52 Things: Number 13: Outline the use and advantages of projective point representation.
52 Things: Number 13: Outline the use and advantages of projective point representation.
52 Things: Number 13: Outline the use and advantages of projective point representation.
52件事:第13件:概述投影点表示的用途和优点。
This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know' to do Cryptography: a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. We continue the Mathematical Bac
这是一系列博客文章中的最新一篇,旨在解决“每个博士生都应该知道的52件事”做密码学:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。我们继续数学学士kground section by outlining the use and advantages of projective point representation.
kground部分通过概述投影点表示的用途和优点。
What is a projective point?
What are the advantages to using projective point representation?
这是一系列博客文章中的最新一篇,旨在解决“每个博士生都应该知道的52件事”做密码学:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。我们继续数学学士kground section by outlining the use and advantages of projective point representation.
kground部分通过概述投影点表示的用途和优点。
TLDR - Point doubling and addition on elliptic curve points requires a field inversion and several multiplications. We consider a field K (of characteristic that is neither 2 or 3). Given an inversion in K is significantly more expensive than multiplication, then it is generally more efficient to use projective point coordinates to compute these operations.
TLDR-椭圆曲线点上的点加倍和加法需要一个场反转和几次乘法运算。我们考虑字段 K (特性既不是 2 也不是 3 )。给定#3中的反演明显比乘法更昂贵,那么使用投影点坐标来计算这些运算通常更有效。
TLDR-椭圆曲线点上的点加倍和加法需要一个场反转和几次乘法运算。我们考虑字段 K (特性既不是 2 也不是 3 )。给定#3中的反演明显比乘法更昂贵,那么使用投影点坐标来计算这些运算通常更有效。
What is a projective point?
什么是投影点?
The projective form of the Weistrass equation (see Guys blog last week) for an elliptic curve E is an alternative but equivalent way of defining a point. We do not gain any additional functionality and, in fact, we can define an equivalence relation. Let c and d be positive integers and K is a field (of characteristic that is neither 2 or 3), then the equivalence relation ∼ on the set K3∖{0,0,0} of nonzero triples over the field K is
椭圆曲线 E 的Weistrass方程(见上周的Guys博客)的投影形式是定义点的一种替代但等效的方法。我们没有获得任何额外的功能,事实上,我们可以定义一个等价关系。设 c 和#2是正整数,#3是一个域(特征既不是#4也不是 3 ),则在域 K 上的非零三元组的集合 K3∖{0,0,0} 上的等价关系 ∼ 是
椭圆曲线 E 的Weistrass方程(见上周的Guys博客)的投影形式是定义点的一种替代但等效的方法。我们没有获得任何额外的功能,事实上,我们可以定义一个等价关系。设 c 和#2是正整数,#3是一个域(特征既不是#4也不是 3 ),则在域 K 上的非零三元组的集合 K3∖{0,0,0} 上的等价关系 ∼ 是
(X1,Y1,Z1)∼(X2,Y2,Z2) if X1=λcX2,Y1=λdY2,Z1=λZ2 for some λ∈K∗.
(X1,Y1,Z1)∼(X2,Y2,Z2) 如果 X1=λcX2,Y1=λdY2,Z1=λZ2 用于某些 λ∈K∗ 。
(X1,Y1,Z1)∼(X2,Y2,Z2) 如果 X1=λcX2,Y1=λdY2,Z1=λZ2 用于某些 λ∈K∗ 。
The equivalence class containing (X,Y,Z)∈K3∖{0,0,0} is
包含 (X,Y,Z)∈K3∖{0,0,0} 的等价类是
包含 (X,Y,Z)∈K3∖{0,0,0} 的等价类是
(X:Y:Z)={(λcX,λdY,λZ):λ∈K∗}.
We now have the projective point (X:Y:Z) and its representation (X,Y,Z).
