Designs, Codes and Cryptography

, Volume 39, Issue 2, pp 189–206 | Cite as

Trading Inversions for Multiplications in Elliptic Curve Cryptography

  • Mathieu Ciet
  • Marc Joye
  • Kristin Lauter
  • Peter L. Montgomery


Recently, Eisenträger et al. proposed a very elegant method for speeding up scalar multiplication on elliptic curves. Their method relies on improved formulas for evaluating S=(2P + Q) from given points P and Q on an elliptic curve. Compared to the naive approach, the improved formulas save a field multiplication each time the operation is performed. This paper proposes a variant which is faster whenever a field inversion is more expensive than six field multiplications. We also give an improvement when tripling a point, and present a ternary/binary method to perform efficient scalar multiplication.


elliptic curves cryptography fast arithmetic radix-r decompositions affine coordinates 

AMS Classification

14H52 14H25 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    IEEE Std 1363-2000, IEEE Standard Specifications for Public-Key Cryptography, IEEE Computer Society, August 29, 2000.Google Scholar
  2. 2.
    Brown, M., Hankerson, D., López, J., Menezes, A. 2001Software implementation of the NIST elliptic curves over prime fieldsNaccache, D. eds. Topics in Cryptology – CT-RSA 2001Springer-VerlagBerlin250265vol. 2020 of Lecture Notes in Computer ScienceGoogle Scholar
  3. 3.
    Blake, I. F., Seroussi, G., Smart, N. P. 2000Elliptic Curves in CryptographyCambridge University PressCambridgeLondon Mathematical Society Lecture Note Series, 265Google Scholar
  4. 4.
    Cohen, H., Miyaji, A., Ono, T. 1998Efficient elliptic curve exponentiation using mixed coordinatesOhta, K.Pei, D. eds. Advances in Cryptology – ASIACRYPT ’98.SpringerBerlin5165Lecture Notes in Computer Science, 1514Google Scholar
  5. 5.
    Diffie, W., Hellman, M. E. 1976New directions in cryptographyIEEE Transactions on Information Theory22644654CrossRefMathSciNetGoogle Scholar
  6. 6.
    Eisenträger, K., Lauter, K., Montgomery, P. L. 2003Fast elliptic curve arithmetic and improved Weil pairing evaluationJoye, M. eds. Topics in Cryptology – CT-RSA 2003Springer-VerlagBerlin343354Lecture Notes in Computer Science, 2612Google Scholar
  7. 7.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A. 2001Faster point multiplication on elliptic curves with efficient endomorphismsKilian, J. eds. Advances in Cryptology – CRYPTO 2001Springer-VerlagBerlin190200Lecture Notes in Computer Science, 2139Google Scholar
  8. 8.
    ElGamal, T. 1985A public key cryptosystem and a signature scheme based on discrete logarithmsIEEE Transactions on Information Theory31469472zbMATHMathSciNetGoogle Scholar
  9. 9.
    Gordon, D. M. 1998A survey of fast exponentiation methodsJournal of Algorithms27129146CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Guajardo, J., Paar, C. 1997Efficient algorithms for elliptic curve cryptosystemsKaliski, B. S.,Jr. eds. Advances in Cryptology – CRYPTO ’97Springer-VerlagBerlin342356Lecture Notes in Computer Science, 1294Google Scholar
  11. 11.
    Kaliski, B. S.,Jr. 1995The Montgomery inverse and its applicationsIEEE Transactions on Computers4410641065CrossRefzbMATHGoogle Scholar
  12. 12.
    Koblitz, N. 1987Elliptic curve cryptosystemsMathematics of Computation48203209zbMATHMathSciNetGoogle Scholar
  13. 13.
    Ç. K. Koç and E. Savaş, Architectures for unified field inversion with applications in elliptic curve cryptography. In 9th IEEE International Conference on Electronics, Circuits and Systems (ICECS 2002), Dubrovnik, Croatia, 3 September 15–18 (2002) pp. 1155–1158.Google Scholar
  14. 14.
    Lim, C. H., Lee, P. J. 1994More flexible exponentiation with precomputationDesmedt, Y. G. eds. Advances in Cryptology – CRYPTO ’94Springer-VerlagBerlin95107Lecture Notes in Computer Science, 839Google Scholar
  15. 15.
    López, J., Dahab, R. 1999Improved Algorithms for Elliptic Curve Arithmetic in GF(2n), Selected Areas in Cryptography – SAC ’98Springer-VerlagBerlin201212Lecture Notes in Computer Science, 1556Google Scholar
  16. 16.
    Lórencz, R. 2003New algorithm for classical modular inverseKaliski, B.S.,Jr.Koç, Ç.K.Paar, C. eds. Cryptographic Hardware and Embedded Systems – CHES 2002Springer-VerlagBerlin5770Lecture Notes in Computer Science, 2523Google Scholar
  17. 17.
    Menezes, A. J., Oorschot, P. C., Vanstone, S. A. 1997Handbook of Applied CryptographyCRC PressBoca Raton, FLCRC Press Series on Discrete Mathematics and its ApplicationsGoogle Scholar
  18. 18.
    Miller, V. S. 1986Use of elliptic curves in cryptographyWilliams, H. C. eds. Advances in Cryptology – CRYPTO’ 85Springer-VerlagBerlin417426Lecture Notes in Computer Science, 218Google Scholar
  19. 19.
    B. Möller, private communication.Google Scholar
  20. 20.
    Montgomery, P. L. 1985Modular multiplication without trial divisionMathematics of Computation44519521zbMATHMathSciNetGoogle Scholar
  21. 21.
    Montgomery, P. L. 1987Speeding the Pollard and elliptic curve methods of factorizationMathematics of Computation48243264zbMATHMathSciNetGoogle Scholar
  22. 22.
    Sakai, Y., Sakurai, K. 2001Efficient scalar multiplications on elliptic curves with direct computations of several doublingsIEICE Transactions FundamentalsE84-A120129Google Scholar
  23. 23.
    Savaş, E., Koç, Ç. K. 2000The Montgomery modular inverse—revisitedIEEE Transactions on Computers49763766Google Scholar
  24. 24.
    J. A. Solinas, Low-weight binary representations for pairs of integers, Tech. Report CORR 2001/41, CACR, Waterloo (2001).Google Scholar
  25. 25.
    Straus, E. G. 1964Addition chains of vectors (problem 5125)American Mathematical Monthly70806808MathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media, Inc. 2006

Authors and Affiliations

  • Mathieu Ciet
    • 1
  • Marc Joye
    • 2
  • Kristin Lauter
    • 3
  • Peter L. Montgomery
    • 3
  1. 1.Gemplus S.A.Card Security GroupLa Ciotat CedexFrance
  2. 2.CIM-PACACentre de Micro-électronique de Provence – George CharpakGardanneFrance
  3. 3.Microsoft ResearchOne Microsoft WayRedmondUSA

Personalised recommendations