Optimal Extension Fields for XTR

  • Dong-Guk Han
  • Ki Soon Yoon
  • Young-Ho Park
  • Chang Han Kim
  • Jongin Lim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security [6]. XTR is a new method to represent elements of a subgroup of a multiplicative group of a finite field GF(p6) and it can be generalized to the field GF(p6m) [6],[9]. This paper proposes optimal extension fields for XTR among Galois fields GF(p6m) which can be applied to XTR. In order to select such fields, we introduce a new notion of Generalized Optimal Extension Fields(GOEFs) and suggest a condition of prime p, a defining polynomial of GF(p2m) and a fast method of multiplication in GF(p2m) to achieve fast finite field arithmetic in GF(p2m). From our implementation results, GF(p36) → GF(p12) is the most efficient extension fields for XTR and computing Tr(gn) given Tr(g) in GF(p12) is on average more than twice faster than that of the XTR system [6],[10] on Pentium III/700MHz which has 32-bit architecture.


XTR public key system Pseudo-Mersenne prime Karatsuba’s method 


  1. 1.
    Aho, A., Hopcroft, J., Ullman, J., The Design and Analysis of Computer Algorithms., Addison-Wesley, Reading Mass,1974.zbMATHGoogle Scholar
  2. 2.
    Bach, E, Shallit, J., Algorithmic Number Theory., Vol 1, The MIT Press, Mass, 1996.zbMATHGoogle Scholar
  3. 3.
    Bailey. D.V. and Paar C, Optimal extension fields for fast arithmetic in public-key algorithms., Crypto’ 98, Springer-Verlag pp.472–485, 1998.Google Scholar
  4. 4.
    H. Cohen, A.K. Lenstra, Implementation of a new primality test., Math.Comp.48 (1987) 103–121.MathSciNetCrossRefGoogle Scholar
  5. 5.
    D.E. Knuth, The art of computer programming., Volume 2, Seminumerical Algorithms, second edition, Addison-Wesley, 1981.Google Scholar
  6. 6.
    A.K. Lenstra, E.R. Verheul, The XTR public key system., Proceedings of Crypto 2000, LNCS 1880,Springer-Verlag, 2000,1–19; available from Scholar
  7. 7.
    A.K. Lenstra, Using Cyclotomic Polynomials to Construct Efficient Discrete Logarithm Cryptosystems over Finite Fields., Proceedings of ACISP 1997, LNCS 1270,Springer-Verlag, 1997,127–138.zbMATHGoogle Scholar
  8. 8.
    A.K. Lenstra, Lip 1.1, available at
  9. 9.
    Seongan Lim, Seungjoo Kim, Ikkwon Yie, Jaemoon Kim, Hongsub Lee, XTR Extended to GF(p 6m). Procee dings of SAC 2001,317–328, LNCS 2259, Springer-Verlag, 2001,125-143.Google Scholar
  10. 10.
    Martijn Stam, A.K. Lenstra, Speeding Up XTR. Proceedings of Asiacrypt 2001, LNCS 2248, Springer-Verlag, 2001,125–143; available from Scholar
  11. 11.
    A.J Menezes, Applications of Finite Fields., Waterloo, 1993.Google Scholar
  12. 12.
    S.B. Mohan and B.S. Adiga, Fast Algorithms for Implementating RSA Public Key Cryptosystem., Electronics Letters, 21917):761,1985.CrossRefGoogle Scholar
  13. 13.
    S. Oh, S. Hong, D. Cheon, C. Kim, J. Lim and M. Sung, An Extension Field of Characteristic Greater than Two and its Applicatins. Technical Report 99-2, CIST,1999. Available from

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Dong-Guk Han
    • 1
    • 2
  • Ki Soon Yoon
    • 1
  • Young-Ho Park
    • 3
  • Chang Han Kim
    • 4
  • Jongin Lim
    • 1
  1. 1.Center for Information and Security Technologies(CIST)Korea UniversitySeoulKorea
  2. 2.Ministry of Information and Communication and Korea Information Security AgencyKorea
  3. 3.Dept. of Information Security amp; System EngineeringSejong Cyber Univ.SeoulKorea
  4. 4.Dept. of Information SecuritySemyung Univ.JechonKorea

Personalised recommendations