Recently, pairing-based cryptographic application sch-emes have attracted much attentions. In order to make the schemes more efficient, not only pairing algorithm but also arithmetic operations in extension field need to be efficient. For this purpose, the authors have proposed a series of cyclic vector multiplication algorithms (CVMAs) corresponding to the adopted bases such as type-I optimal normal basis (ONB). Note here that every basis adapted for the conventional CVMAs are just special classes of Gauss period normal bases (GNBs). In general, GNB is characterized with a certain positive integer h in addition to characteristic p and extension degree m, namely type-⟨h.m⟩ GNB in extension field Fpm. The parameter h needs to satisfy some conditions and such a positive integer h infinitely exists. From the viewpoint of the calculation cost of CVMA, it is preferred to be small. Thus, the minimal one denoted by hmin will be adapted. This paper focuses on two remaining problems: 1) CVMA has not been expanded for general GNBs yet and 2) the minimal hmin sometimes becomes large and it causes an inefficient case. First, this paper expands CVMA for general GNBs. It will improve some critical cases with large hmin reported in the conventional works. After that, this paper shows a theorem that, for a fixed prime number r, other prime numbers modulo r uniformly distribute between 1 to r-1. Then, based on this theorem, the existence probability of type-⟨hmin,m⟩ GNB in Fpm and also the expected value of hmin are explicitly given.

This paper proposes a method to construct a basis conversion matrix between two given bases in Fpm. In the proposed method, Gauss period normal basis (GNB) works as a bridge between the two bases. The proposed method exploits this property and construct a basis conversion matrix mostly faster than EDF-based algorithm on average in polynomial time. Finally, simulation results are reported in which the proposed method compute a basis conversion matrix within 30 msec on average with Celeron (2.00 GHz) when mlog p≈160.

This paper shows a necessary condition for type- and Gauss period normal bases in Fpm to be the same normal basis by using their traces.