Skip to main content
SpringerLink
Log in

Efficient Implementation of Pedersen Commitments Using Twisted Edwards Curves

  • Conference paper
  • First Online:
Mobile, Secure, and Programmable Networking (MSPN 2017)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10566))

Abstract

Cryptographic commitment schemes are used in many contexts, whereby the size of the secret data and the security requirements depend on the target application. Using a software library that has been designed for other purposes (e.g., key-exchange or digital signatures) to compute commitments can be complicated or inefficient. We present in this paper a flexible implementation of Pedersen commitments based on elliptic curves in twisted Edwards form. The implementation supports a set of five curves of varying cryptographic strength, which are defined over 127, 159, 191, 223, and 255-bit pseudo-Mersenne prime fields. One can dynamically (i.e., at runtime) choose one of the curves according to the required level of security, and it is also possible to adapt to the size of the data to be committed by varying the number of base points. The point arithmetic is performed with optimized formulas using extended coordinates and dynamically pre-computed tables are utilized to speed up the scalar multiplication. Our implementation is written in ANSI C (with optional x86 assembler optimizations for the field arithmetic) and was compiled and tested successfully with Visual C on Windows, gcc on Linux, and clang on macOS. We present detailed benchmarking results for the field and point arithmetic on all five curves. When using an Intel Core i7 processor clocked at 2.7 GHz as test platform, we can compute more than 38,000 commitments per second on a twisted Edwards curve over a 127-bit field.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Atkin, A.O.: Probabilistic primality testing (summary by F. Morain). In: INRIA Research Report 1779, pp. 159–163 (1992.) http://algo.inria.fr/seminars/sem91-92/atkin.pdf

  2. Bernstein, D.J.: Curve25519: new diffie-hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). doi:10.1007/11745853_14

    Chapter  Google Scholar 

  3. Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68164-9_26

    Chapter  Google Scholar 

  4. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 1–13 (2012)

    Google Scholar 

  5. Brands, S.: Rapid demonstration of linear relations connected by boolean operators. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 318–333. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_22

    Google Scholar 

  6. Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993). doi:10.1007/3-540-47555-9_18

    Google Scholar 

  7. Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  8. Chu, D., Großschädl, J., Liu, Z., Müller, V., Zhang, Y.: Twisted Edwards-form elliptic curve cryptography for 8-bit AVR-based sensor nodes. In: Xu, S., Zhao, Y. (eds.) Proceedings of the 1st ACM Workshop on Asia Public-Key Cryptography (AsiaPKC 2013), pp. 39–44. ACM Press (2013)

    Google Scholar 

  9. Damgård, I.: Commitment schemes and zero-knowledge protocols. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, pp. 63–86. Springer, Heidelberg (1999). doi:10.1007/3-540-48969-X_3

    Chapter  Google Scholar 

  10. Demirel, D., Lancrenon, J.: How to securely prolong the computational bindingness of pedersen commitments. IACR Cryptology ePrint Archive 2015:584 (2015)

    Google Scholar 

  11. Edwards, H.M.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44(3), 393–422 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  12. Franck, C., Sorger, U.K.: Untraceable voip communication based on dc-nets. CoRR, abs/1610.06549 (2016)

    Google Scholar 

  13. Franck, C., van de Graaf, J.: Dining cryptographers are practical (preliminary version). CoRR, abs/1402.2269 (2014)

    Google Scholar 

  14. Ghatpande, S., Großschädl, J., Liu, Z.: A family of lightweight twisted Edwards curves for the Internet of things. Preprint, submitted for publication (2017)

    Google Scholar 

  15. Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, New York (2004)

    MATH  Google Scholar 

  16. Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted edwards curves revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89255-7_20

    Chapter  Google Scholar 

  17. Intel Corporation: How to Benchmark Code Execution Times on Intel® IA-32 and IA-64 Instruction Set Architectures (2010). White paper http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdf

  18. Intel Corporation: Intel® Quark™ SoC X1000 (2015). Product specification http://ark.intel.com/products/79084/Intel-Quark-SoC-X1000-16K-Cache-400-MHz

  19. Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994). doi:10.1007/3-540-48658-5_11

    Google Scholar 

  20. Liu, Z., Großschädl, J., Li, L., Xu, Q.: Energy-efficient elliptic curve cryptography for msp430-based wireless sensor nodes. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 94–112. Springer, Cham (2016). doi:10.1007/978-3-319-40253-6_6

    Chapter  Google Scholar 

  21. National Institute of Standards and Technology (NIST): Digital Signature Standard (DSS), July 2013. FIPS Publication 186–4, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  22. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_9

    Google Scholar 

  23. Pippenger, N.: On the evaluation of powers and related problems. In: Proceedings of the 17th Annual Symposium on Foundations of Computer Science, pp. 258–263. IEEE Computer Society (1976)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Communications Research Unit, University of Luxembourg, 6, Avenue de la Fonte, L–4364, Esch-sur-Alzette, Luxembourg

    Christian Franck & Johann Großschädl

Authors
  1. Christian Franck
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johann Großschädl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Franck .

Editor information

Editors and Affiliations

  1. Conservatoire National des Arts et Métiers, Paris, France

    Samia Bouzefrane

  2. Birla Institute of Technology, Mesra, India

    Soumya Banerjee

  3. Conservatoire National des Arts et Métiers, Paris, France

    Françoise Sailhan

  4. Conservatoire National des Arts et Métiers, Paris, France

    Selma Boumerdassi

  5. Institut Mines-Télécom, Evry, France

    Eric Renault

Algorithms for Point Arithmetic

Algorithms for Point Arithmetic

figure a
figure b

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Franck, C., Großschädl, J. (2017). Efficient Implementation of Pedersen Commitments Using Twisted Edwards Curves. In: Bouzefrane, S., Banerjee, S., Sailhan, F., Boumerdassi, S., Renault, E. (eds) Mobile, Secure, and Programmable Networking. MSPN 2017. Lecture Notes in Computer Science(), vol 10566. Springer, Cham. https://doi.org/10.1007/978-3-319-67807-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67807-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67806-1

  • Online ISBN: 978-3-319-67807-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation