Designs, Codes and Cryptography

, Volume 52, Issue 2, pp 185–208

# Unbalanced digit sets and the closest choice strategy for minimal weight integer representations

• Clemens Heuberger
• James A. Muir
Article

## Abstract

An algorithm is presented that produces an optimal radix-2 representation of an input integer n using digits from the set $${D_{\ell,u}=\{a\in{\mathbb{Z}}:\ell \le a\le u\}}$$, where ≤ 0 and u ≥ 1. The algorithm works by scanning the digits of the binary representation of n from left-to-right (i.e., from most-significant to least-significant); further, the algorithm is of the online variety in that it needs to scan only a bounded number of input digits before giving an output digit (i.e., the algorithm produces output before scanning the entire input). The output representation is optimal in the sense that, of all radix-2 representations of n with digits from D ,u , it has as few nonzero digits as possible (i.e., it has minimal weight). Such representations are useful in the efficient implementation of elliptic curve cryptography. The strategy the algorithm utilizes is to choose an integer of the form d 2 i , where $${d \in D_{\ell,u}}$$ , that is closest to n with respect to a particular distance function. It is possible to choose values of and u so that the set D ,u is unbalanced in the sense that it contains more negative digits than positive digits, or more positive digits than negative digits. Our distance function takes the possible unbalanced nature of D ,u into account.

## Keywords

Elliptic curve cryptography Digital expansion Online algorithm Efficient implementation

## Mathematics Subject Classifications (2000)

11A63 94A60 68W40

## References

1. 1.
Avanzi R.: A Note on the signed sliding window integer recoding and its left-to-right analogue. In: Selected Areas in Cryptography 2004. Lecture Notes in Computer Science, vol. 3357, pp. 130–143 (2005).Google Scholar
2. 2.
Booth A.D.: A signed binary multiplication technique. Quart. J. Mech. Appl. Math. 4, 236–240 (1951)
3. 3.
Ganesan P., Singh Manku G.: Optimal routing in chord. In: Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 176–185 (2004).Google Scholar
4. 4.
Grabner P.J., Heuberger C., Prodinger H., Thuswaldner J.: Analysis of linear combination algorithms in cryptography. ACM Trans. Algorithm 1, 123–142 (2005)
5. 5.
Hankerson D., Menezes A., Vanstone S.: Guide to Elliptic Curve Cryptography. Springer-Verlag, New York (2003)Google Scholar
6. 6.
Heuberger C., Katti R., Prodinger H., Ruan X.: The alternating greedy expansion and applications to left-to-right algorithms in cryptography. Theoret. Comput. Sci. 341, 55–72 (2005)
7. 7.
Heuberger C., Muir J.: Minimal weight and colexicographically minimal integer representations. J. Math. Cryptol. 1, 297–328 (2007)
8. 8.
Joye M., Yen S.: Optimal left-to-right binary signed-digit recoding. IEEE Trans. Comput. 49, 740–748 (2000)
9. 9.
Khabbazian M., Gulliver T., Bhargava V.: A new minimal average weight representation for left-to-right point multiplication methods. IEEE Trans. Comput. 54, 1454–1459 (2005)
10. 10.
Knuth D.E.: The art of computer programming. In: Seminumerical Algorithms, vol. 2, 3rd edn. Addison-Wesley (1997).Google Scholar
11. 11.
Möller B.: Fractional windows revisited: improved signed-digit representations for efficient exponentiation. In: Information Security and Cryptology—ICISC 2004. Lecture Notes in Computer Science, vol. 3506, pp. 137–153 (2004).Google Scholar
12. 12.
Morain F., Olivos J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. RAIRO Inform. Théor. Appl. 24, 531–543 (1990)
13. 13.
Muir J.: A simple left-to-right algorithm for minimal weight signed radix-r representations. IEEE Trans. Inform. Theory 53, 1234–1241 (2007)
14. 14.
Muir J., Stinson D.: New minimal weight representations for left-to-right window methods. In: Cryptographers Track of the RSA Conference—CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376, pp. 366–383 (2005).Google Scholar
15. 15.
Müller V.: Fast multiplication on elliptic curves over small fields of characteristic two. J. Cryptol. 11, 219–234 (1998)
16. 16.
Okeya K., Schmidt-Samoa K., Spahn C., Takagi T.: Signed binary representations revisited. In: Advances in Cryptology—CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 123–139 (2004).Google Scholar
17. 17.
Phillips B., Burgess N.: Minimal weight digit set conversions. IEEE Trans. Comput. 53, 666–677 (2004)
18. 18.
19. 19.
Shallit J.: A primer on balanced binary representations. Unpublished manuscript, 1993. http://www.cs.uwaterloo.ca/~shallit/Papers/bbr.pdf.
20. 20.
Solinas J.: Efficient arithmetic on Koblitz curves. Des. Codes Cryptogr. 19, 195–249 (2000)