现在我们有了投影点 (X:Y:Z) 和它的表示 (X,Y,Z) 。
现在我们有了投影点 (X:Y:Z) 和它的表示 (X,Y,Z) 。
Various projective coordinate systems have been proposed in the literature but for the purpose of this blog we consider the Jacobian coordinate system. In this representation, the projective point (X:Y:Z) where Z≠0 corresponds to the affine point (XZ2,YZ3).
文献中已经提出了各种投影坐标系,但为了本博客的目的,我们考虑了雅可比坐标系。在该表示中,其中#1的投影点 (X:Y:Z) 对应于仿射点#2。
文献中已经提出了各种投影坐标系,但为了本博客的目的,我们考虑了雅可比坐标系。在该表示中,其中#1的投影点 (X:Y:Z) 对应于仿射点#2。
What are the advantages to using projective point representation?
使用投影点表示的优点是什么?
Using projective point representation to compute point addition and doubling results in fewer field inversions and a higher number of multiplications (in comparison to working with affine coordinates). This can be demonstrated by converting the projective points to affine coordinates and attempting to simplify for addition and doubling operations. The resulting equation clears the denominators and hence removes the field inversion. At face value, this doesn't seem like a great achievement, however, evaluating a field inversion is significantly more computationally expensive than multiplication given the current state of the art in computer systems. To give an idea of the number of operations comparison for Affine vs Jacobian:
使用投影点表示来计算点相加和加倍会导致更少的场反转和更高的乘法次数(与使用仿射坐标相比)。这可以通过将投影点转换为仿射坐标并尝试简化加法和加倍操作来证明。得到的方程清除了分母,从而消除了场反演。从表面上看,这似乎不是一个伟大的成就,然而,考虑到计算机系统的当前技术状态,评估场反演在计算上比乘法要昂贵得多。为了给出仿射与雅可比算子的运算数比较的概念:
使用投影点表示来计算点相加和加倍会导致更少的场反转和更高的乘法次数(与使用仿射坐标相比)。这可以通过将投影点转换为仿射坐标并尝试简化加法和加倍操作来证明。得到的方程清除了分母,从而消除了场反演。从表面上看,这似乎不是一个伟大的成就,然而,考虑到计算机系统的当前技术状态,评估场反演在计算上比乘法要昂贵得多。为了给出仿射与雅可比算子的运算数比较的概念:
| Format 总体安排 | Doubling 加倍 | Addition 附加 |
|---|---|---|
| Affine 仿射 | 1I, 2M, 2S 1、2米、2秒 | 1I, 2M, 1S 1,2M,1S |
| Jacobian 雅各宾派 | 4M, 4S 4米,4秒 | 12M, 4S 12米,4秒 |
Operation counts for point addition and doubling on y=x3−3x+b. I = inversion, M = multiplication, S = squaring.
y=x3−3x+b 上的点添加和加倍操作计数。I=反转,M=乘法,S=平方。
y=x3−3x+b 上的点添加和加倍操作计数。I=反转,M=乘法,S=平方。
Exact performance counters are tricky as they will be dependant on the underlying platform and implementation. However, as long as field inversions remain significantly more expensive than multiplications, using affine coordinates will incur a high performance penalty over projective points.
精确的性能计数器很棘手,因为它们将取决于底层平台和实现。然而,只要场反演仍然比乘法昂贵得多,那么使用仿射坐标将比投影点产生高性能损失。
精确的性能计数器很棘手,因为它们将取决于底层平台和实现。然而,只要场反演仍然比乘法昂贵得多,那么使用仿射坐标将比投影点产生高性能损失。
Any drawbacks? 有什么缺点吗?
Not that I know of (although I wouldn't consider myself an expert in this field). As ever, there is always the scope to cock-up the implementation and potentially leak bits of the underlying discrete logs through Z[1].
据我所知并非如此(尽管我不认为自己是这方面的专家)。与以往一样,总有可能通过 Z [1]破坏实现并潜在地泄露底层离散日志的位。
据我所知并非如此(尽管我不认为自己是这方面的专家)。与以往一样,总有可能通过 Z [1]破坏实现并潜在地泄露底层离散日志的位。
The Working Class Must Lead!
