Download Analysis and Optimality of the Width-w Non-Adjacent Form

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts
no text concepts found
Transcript 
Analysis and Optimality
of the Width-w Non-Adjacent Form
to Imaginary Quadratic Bases
Daniel Krenn
(joint work with Clemens Heuberger)
Graz University of Technology, Austria
June 7, 2011
Supported by the
Austrian Science Fund (FWF),
projects W1230 and S9606.
The Non-Adjacent Form
Existence
Analysis
Optimality
Overview
Numbers
z=
`−1
X
ξj τ j
j=0
with base τ ∈ C and digits ξj in a digit set D.
digit set too large
redundant representations
want syntax on digits of z to gain uniqueness
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Overview
Numbers
z=
`−1
X
ξj τ j
j=0
with base τ ∈ C and digits ξj in a digit set D.
digit set too large
redundant representations
want syntax on digits of z to gain uniqueness
Questions:
Existence of representations?
How often does a digit occur?
Is the syntax the best possible syntax?
Analysis and Optimality of the Width-w Non-Adjacent Form
?
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Introduction
Problem
Let P be an element of a group, n ∈ N0 .
Calculate
nP = P + · · · + P
as efficient as possible.
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Introduction
Problem
Let P be an element of a group, n ∈ N0 .
Calculate
nP = P + · · · + P
as efficient as possible.
double-and-add algorithm, e.g., 27 = (11011)2 ,
27P = 2(2(2(2(1P) + 1P) + 0) + 1P) + 1P
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Introduction
Problem
Let P be an element of a group, n ∈ N0 .
Calculate
nP = P + · · · + P
as efficient as possible.
double-and-add algorithm, e.g., 27 = (11011)2 ,
27P = 2(2(2(2(1P) + 1P) + 0) + 1P) + 1P
double-add-and-subtract algorithm, e.g., 27 = (1001̄01̄)2 ,
27P = 2(2(2(2(2(1P) + 0) + 0) − 1P) + 0) − 1P
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Elliptic Curves over Finite Fields
Y
Elliptic Curve
−R
E : y 2 = x 3 + ax 2 + bx + c
Q
Example. Koblitz curve
P
X
E3 : Y 2 = X 3 − X − 1
defined over
F3
interested in the group
E (Fqm )
of rational points of E
Analysis and Optimality of the Width-w Non-Adjacent Form
R =P +Q
Y 2 = X3 − X + 1
Figure: Elliptic curve
Y 2 = X 3 − X + 1 over
R.
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Frobenius-and-Add Method
Frobenius endomorphism
ϕ : E (Fqm ) −→ E (Fqm ) ,
(x, y ) 7−→ (x q , y q )
satisfies a relation ϕ2 − pϕ + q = 0
ϕ may be identified with an imaginary quadratic τ
that is a solution of τ 2 − pτ + q = 0
z ∈ Z[τ ], P ∈ E (Fqm )
Computation of the Action zP
z=
`−1
X
ξj τ j
=⇒
j=0
zP =
`−1
X
ξj ϕj (P)
j=0
calculation via a Horner scheme
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Non-Adjacent Form: General Definition
base τ , digit set D
numbers
z=
X
N0
ξj τ j =: (ξ)τ
j∈
with digits ξj ∈ D
w ∈ N with w ≥ 2
Figure: Values of 4-NAFs with MNR
digit set and τ = 1 + i.
Analysis and Optimality of the Width-w Non-Adjacent Form
ξ is a width-w
non-adjacent form
(short w -NAF),
if each block of length w
contains at most
one non-zero.
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Digit Sets
base τ imaginary quadratic,
algebraic integer
√
τ = 12 + 12 −7,
w =2
√
τ = 32 + 12 −3,
w =2
τ =1+
√
−1, w = 4
√
τ = 23 + 12 −3,
w =3
w ≥2
minimal norm representatives
digit set modulo τ w
0
exactly one representative
of each residue class
modulo τ w
not divisible by τ
which has minimal norm
Figure: Some MNR digit sets.
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Existence and Uniqueness
Existence and uniqueness of the w -NAFs, w ≥ 2, for
base τ = 2 digit set D = 0, ±1, ±3, . . . , ±(2w −1 − 1)
(Reitwiesner 1960, Solinas 2000, Muir–Stinson 2006)
base τ is solution of τ 2 ± τ + 2 = 0
minimal norm representatives digit set modulo τ w
∃!
(Solinas 2000, Blake–Kumar-Murty–Xu 2005)
base τ is solution of τ 2 ± 3τ + 3 = 0
minimal norm representatives digit set modulo τ w
(Koblitz 1998, Blake–Kumar-Murty–Xu 2005)
base τ coming from Euclidean imaginary quadratic
number field,
minimal norm representatives digit set modulo τ w
(Blake–Kumar-Murty–Xu 2008)
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Existence and Uniqueness
base τ imaginary quadratic,
algebraic integer
minimal norm
representatives digit set
modulo τ w , w ≥ 2
Theorem (Heuberger–K. 2010)
Each element in Z[τ ] has a
unique w -NAF-expansion.
