International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

James A. Muir

Publications

Year
Venue
Title
2008
EPRINT
Unbalanced Digit Sets and the Closest Choice Strategy for Minimal Weight Integer Representations
Clemens Heuberger James A. Muir
An online algorithm is presented that produces an optimal radix-2 representation of an input integer $n$ using digits from the set $D_{\ell,u}=\{a\in\Z:\ell\le a\le u\}$, where $\ell \leq 0$ and $u \geq 1$. The algorithm works by scanning the digits of the binary representation of $n$ from left-to-right (\ie from most-significant to least-significant). The output representation is optimal in the sense that, of all radix-2 representations of $n$ with digits from $D_{\ell,u}$, it has as few nonzero digits as possible (\ie it has \emph{minimal weight}). Such representations are useful in the efficient implementation of elliptic curve cryptography. The strategy the algorithm utilizes is to choose an integer of the form $d 2^i$, where $d \in D_{\ell,u}$, that is closest to $n$ with respect to a particular distance function. It is possible to choose values of $\ell$ and $u$ so that the set $D_{\ell,u}$ is unbalanced in the sense that it contains more negative digits than positive digits, or more positive digits than negative digits. Our distance function takes the possible unbalanced nature of $D_{\ell,u}$ into account.
2006
EPRINT
A Simple Left-to-Right Algorithm for the Computation of the Arithmetic Weight of Integers
James A. Muir
We present a simple algorithm for computing the arithmetic weight of an integer with respect to a given radix r>=2. The arithmetic weight of n is the minimum number of nonzero digits in any signed radix-r representation of n. This algorithm leads to a new family of minimal weight signed radix-r representations which can be constructed using a left-to-right on-line algorithm. These representations are different from the ones previously reported by Joye and Yen at PKC 2002. The idea behind our algorithm is that of choosing closest elements which was introduced by Muir and Stinson at CT-RSA 2005. Our results have applications in coding theory and in the efficient implementation of public-key cryptography.
2006
EPRINT
Minimal Weight and Colexicographically Minimal Integer Representations
Clemens Heuberger James A. Muir
Redundant number systems (e.g. signed binary representations) have been utilized to efficiently implement algebraic operations required by public-key cryptosystems, especially those based on elliptic curves. Several families of integer representations have been proposed that have a minimal number of nonzero digits (so-called \emph{minimal weight} representations). We observe that many of the constructions for minimal weight representations actually work by building representations which are minimal in another sense. For a given set of digits, these constructions build \emph{colexicographically minimal} representations; that is, they build representations where each nonzero digit is positioned as far left (toward the most significant digit) as possible. We utilize this strategy in a new algorithm which constructs a very general family of minimal weight dimension-$d$ \emph{joint} representations for any $d \geq 1$. The digits we use are from the set $\{a \in \ZZ: \ell \leq a \leq u\}$ where $\ell \leq 0$ and $u \geq 1$ are integers. By selecting particular values of $\ell$ and $u$, it is easily seen that our algorithm generalizes many of the minimal weight representations previously described in the literature. From our algorithm, we obtain a syntactical description of a particular family of dimension-$d$ joint representations; any representation which obeys this syntax must be both colexicographically minimal and have minimal weight; moreover, every vector of integers has exactly one representation that satisfies this syntax. We utilize this syntax in a combinatorial analysis of the weight of the representations.
2005
EPRINT
Seifert's RSA Fault Attack: Simplified Analysis and Generalizations
James A. Muir
Seifert recently described a new fault attack against an implementation of RSA signature verification. Here we give a simplified analysis of Seifert's attack and gauge its practicality against RSA moduli of practical sizes. We suggest an improvement to Seifert's attack which has the following consequences: if an adversary is able to cause random faults in only 4 bits of a 1024-bit RSA modulus stored in a device, then there is a greater than 50% chance that they will be able to make that device accept a signature on a message of their choice. For 2048-bit RSA, 6 bits suffice.

Coauthors

Clemens Heuberger (2)