Abstract
A one-third century ago, as a means to speed up the elliptic curve method (ECM) for integer factoring, Montgomery suggested using a special elliptic curve form over prime fields and developed an addition chain to compute scalar multiplication on them, which nowadays are famous as Montgomery curves and Montgomery ladder. Kim et al. (http://eprint.iacr.org/2017/669. 2017) and Kim et al. (Adv Math Commun https://doi.org/10.3934/amc.2020090. 2020) found the Montgomery ladder very efficient on every short Weierstrass curve, leading to the most efficient regular scalar multiplication algorithms, which was further improved by Hamburg (https://ches.2017.rump.cr.yp.to/. 2020) and Hamburg (http://eprint.iacr.org/2020/437. 2020). However, the efficiency of the Montgomery ladder in general Montgomery curves remained not improved at all since firstly presented by Montgomery. This paper addresses the long-standing Elliptic Curve Cryptography (ECC) problem. The topic of this article is considered one of the topics that have attracted much attention from the cryptographic community following the launch of a multi-year project called “Post-Quantum Cryptography Standardization" by the National Institute of Standards and Technology (NIST) and also thanks partly to featuring one of the smallest keys of any algorithm known in the literature that is conjectured to be quantum resistant. To the best of our knowledge, this article provides, for the first time after Peter L. Montgomery’s, an improvement of arithmetic in general Montgomery curves, including point doubling and differential addition, which are the most fundamental operations in the context of ECC and supersingular isogeny-based primitives such as Supersingular Isogeny Diffie–Hellman (SIDH) or Supersingular Isogeny Key Encapsulation (SIKE), as well as ECM.
Similar content being viewed by others
References
Adj, G., Cervantes-Vázquez, D., Chi-Domínguez, J.J., Menezes, A., Rodríguez-Henríquez, F.: On the cost of computing isogenies between supersingular elliptic curves. In International Conference on Selected Areas in Cryptography. pp. 322–343. Cham: Springer International Publishing (2018)
Bernstein, D. J., Lange, T.: Montgomery curves and the Montgomery ladder, in Topics in Computational Number Theory inspired by Peter L. Montgomery (eds. J. W. Bos and A. K. Lenstra), Cambridge University Press, (2017), 82–115
Castryck, W., Galbraith, S., Farashahi, R. R.: Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation, Cryptology ePrint Archive, Report 2008/218, 2008. Available from: http://eprint.iacr.org/2008/218
Costello, C.: B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion, in ASIACRYPT,: LNCS, vol. 12492. Springer, Berlin 2020, 440–463 (2020)
Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies, in ASIACRYPT,: eds. T. Takagi and T. Peyrin. Springer 2017, 303–329 (2017)
Costello, C., Longa, P., Naehrig, M.: efficient algorithms for supersingular isogeny Diffie-Hellman, in CRYPTO,: eds. M. Robshaw and J. Katz. Springer 2016, 572–601 (2016)
Costello, C., Longa, P., Naehrig, M.: SIDH Library. https://www.microsoft.com/en-us/research/project/sidh-library/, 2016-2020
Costello, C., Smith, B.: Montgomery curves and their arithmetic—the case of large characteristic fields. J. Cryptogr. Eng. 8(3), 227–240 (2018)
Dartois, P., Leroux, A., Robert, D., Wesolowski, B.: SQISignHD: New Dimensions in Cryptography, Cryptology ePrint Archive, Report 2023/436, 2023. Available from: http://eprint.iacr.org/2023/436
Faz-Hernández, A., López, J., Ochoa-Jiménez, E., Rodríguez-Henríquez, F.: A faster software implementation of the supersingular isogeny Diffie-Hellman key exhange protocol. IEEE Trans. Comput. 67(11), 1622–1636 (2018)
De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8, 209–247 (2014)
Gaudry, P., Lubicz, D.: The arithmetic of characteristic 2 Kummer surfaces and of elliptic kummer lines. Fields Appl. 15(2), 246–260 (2009)
