By submitting this article to the 47th Annual Iranian Mathematics Conference (AIMC47) , Kharazmi University, I confirm that the authors are responsible for its content and its originality and have agreed to its submission to AIMC47.
A Pure-Integer Nonlinear Programming for Elliptic Curve Cryptosystem Davood Rezaeipour* , Mohamad Rushdan Md Said E - Learning Center, Sharif University of Technology,
[email protected] University Putra Malaysia,
[email protected] Abstract Scalar point multiplication plays an important role in Elliptic Curve Cryptosystem (ECC). Double-Base Number System (DBNS) expansion is one of the proposed methods for computation of scalar multiplication. In a greedy approach the largest {2, 3}-integer is obtained in the form of 2a3b, less than or equal to x. Then we use pure-integer nonlinear programming (PINLP), to find the best default approximation of x of the form . Keywords: Scalar multiplication; Double-Base number system; Pure-Integer Nonlinear Programming; Branch & Bound method. Mathematics Subject Classification(2010): 94A60, 14G50
1
Introduction
Elliptic curve cryptosystem (ECC) ([4] , [3]) is based on the difficulty of elliptic curve discrete logarithm problem (ECDLP). ECC has become essential tool for cryptography because of its major security using shorter key-length. Another main feature of ECC is its implementation that is how to compute the scalar multiplication kP efficiently, where k is a large integer and P is a point on the elliptic curve. So, the efficiency of an ECC implementation mainly depends on the way we implement the scalar multiplication. Let E be an elliptic curve defined over a finite field Fq. Let P E be a point of prime order n, and let be the prime order subgroup of E generated by P. If Q , then Q=kP for some integer k, 0 . The problem of finding k, given P, Q and the parameters of E, is known as the ECDLP. The researchers have used some methods for various representations of the scalar k [binary, ternary, non-adjacent form (NAF), window methods (w-NAF) and etc] to accelerate and make secure this operation [3]. Now, we use any integer in the Double-Base Number System (DBNS) in the form . Greedy algorithm returns a DBNS expansion. The main task at each step is to find the best {2, 3}–approximation z that is the closet to x such that is minimal. We continue this procedure until the algorithm convergence.
Algorithm. Greedy decomposition Input: An integer Output: The sequence of exponents such that 1: while do 2: Find the best approximation of as the form 3: Print 4: *Speaker
The standard method, based on ideas to efficiently compute such a multiplication is the double. Several ideas have been introduced to improve this method. In this paper, we use Pure-Integer Nonlinear Programming (PINLP) to find pair of where are nonnegative integers. Nonlinear programming (NLP) [7], [1] is the study of optimizing an objective function that may not be a linear function or some of the constraints may not be linear inequalities. If all decision variables be integer, this problem is a PINLP. Branch and Bound technique (B&B) [5] is well known for its application to Integer Programming (IP). The basic concept underlying the B&B technique is to divide and conquer. Initially, set where the value of is for the current incumbent (the best feasible solution found so far). Apply the three steps: bounding step, fathoming step, and optimality test to the whole problem. Among the integer-restricted variables, choose the first one in the natural ordering of the variables to be the branching variable. Let be this variable and its value in the solution. Branch from the node for the sub-problem to create two new sub-problems by adding the respective constraints and . Then, apply the three fathoming test given below, and discard those sub-problems that are fathomed using any of the tests. Test 1: Its bound Test 2: Its NLP model has no feasible solutions. Test 3: The optimal solution for its NLP model has integer values for the integer-restricted variables. Optimality test: Stop when there are no remaining sub-problems, the current incumbent is optimal. Otherwise, perform other iteration. We use this technique to find the best default approximation double base form closest to .
2
Plan of Problem
Let
be a given positive integer. We want to find two integer numbers of such that and among the solutions to this problem, is the largest possible value [2]. In other words: (1) Now, it can be rewritten as: (2) Clearly, if is a maximal solution of (2), then ,
3
Explicit Solution of Nonlinear Programming
In previous section, we suppose (1) as maximization of a nonlinear function that has two following constraints, then the pair of is computed by B&B technique.
Let
and
and multiply the entire constraint by a proper constant to remove
all the real sections. Equivalently,
Example. Let
, we try to find the two non-negative integers largest 2-integer less than or equal to . and
)
2
such that
is the
We will illustrate this problem using B&B technique: Maximize Subject to
Initialization. After setting
, we form the NLP solution of this problem by deleting the set of
constraints. NLP solution of whole problem is:
Iteration
1.