Figure: Values of 3-NAFs
√ with MNR
digit set and τ = 32 + 21 −3.
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Occurences of a non-zero Digit in a Region
Theorem (Heuberger–K. 2010)
base τ imaginary quadratic, algebraic integer
with |τ | > 1
minimal norm representatives digit set D
0 6= η ∈ D
N ∈ R≥0
unit disc U := B(0, 1) ⊆ C
Then number of occurrences of the digit η
in all w -NAFs in the region NU is
Z (N) = ew πN 2 log|τ | N + N 2 ψ log|τ | N + o N 2 .
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Sketch of Proof
based on Delange’s method
counting
Z (N) =
X
Z
X
n∈NU∩ [τ ] j∈
n=NAFw (n)
1
λ(V )
[εj (n) = η]
characteristic sets Wη ,
approximations Wη,j
equivalent conditions
Figure: Wη for
2-NAFs with
√
τ = 23 + 12 −3.
Z (N) =
N0
jth
digit ofn equals η
−(j+w
)
τ
n Z[τ ] ∈ Wη,j
rewriting the sum as integral
n
x o
1Wη,j
dx+‘small’ error terms
τ j+w Z[τ ]
x∈NU
J Z
X
j=0
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Optimality
base τ , digit set D
expansions with digits out of D
(Hamming-)weight of an expansion is the number
of its non-zero digits
expansion of z is optimal, if it minimizes the weight
among all expansions of z with digits out of D
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Optimality
base τ , digit set D
expansions with digits out of D
(Hamming-)weight of an expansion is the number
of its non-zero digits
expansion of z is optimal, if it minimizes the weight
among all expansions of z with digits out of D
Theorem (Reitwiesner 1960)
Let τ = 2 and D = {−1, 0, 1},
then the 2-NAF of each integer is optimal.
Theorem (Avanzi 2004, Muir–Stinson 2004)
Let τ = 2, w ≥ 2, and D = 0, ±1, ±3, . . . , ±(2w −1 − 1) ,
then the w -NAF of each integer is optimal.
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Optimality
base τ is solution of τ 2 − µτ + 2 = 0, µ ∈ {−1, 1}
minimal norm representatives digit set modulo τ w , w ≥ 2
Theorem (Avanzi–Heuberger–Prodinger 2005, Gordon 1998)
Let w ∈ {2, 3}, then the w -NAF of each element of
optimal.
Z[τ ] is
Theorem (Heuberger 2010)
Let w ∈ {4, 5, 6}, then the w -NAF is not optimal.
Analysis and Optimality of the Width-w Non-Adjacent Form
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Optimality
base τ is solution of τ 2 − pτ + q = 0,
p, q ∈ Z with q − p 2 /4 > 0
minimal norm representatives digit set modulo τ w , w ≥ 2
Theorem (Heuberger–K. 2011)
If one of the conditions
w ≥ 4 and |p| ≥ 3,
w = 3 and |p| ≥ 5
holds, then the w -NAF of each element of
Analysis and Optimality of the Width-w Non-Adjacent Form
Z[τ ] is optimal.
Daniel Krenn
The Non-Adjacent Form
Existence
Analysis
Optimality
Optimality-Map
(0, 9)
(0, 8)
(0, 7)
(0, 6)
(0, 5)
(0, 4)
(1, 9)
(1, 8)
(1, 7)
(1, 6)
(1, 5)
(1, 4)
(2, 10)
(2, 9)
(2, 8)
(2, 7)
(2, 6)
(2, 5)
(3, 11)
(3, 10)
(3, 9)
(3, 8)
(3, 7)
(3, 6)
(2, 4)
(0, 3)
(4, 11)
(4, 10)
(4, 9)
(4, 8)
(5, 15)
(5, 14)
(5, 13)
(5, 12)
(5, 11)
(5, 10)
(6, 15)
(6, 14)
(6, 13)
(5, 8)
(6, 10)
(4, 5)
Analysis and Optimality of the Width-w Non-Adjacent Form
(6, 16)
(6, 11)
(4, 6)
(3, 3)
(6, 17)
(5, 9)
(3, 4)
(2, 2)
(6, 18)
(6, 12)
(4, 7)
(2, 3)
(1, 2)
pairs (p, q)
with τ 2 − pτ + q = 0
(4, 12)
(3, 5)
(1, 3)
(0, 2)
(4, 13)
(5, 7)
Daniel Krenn
Related documents