Abstract
This paper introduces a special family of twisted Edwards curve named Optimal mixed Montgomery-Edwards (OME) curves. The OME curve is proposed by exploiting the fact that every twisted Edwards curve is birationally equivalent to some elliptic curve in Montgomery form. The OME curves achieve optimal group arithmetic for both of twisted Edwards model and Montgomery model. In particular, the Montgomery model of OME curves only requires 3M + 2S and 1M + 3S + 3C to perform the point addition and point doubling operations, while 7M and 3M + 4S are needed for executing a point addition and point doubling for the twisted Edwards model of them. We also make effort to carefully choose the curve parameters and the underlying implementation field to achieve high performance. An example of OME curve is \(\mathcal{E}/\mathbb{F}_p : - x^2 + y^2 = 1 - 2782^2 \cdot x^2 y^2\) over p = 2192 − 264 − 1. Our implementation results on the widely used 8-bit micro-controller platforms (i.e., AVR Atmega128) further demonstrate and highlight the practical benefits of proposed OME curve on low-end device. In particular, our implementation, performed in constant-time, reduces the execution time by up to 14% and 18% for fixed point and random point scalar multiplication, respectively, when comparing with the state-of-the-art implementation on the identical platform.
摘要
创新点
本文提出了一类适用于低端设备上高效安全实现椭圆曲线密码系统的OME曲线。该类曲线能提供在Montgomery模型和扭Edwards模型下目前最优群律计算, 并为Montgomery模型的参数选择提供了一种替代方法。作为特例, 在NIST素数P192域上选择了一条满足SafeCurves安全要求的OME曲线, 并为其设计了高效的有限域计算和曲线群律计算方法。在8位AVR处理器平台上实现了该曲线上的固定/随机点标量乘法计算, 该实现运行时间为常数, 能抵抗简单能量分析攻击。相比之前同类平台上最新水平的实现, 本文方法提速14%以上。
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Kumar S S. Elliptic curve cryptography for constrained devices. Dissertation for the Doctoral Degree. Bochum: Ruhr University, 2006
Gura N, Patel A, Wander A S, et al. Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Proceedings of the 6th International Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, 2004. 119–132
Liu A, Ning P. Tiny ECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th International Conference on Information Processing in Sensor Networks, St. Louis, 2008. 245–256
Liu Z, Seo H, Großschädl J, et al. Efficient implementation of NIST-compliant elliptic curve cryptography for 8-bit AVR-based sensor nodes. IEEE Trans Inf Foren Secur, 2015, in press
Liu Z, Wenger E, Großschädl J. MoTE-ECC: energy-scalable elliptic curve cryptography for wireless sensor networks. In: Proceedings of the 12th International Conference on Applied Cryptography and Network Security, Lausanne, 2014. 361–379
National Institute of Standards and Technology (NIST). Recommended Elliptic Curves for Federal Government Use, White paper, 1999
Hutter M, Schwabe P. Nacl on 8-bit AVR microcontrollers. In: Proceedings of the 6th International Conference on Cryptology in Africa, Cairo, 2013. 156–172
Liu Z, Großschädl J, Wong D S. Low-weight primes for lightweight elliptic curve cryptography on 8-bit AVR processors. In: Proceedings of the 9th International Conference on Information Security and Cryptology, Guangzhou, 2014. 217–235
Bernstein D J, Lange T. SafeCurves: choosing safe curves for elliptic-curve cryptography. http://safecurves.cr.yp.to
Castryck W, Galbraith S, Farashahi R R. Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation. IACR Cryptol ePrint Arch 218. 2008
Montgomery P L. Speeding the Pollard and elliptic curve methods of factorization. Math Comput, 1987, 48: 243–264
Bernstein D J, Birkner P, Joye M, et al. Twisted Edwards curves. In: Proceedings of the 6th International Conference on Cryptology in Africa, Casablanca, 2008. 389–405
Hişil H, Wong K K H, Carter G, et al. Twisted Edwards curves revisited. In: Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, 2008. 326–343
Longa P, Miri A. Fast and flexible elliptic curve point arithmetic over prime fields. IEEE Trans Comput, 2008, 57: 289–302
Bernstein D J. Curve25519: new DiffieCHellman speed records. In: Proceedings of the 9th International Conference on Theory and Practice in Public-Key Cryptography, New York, 2006. 207–228
Yanik T, Savaş E, Koç C K. Incomplete reduction in modular arithmetic. IEE Proc-Comput Digit Tech, 2002, 149: 46–52
Hutter M, Schwabe P. Multiprecision multiplication on AVR revisited. J Cryptog Eng, 2015, 5: 201–214
Hankerson D R, Menezes A J, Vanstone S A. Guide to Elliptic Curve Cryptography. New York: Springer, 2004. 35–39
Knuth D E. The Art of Computer Programming, Vol 2: Seminumerical Algorithms. 3rd ed. Reading: Addison-Wesley, 1997. 461–484
Chu D, Großschädl J, Liu Z, et al. Twisted Edwards-form elliptic curve cryptography for 8-bit AVR-based sensor nodes. In: Proceedings of the 1st ACM Workshop on Asia Public-key Cryptography, Hangzhou, 2013. 39–44
Lederer C, Mader R, Koschuch M, et al. Energy-efficient implementation of ECDH key exchange for wireless sensor networks. In: Proceedings of the 3rd International Workshop on Information Security Theory and Practice, Brussels, 2009. 112–127
Crossbow Technology Inc. MICAz Wireless Measurement System, Data sheet, 2006
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liu, Z., Hu, Z. & Wu, W. Elliptic curve with Optimal mixed Montgomery-Edwards model for low-end devices. Sci. China Inf. Sci. 58, 1–8 (2015). https://doi.org/10.1007/s11432-015-5410-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-015-5410-y