Random small Hamming weight products with applications to cryptography

There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field F2n, multiples on Koblitz elliptic curves, and multiples in NTRU convolution polynomial rings. The underlying idea is to form a random exponent or multiplier as a product of factors, each of which has low Hamming weight when expanded as a sum of powers of some fast operation.

[1]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[2]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[3]  H. Cohen A course in computational number theory , 1993 .

[4]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[5]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[6]  Peter de Rooij,et al.  On the Security of the Schnorr Scheme using Preprocessing , 1991, EUROCRYPT.

[7]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[8]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[9]  D. Bressoud,et al.  A Course in Computational Number Theory , 2000 .

[10]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[11]  Gadiel Seroussi,et al.  On the minimum distance of some quadratic residue codes , 1984, IEEE Trans. Inf. Theory.

[12]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[15]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[16]  Douglas R. Stinson Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem , 2002, Math. Comput..