The second integer-restricted variable has a non-integer value, , so becomes the branching variable. Then, we have the following sub-problems. Sub-problem 1: Original problem plus additional constraint: Sub-problem 2: Original problem plus additional constraint: NLP solution of sub-problem 1:
i.e.
Bound for sub-problem 1: NLP solution of sub-problem 2: Bound for sub-problem 2: Note that sub-problem 1 can be fathomed by test 3. This feasible solution for the original problem becomes our first incumbent. We fathom (dismiss) sub-problem 1 now. Since the solution of sub-problem 2 exists (feasible solution), this sub-problem is unfathomed. Iteration 2. Since has a non-integer value in the optimal solution for NLP solution of sub-problem 2, becomes the branching variable. This leads to the following new sub-problems. Sub-problem 3: Original problem plus additional constraints: Sub-problem 4: Original problem plus additional constraints: NLP solution of sub-problem 3: Bound for sub-problem 3: NLP solution of sub-problem 4: No feasible solutions. Sub-problem 4 immediately fathomed by test 2.
3
Iteration 3. Since
has a non-integer value, this leads to the following new sub-problems.
Sub-problem 5: Original problem plus additional constraints: Sub-problem 6: Original problem plus additional constraints: NLP solution of sub-problem 5: Bound for sub-problem 5: NLP solution of sub-problem 6: Bound for sub-problem 6: Note that sub-problem 5 can be fathomed by test 3. Furthermore, this feasible solution is better than the incumbent , so it becomes the new incumbent, with . Since a new incumbent has been found, we now reapply fathoming test 1 with the new larger value of to the only remaining sub-problem. Similarly, we have various iterations such that those lead to the new sub-problems. In iteration 17, Sub-problem 33: Original problem plus additional constraints: NLP solution of sub-problem 33: Bound for sub-problem 33: Note this sub-problem can be fathomed by test 3. Furthermore, this feasible solution is better than the incumbent , so it becomes the new incumbent, with . Remark 1. In some iterations, we found the optimal solution for their NLP solutions which have integer values for all integer-restricted variables, but those fathomed by test 1 with . If we continue this procedure, we don’t find another feasible solution better than the current incumbent, so we obtain the first pair of sequence of exponents such that in Greedy decomposition, i.e. . Now, if we run this problem by LINGO software of version [6] and use the GLOBAL SOLVER type as LINGO/ Option/Global Solver tab/ , then
MODEL:
If we run this program in LINGO software, then the reports are as follows. Global optimal solution found. Objective value: 839808.0 Objective bound: 839808.0 Total solver iterations: 856 Model Class: PINLP 4
Since we have the integer values for integer-restricted variables; we can use @GIN command to get our aim. Also, @BIN command determines bound of variables. For getting next pair, first we compute – . Then we repeat B&B Algorithm for .
Remark 2. If we want to find the other pairs, then we use extra property, i.e. the exponents of form two separate monotonic decreasing sequences for powers of 2 , 3 :
Namely, in stage i , we add two constraints . For example, we add two constraints for solution problem given by With returning the solution of our example, we continue this procedure, then
In other words:
4
.
.
Conclusion
In this work, we described a method to find the closest to a given number using PINLP. The results of this research show that the proposed approach has proper computation results for ECC problems. In signed expansions case [4], we can use the following strategy. Namely, similarly we can find a´ , b´ ≥ 0 such that
and in this case, we use minimization for this problem:
Finally, we compare and , then select the smallest of both values. As a future research, we can discuss about the Multi-Base Number System for finding the best approximation of an integer such as . [4]
References [1] M. S. Bazaraa, H. D. Sherali, and C. M. Shetty, “Nonlinear Programming: Theory and Algorithms” 2nd ed. New York: Wiley, 1993. [2] V. Berthe, L. Imbert, “Diophantine Approximation, Ostrowsky Numeration and the Double-Base Number System,” DMTCS, vol. 11. France: Nancy, 2009, pp.153–172. [3] H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, and F. Vercauteren, “Handbook of Elliptic and Hyperelliptic Curve Cryptography”. Chapman & Hall/CRC, July 2005. [4] V.S. Dimitrov, L. Imbert, and P.K. Mishra, "The Double-Base Number System and Its Application to Elliptic Curve Cryptography," Math. of Computation, vol. 77, no. 262, pp. 1075-1104, 2008. [5] F. S. Hillier, G. J. Lieberman, “Introduction to Operation Research” 9th ed. New York : McGrawHill, Inc., 2010. [6] Information on http://www.lindo.com/downloads/download LINGO / [7] A. Ruszczynski, “Nonlinear Optimization” New Jersey : Princeton University Press, 2006.
5
