Designs, Codes and Cryptography

, Volume 52, Issue 2, pp 185–208 | Cite as

Unbalanced digit sets and the closest choice strategy for minimal weight integer representations

  • Clemens Heuberger
  • James A. Muir


An algorithm is presented that produces an optimal radix-2 representation of an input integer n using digits from the set \({D_{\ell,u}=\{a\in{\mathbb{Z}}:\ell \le a\le u\}}\), where ≤ 0 and u ≥ 1. The algorithm works by scanning the digits of the binary representation of n from left-to-right (i.e., from most-significant to least-significant); further, the algorithm is of the online variety in that it needs to scan only a bounded number of input digits before giving an output digit (i.e., the algorithm produces output before scanning the entire input). The output representation is optimal in the sense that, of all radix-2 representations of n with digits from D ,u , it has as few nonzero digits as possible (i.e., it has minimal weight). Such representations are useful in the efficient implementation of elliptic curve cryptography. The strategy the algorithm utilizes is to choose an integer of the form d 2 i , where \({d \in D_{\ell,u}}\) , that is closest to n with respect to a particular distance function. It is possible to choose values of and u so that the set D ,u is unbalanced in the sense that it contains more negative digits than positive digits, or more positive digits than negative digits. Our distance function takes the possible unbalanced nature of D ,u into account.


Elliptic curve cryptography Digital expansion Online algorithm Efficient implementation 

Mathematics Subject Classifications (2000)

11A63 94A60 68W40 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avanzi R.: A Note on the signed sliding window integer recoding and its left-to-right analogue. In: Selected Areas in Cryptography 2004. Lecture Notes in Computer Science, vol. 3357, pp. 130–143 (2005).Google Scholar
  2. 2.
    Booth A.D.: A signed binary multiplication technique. Quart. J. Mech. Appl. Math. 4, 236–240 (1951)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Ganesan P., Singh Manku G.: Optimal routing in chord. In: Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 176–185 (2004).Google Scholar
  4. 4.
    Grabner P.J., Heuberger C., Prodinger H., Thuswaldner J.: Analysis of linear combination algorithms in cryptography. ACM Trans. Algorithm 1, 123–142 (2005)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Hankerson D., Menezes A., Vanstone S.: Guide to Elliptic Curve Cryptography. Springer-Verlag, New York (2003)Google Scholar
  6. 6.
    Heuberger C., Katti R., Prodinger H., Ruan X.: The alternating greedy expansion and applications to left-to-right algorithms in cryptography. Theoret. Comput. Sci. 341, 55–72 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Heuberger C., Muir J.: Minimal weight and colexicographically minimal integer representations. J. Math. Cryptol. 1, 297–328 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Joye M., Yen S.: Optimal left-to-right binary signed-digit recoding. IEEE Trans. Comput. 49, 740–748 (2000)CrossRefGoogle Scholar
  9. 9.
    Khabbazian M., Gulliver T., Bhargava V.: A new minimal average weight representation for left-to-right point multiplication methods. IEEE Trans. Comput. 54, 1454–1459 (2005)CrossRefGoogle Scholar
  10. 10.
    Knuth D.E.: The art of computer programming. In: Seminumerical Algorithms, vol. 2, 3rd edn. Addison-Wesley (1997).Google Scholar
  11. 11.
    Möller B.: Fractional windows revisited: improved signed-digit representations for efficient exponentiation. In: Information Security and Cryptology—ICISC 2004. Lecture Notes in Computer Science, vol. 3506, pp. 137–153 (2004).Google Scholar
  12. 12.
    Morain F., Olivos J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. RAIRO Inform. Théor. Appl. 24, 531–543 (1990)zbMATHMathSciNetGoogle Scholar
  13. 13.
    Muir J.: A simple left-to-right algorithm for minimal weight signed radix-r representations. IEEE Trans. Inform. Theory 53, 1234–1241 (2007)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Muir J., Stinson D.: New minimal weight representations for left-to-right window methods. In: Cryptographers Track of the RSA Conference—CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376, pp. 366–383 (2005).Google Scholar
  15. 15.
    Müller V.: Fast multiplication on elliptic curves over small fields of characteristic two. J. Cryptol. 11, 219–234 (1998)zbMATHCrossRefGoogle Scholar
  16. 16.
    Okeya K., Schmidt-Samoa K., Spahn C., Takagi T.: Signed binary representations revisited. In: Advances in Cryptology—CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 123–139 (2004).Google Scholar
  17. 17.
    Phillips B., Burgess N.: Minimal weight digit set conversions. IEEE Trans. Comput. 53, 666–677 (2004)CrossRefGoogle Scholar
  18. 18.
    Reitwiesner G.: Binary arithmetic. In: Advances in Computers, vol. 1, pp. 231–308. Academic Press (1960).Google Scholar
  19. 19.
    Shallit J.: A primer on balanced binary representations. Unpublished manuscript, 1993.
  20. 20.
    Solinas J.: Efficient arithmetic on Koblitz curves. Des. Codes Cryptogr. 19, 195–249 (2000)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.Institut für Mathematik BTechnische Universität GrazGrazAustria
  2. 2.Cloakware CorporationOttawaCanada

Personalised recommendations