Efficient Fixed-base exponentiation and scalar multiplication based on a multiplicative splitting exponent recoding

  • Jean-Marc Robert
  • Christophe Negre
  • Thomas Plantard
Regular Paper


Digital signature algorithm (DSA) (resp. ECDSA) involves modular exponentiation (resp. scalar multiplication) of a public and known base by a random one-time exponent. In order to speed up this operation, well-known methods take advantage of the memorization of base powers (resp. base multiples). Best approaches are the Fixed-base radix-R method and the Fixed-base Comb method. In this paper, we present a new approach for storage/online computation trade-off, by using a multiplicative splitting of the digits of the exponent radix-R representation. We adapt classical algorithms for modular exponentiation and scalar multiplication in order to take advantage of the proposed exponent recoding. An analysis of the complexity for practical size shows that our proposed approach involves a lower storage for a given level of online computation. This is confirmed by implementation results showing significant memory saving, up to 3 times for the largest NIST standardized key sizes, compared to the state-of-the-art approaches.


RNS Multiplicative splitting Digital signature Fixed-base Modular exponentiation Scalar multiplication Memory storage Efficient software implementation 

Supplementary material


  1. 1.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) Advances in Cryptology – ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2–6, 2007, Proceedings. Lecture Notes in Computer Science, vol. 4833, pp 29–50, Springer (2007). zbMATHGoogle Scholar
  2. 2.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for Key Management. In: Computer Security, vol. Part 1, Rev 3, NIST, pp 62–64 (2012).
  3. 3.
    Bosselaers, A., Govaerts, R., Vandewalle, J.: Comparison of three modular reduction functions. In: CRYPTO ’93, pp. 175–186 (1993)Google Scholar
  4. 4.
    Brown M., Hankerson D., López J., Menezes A.: Software implementation of the NIST elliptic curves over prime fields. In: Naccache D. (ed.) Topics in Cryptology—CT-RSA 2001. CT-RSA 2001. Lecture Notes in Computer Science, vol. 2020. Springer, Berlin, Heidelberg (2001). CrossRefGoogle Scholar
  5. 5.
    Christophe, D.: On the enumeration of double-base chains with applications to elliptic curve cryptography. In: Advances in Cryptology—ASIACRYPT 2014, vol. 8873 of LNCS, pp. 297–316. Springer (2014)Google Scholar
  6. 6.
    Explicit Formula Database (2014).
  7. 7.
    Gordon, D.M.: A survey of fast exponentiation methods. J. Algorithms 27(1), 129–146 (1998). MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Hankerson, D., Hernandez, J., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: CHES 2000, vol. 1965 of LNCS, pp. 1–24. Springer (2000)Google Scholar
  9. 9.
    Hedabou, M., Pinel, P., Bénéteau, L.: A comb method to render ECC resistant against Side Channel Attacks. IACR Cryptology ePrint Archive 2004, 342 (2004).
  10. 10.
    Joye, M., Tunstall, M.: Exponent recoding and regular exponentiation algorithms. In: Proceedings of Africacrypt 2009, LNCS, pp. 334–349. Springer (2009)Google Scholar
  11. 11.
    Kerry, C., Gallagher, P.: Digital signature standard (DSS) FIPS PUB, pp. 186–194. Gaithersburg, MD (2013). CrossRefGoogle Scholar
  12. 12.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y. (ed.) Advances in Cryptology–CRYPTO ’94, 14th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21–25, 1994, Proceedings. Lecture Notes in Computer Science,, vol. 839, pp. 95–107. Springer (1994).
  14. 14.
    Menezes, A., Hankerson, D., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004).
  15. 15.
    Miller V.S. (1986) Use of Elliptic Curves in Cryptography. In: Williams H.C. (eds.) Advances in Cryptology—CRYPTO ’85 Proceedings. CRYPTO 1985. Lecture Notes in Computer Science, vol 218. Springer, Berlin, Heidelberg.
  16. 16.
    Mohamed, N.A.F., Hashim, M.H.A., Hutter, M.: Improved Fixed-base comb method for fast scalar multiplication. In: Mitrokotsa, A., Vaudenay, S. (eds.) Progress in Cryptology–AFRICACRYPT 2012 - 5th International Conference on Cryptology in Africa, Ifrance, Morocco, July 10–12, 2012. Proceedings. Lecture Notes in Computer Science, vol. 7374, pp. 342–359. Springer (2012). zbMATHGoogle Scholar
  17. 17.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985). MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Negre, C., Plantard, T.: Efficient regular modular exponentiation using multiplicative half-size splitting. J. Cryptogr. Eng. 7, 245–253 (2017)CrossRefGoogle Scholar
  19. 19.
    Plantard, T., Robert, J.-M.: Enhanced digital signature using RNS digit exponent representation. In: Duquesne, S., Petkova-Nikova, S. (eds.) Arithmetic of Finite Fields – 6th International Workshop, WAIFI 2016, Ghent, Belgium, July 13–15, 2016, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10064, pp. 177–192 (2016). zbMATHGoogle Scholar
  20. 20.
    The GNU Multiple Precision Arithmetic Library (GMP).
  21. 21.
    Tsaur, W.-J., Chou, C.-H.: Efficient algorithms for speeding up the computations of elliptic curve cryptosystems. Appl. Math. Comput. 168(2), 1045–1064 (2005)MathSciNetzbMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.CCISR, SCITUniversity of WollongongWollongongAustralia
  2. 2.Team DALIUniversité de Perpignan Via DomitiaPerpignanFrance
  3. 3.LIRMM, UMR 5506Université de Montpellier and CNRSMontpellierFrance

Personalised recommendations