Ghantous, W., Pintore, F., Veroni, M.: Efficiency of SIDH-based signatures (yes, SIDH), Cryptology ePrint Archive, Report 2023/433, 2023. Available from: http://eprint.iacr.org/2023/433
Hamburg, M.: Speeding up elliptic curve scalar multiplication without either precomputation or adaptive coordinates, in Rump Session of CHES 2017, Available from: https://ches.2017.rump.cr.yp.to/
Hamburg, M.: Faster Montgomery and double-add ladders for short Weierstrass curves, Cryptology ePrint Archive, Report 2020/437, 2020. Available from: http://eprint.iacr.org/2020/437
Huang, Y., Jin, Y., Hu, Z., Zhang, F.: Optimizing the evaluation of \(l\)-isogenous curve for isogeny-based cryptography. Inf. Process. Lett. 178, 106301 (2022)
Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies, in PQCrypto,: LNCS, vol. 7071. Springer, Berlin 2011, 19–34 (2011)
Jao, D., Azarderakhsh, R., Campagna, M., Costello, C., De Feo, L., Hess, B., Hutchinson, A., Jalali, A., Karabina, K., Koziel, B., LaMacchia, B., Longa, P., Naehrig, M., Pereira, G., Renes, J., Soukharev, V., Urbanik, D.: Supersingular isogeny key encapsulation, NIST Post-Quantum Cryptography https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-3-Submissions (2018)
Kim, K. H., Choe, J., Kim, S. Y., Kim, N., Hong, S.: Speeding up elliptic curve scalar multiplication without precomputation, Cryptology ePrint Archive, Report 2017/669, (2017). Available from http://eprint.iacr.org/2017/669
Kim, K.H., Choe, J., Kim, S.Y., Kim, N., Hong, S.: Speeding up regular elliptic curve scalar multiplication without precomputation. Adv. Math. Commun. (2020). https://doi.org/10.3934/amc.2020090
Langley, A., Hamburg, M.: Elliptic curves for security, Internet Research Task Force (IRTF), Request for Comments : 7748, https://tools.ietf.org/html/rfc7748, (2016)
Lenstra, H.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987)
Massolino, P. M. C., Longa, P., Renes, J., Batina, L.: A Compact and Scalable Hardware/Software Co-design of SIKE. Cryptology ePrint Archive, Report 2020/040, (2020). Available from: http://eprint.iacr.org/2020/040
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comp. 48, 243–264 (1987)
Naehrig, M., Renes, J.: Dual isogenies and their application to public-key compression for isogeny-based cryptography, in ASIACRYPT 2019, Springer, 243–272 (2019)
National Institute of Standards and Technology (NIST), Post-Quantum Cryptography Standardization-Round 1 Submissions. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions (2018)
Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the \(y-\)coordinate on a Montgomery-form elliptic curve, in CHES: eds. Ç. K. Koç, D. Naccache, and C. Paar. Springer 2001, 126–141 (2001)
Rao, S.R.S.: Three dimensional Montgomery ladder, differential point tripling on Montgomery curves and point quintupling on Weierstrass’ and Edwards curves, in AfricaCrypt,: eds. D. Pointcheval, A. Nitaj and T. Rachidi. Springer 2016, 84–106 (2016)
Renes, J.: Computing isogenies between Montgomery curves using the action of \((0, 0)\), PQ Crypto,: eds. T. Lange and R. Steinwandt. Springer 2018, 229–247 (2018)
Spiegel, M.R., Liu, J.: Mathematical Handbook of Formulas and Tables. Schaum’s Outline Series, 2nd edn. McGraw-Hill, New York (1999)
Zanon, G.H.M., Simplicio, M.A., Jr., Pereira, G.C.C.F., Doliskani, J., Barreto, P.S.L.M.: Agreement, Faster Isogeny-Based Compressed Key., in PQCrypto,: eds. T. Lange and R. Steinwandt. Springer 2018, 248–268 (2018)
Acknowledgements
The authors sincerely thank the Associated Editor and anonymous reviewers for their valuable comments that improved the quality of this article.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kim, K.H., Mesnager, S. & Pak, K.I. Montgomery curve arithmetic revisited. J Cryptogr Eng (2024). https://doi.org/10.1007/s13389-024-00353-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13389-024-00353-5
Keywords
- Elliptic curve
- Montgomery curve
- Arithmetic algorithm
- Elliptic curve cryptography (ECC)
- Supersingular isogeny
- Supersingular isogeny Diffie–Hellman (SIDH)
- Supersingular isogeny key encapsulation (SIKE)