRU • 安全等級(Security Level) • NTRU167 = RSA512 • NTRU263 = RSA1024 • NTRU503 = RSA2048

  13. About Braid Group • 1925, Emil Artin所提出。 • 代數群為辮群。

  14. About Braid Group K. H Ko, S. J. Leem J. H. Cheon, J. W. Han, J. Kang and C. Park. New Public-key Cryptosystem Using Braid Group Accepted at CRYPTO’2000

  15. About Braid Group

  16. About Braid Group • 提供permutation表示法。 • 提供permutation運算。 • n-permutation能表示成n個整數的陣列。 • 有文章提出將n-permutation(有n!個)轉換成一個整數與不同的transitions表示法,並建立運算表方便計算。這在有限環境下是個非常大的負擔。

  17. About Braid Group • 將辮子轉換成一個基辮與一連串的permutation 。

  18. About Braid Group • 將辮子轉換成唯一表示法 Left Canonical Form (LCF) • 提供inverse LCF與product LCF計算。

  19. About Braid Group • Inverse LCF • 必須看過所有的permutation才有辦法計算 • The complexity of inverse permutation is O(n), n is braid index. • The complexity of inverse LCF is O(np), p is the canonical length. • Product LCF • 將一個LCF轉成permutations,接在另一個LCF的左邊 • Permutation個數將逼近n! • 找maximal tail,在worst case的時間複雜度為O(n2) • 整體來說會是O(q(p+q)n2),p,q為canonical length,有時會慢於理論上的O(pqnlogn)

  20. About Braid Group • 提供加密機制,產生金鑰、加密、解密等等運算。

  21. About Braid Group • 空間需求 • 一個permutation需要一個陣列,大小為n • p個permutation需要p個陣列,所以一個辮子所需空間為O(np) • 辮子相乘,只要複製特定辮子即可達成。 • 沒有額外的運算表,沒有額外資料結構。 • 總空間需求為O(np)

  22. About Braid Group • 安全等級(Security Level) • p = 2, q = 2, n = 48, 在300MHz計算環境下,在4*108年才有辦法破解,同等於RSA1024。

  23. Conclusion

  24. An Efficient Implementation of Braid Group J. C. Cha, K. H. Ko, S. J. Lee, J. W. Han and J. H. Cheon LNCS 2002

  25. Canonical Factors - Data Structure • Artin表示法的標準因子(Canonical factor)是一個n-permutation,也就是有n個整數的陣列。 • 第i條線接到A[i]位置。 • A稱為permutation table

  26. Canonical Factors - Operations • Comparison : O(n) • Product and Inverse : O(n) • The Automorphism : O(n) • The automorphism τ defined by τ(a) = D-1aD • Sends canonical factors to canonical factors. • Time complexity of τu(a) = O(n) • Meet : O(nlogn)

  27. Braids – Data Structure • B = DqA1A2…Ap = (q, (Ai)) • D為基辮 • Ai為標準因子(Canonical factor) • B的標準長度為p

  28. Braids - Operations • Group operations • Product : O(pn) • (DqA1…Ap)(DsB1…Bt) = Dq+sτq(A1)…τq(Ap)B1…Bt • Inverse : O(pn) • (DqA1…Ap)-1 = D-(q+p)τ-(q+p)(Ap-1D)…τ-(q+p)(A1-1D) • Left Canonical Form : O(p2nlogn) • Comparison : O(p2nlogn)

  29. Braids - Operations • Left-weighted • P : positive braid, P = AB, A,B≧e • S(P) : starting set, S(P)⊂{1, …, n-1} • S(P) = {i | P = σiPi, Pi ≧ e} • F(P) : finishing set, F(P)⊂{1, …, n-1} • F(P) = {i | P = Piσi, Pi ≧ e} • Left-weighted factorization if S(B)⊂F(A) • Right-weighted factorization if F(A)⊂S(B) • P = (σ2σ3σ5)(σ2σ3) = AB • S(B) = {2, 3} ⊂ F(A) = {2, 3, 5}

  30. Braids - Operations • Left Canonical Form • P = DqP’, P’ = A1…Ap • ∀i, S(Ai+1)⊂F(Ai) • If S(Ai+1)⊂F(Ai) • Select j ∈ Ai+1 with j ∈ Ai • 從後面辮子找一個沒有出現在前面辮子的單位辮 • Bi = Aiσi and Bi+1 = σi-1Ai+1 • 將此單位辮從後面辮子移除,並放到前面辮子 • Replace Ai, Ai+1 • 取代 • Check and continue • 檢查條件並繼續

  31. Braids - Operations • Left Canonical Form • 先從[Ap-1Ap], [Ap-2Ap-1Ap], …, [A1…Ap = P]中找maximal head當初始辮 • A, B : Canonical factor • Max-head(AB) = A[(DA-1)∧LB] • LCF轉換演算法跟Bubble Sort非常類似 • 先找最長的辮子 • 將它補成Left-weighted factorization • 對剩下的元素重複以上動作

  32. Braids - Operations 找maximal head 補成Left-weighted factorization 拿掉基辮 拿掉單位辮

  33. Conclusion

  34. A Mathmatica-package for algebraic braid groups Ville Lukkarila Turku Centre for Computer Science Technical Report, 2005

  35. Technical Report • 提供所有辮群的表示法。 • Word • Permutation • LCF / MCF / RCF • Buran • Lawrence-Krammer • 提供幾乎所有辮群上的運算。 • 辮群視覺化。

  36. Summary Technical Report

More Related