Designs, Codes and Cryptography

, Volume 39, Issue 2, pp 189–206

Trading Inversions for Multiplications in Elliptic Curve Cryptography

  • Mathieu Ciet
  • Marc Joye
  • Kristin Lauter
  • Peter L. Montgomery
Article

Abstract

Recently, Eisenträger et al. proposed a very elegant method for speeding up scalar multiplication on elliptic curves. Their method relies on improved formulas for evaluating S=(2P + Q) from given points P and Q on an elliptic curve. Compared to the naive approach, the improved formulas save a field multiplication each time the operation is performed. This paper proposes a variant which is faster whenever a field inversion is more expensive than six field multiplications. We also give an improvement when tripling a point, and present a ternary/binary method to perform efficient scalar multiplication.

Keywords

elliptic curves cryptography fast arithmetic radix-r decompositions affine coordinates 

AMS Classification

14H52 14H25 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    IEEE Std 1363-2000, IEEE Standard Specifications for Public-Key Cryptography, IEEE Computer Society, August 29, 2000.Google Scholar
  2. 2.
    Brown, M., Hankerson, D., López, J., Menezes, A. 2001

    Software implementation of the NIST elliptic curves over prime fields

    Naccache, D. eds. Topics in Cryptology – CT-RSA 2001Springer-VerlagBerlin250265vol. 2020 of Lecture Notes in Computer Science
    Google Scholar
  3. 3.
    Blake, I. F., Seroussi, G., Smart, N. P. 2000Elliptic Curves in CryptographyCambridge University PressCambridgeLondon Mathematical Society Lecture Note Series, 265Google Scholar
  4. 4.
    Cohen, H., Miyaji, A., Ono, T. 1998

    Efficient elliptic curve exponentiation using mixed coordinates

    Ohta, K.Pei, D. eds. Advances in Cryptology – ASIACRYPT ’98.SpringerBerlin5165Lecture Notes in Computer Science, 1514
    Google Scholar
  5. 5.
    Diffie, W., Hellman, M. E. 1976New directions in cryptographyIEEE Transactions on Information Theory22644654CrossRefMathSciNetGoogle Scholar
  6. 6.
    Eisenträger, K., Lauter, K., Montgomery, P. L. 2003

    Fast elliptic curve arithmetic and improved Weil pairing evaluation

    Joye, M. eds. Topics in Cryptology – CT-RSA 2003Springer-VerlagBerlin343354Lecture Notes in Computer Science, 2612
    Google Scholar
  7. 7.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A. 2001

    Faster point multiplication on elliptic curves with efficient endomorphisms

    Kilian, J. eds. Advances in Cryptology – CRYPTO 2001Springer-VerlagBerlin190200Lecture Notes in Computer Science, 2139
    Google Scholar
  8. 8.
    ElGamal, T. 1985A public key cryptosystem and a signature scheme based on discrete logarithmsIEEE Transactions on Information Theory31469472MATHMathSciNetGoogle Scholar
  9. 9.
    Gordon, D. M. 1998A survey of fast exponentiation methodsJournal of Algorithms27129146CrossRefMATHMathSciNetGoogle Scholar
  10. 10.
    Guajardo, J., Paar, C. 1997

    Efficient algorithms for elliptic curve cryptosystems

    Kaliski, B. S.,Jr. eds. Advances in Cryptology – CRYPTO ’97Springer-VerlagBerlin342356Lecture Notes in Computer Science, 1294
    Google Scholar
  11. 11.
    Kaliski, B. S.,Jr. 1995The Montgomery inverse and its applicationsIEEE Transactions on Computers4410641065CrossRefMATHGoogle Scholar
  12. 12.
    Koblitz, N. 1987Elliptic curve cryptosystemsMathematics of Computation48203209MATHMathSciNetGoogle Scholar
  13. 13.
    Ç. K. Koç and E. Savaş, Architectures for unified field inversion with applications in elliptic curve cryptography. In 9th IEEE International Conference on Electronics, Circuits and Systems (ICECS 2002), Dubrovnik, Croatia, 3 September 15–18 (2002) pp. 1155–1158.Google Scholar
  14. 14.
    Lim, C. H., Lee, P. J. 1994

    More flexible exponentiation with precomputation

    Desmedt, Y. G. eds. Advances in Cryptology – CRYPTO ’94Springer-VerlagBerlin95107Lecture Notes in Computer Science, 839
    Google Scholar
  15. 15.
    López, J., Dahab, R. 1999Improved Algorithms for Elliptic Curve Arithmetic in GF(2n), Selected Areas in Cryptography – SAC ’98Springer-VerlagBerlin201212Lecture Notes in Computer Science, 1556Google Scholar
  16. 16.
    Lórencz, R. 2003

    New algorithm for classical modular inverse

    Kaliski, B.S.,Jr.Koç, Ç.K.Paar, C. eds. Cryptographic Hardware and Embedded Systems – CHES 2002Springer-VerlagBerlin5770Lecture Notes in Computer Science, 2523
    Google Scholar
  17. 17.
    Menezes, A. J., Oorschot, P. C., Vanstone, S. A. 1997Handbook of Applied CryptographyCRC PressBoca Raton, FLCRC Press Series on Discrete Mathematics and its ApplicationsGoogle Scholar
  18. 18.
    Miller, V. S. 1986

    Use of elliptic curves in cryptography

    Williams, H. C. eds. Advances in Cryptology – CRYPTO’ 85Springer-VerlagBerlin417426Lecture Notes in Computer Science, 218
    Google Scholar
  19. 19.
    B. Möller, private communication.Google Scholar
  20. 20.
    Montgomery, P. L. 1985Modular multiplication without trial divisionMathematics of Computation44519521MATHMathSciNetGoogle Scholar
  21. 21.
    Montgomery, P. L. 1987Speeding the Pollard and elliptic curve methods of factorizationMathematics of Computation48243264MATHMathSciNetGoogle Scholar
  22. 22.
    Sakai, Y., Sakurai, K. 2001Efficient scalar multiplications on elliptic curves with direct computations of several doublingsIEICE Transactions FundamentalsE84-A120129Google Scholar
  23. 23.
    Savaş, E., Koç, Ç. K. 2000The Montgomery modular inverse—revisitedIEEE Transactions on Computers49763766Google Scholar
  24. 24.
    J. A. Solinas, Low-weight binary representations for pairs of integers, Tech. Report CORR 2001/41, CACR, Waterloo (2001).Google Scholar
  25. 25.
    Straus, E. G. 1964Addition chains of vectors (problem 5125)American Mathematical Monthly70806808MathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media, Inc. 2006

Authors and Affiliations

  • Mathieu Ciet
    • 1
  • Marc Joye
    • 2
  • Kristin Lauter
    • 3
  • Peter L. Montgomery
    • 3
  1. 1.Gemplus S.A.Card Security GroupLa Ciotat CedexFrance
  2. 2.CIM-PACACentre de Micro-électronique de Provence – George CharpakGardanneFrance
  3. 3.Microsoft ResearchOne Microsoft WayRedmondUSA

Personalised recommendations