Skip to main content
SpringerLink
Log in

Montgomery curve arithmetic revisited

  • Research Article
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

A one-third century ago, as a means to speed up the elliptic curve method (ECM) for integer factoring, Montgomery suggested using a special elliptic curve form over prime fields and developed an addition chain to compute scalar multiplication on them, which nowadays are famous as Montgomery curves and Montgomery ladder. Kim et al. (http://eprint.iacr.org/2017/669. 2017) and Kim et al. (Adv Math Commun https://doi.org/10.3934/amc.2020090. 2020) found the Montgomery ladder very efficient on every short Weierstrass curve, leading to the most efficient regular scalar multiplication algorithms, which was further improved by Hamburg (https://ches.2017.rump.cr.yp.to/. 2020) and Hamburg (http://eprint.iacr.org/2020/437. 2020). However, the efficiency of the Montgomery ladder in general Montgomery curves remained not improved at all since firstly presented by Montgomery. This paper addresses the long-standing Elliptic Curve Cryptography (ECC) problem. The topic of this article is considered one of the topics that have attracted much attention from the cryptographic community following the launch of a multi-year project called “Post-Quantum Cryptography Standardization" by the National Institute of Standards and Technology (NIST) and also thanks partly to featuring one of the smallest keys of any algorithm known in the literature that is conjectured to be quantum resistant. To the best of our knowledge, this article provides, for the first time after Peter L. Montgomery’s, an improvement of arithmetic in general Montgomery curves, including point doubling and differential addition, which are the most fundamental operations in the context of ECC and supersingular isogeny-based primitives such as Supersingular Isogeny Diffie–Hellman (SIDH) or Supersingular Isogeny Key Encapsulation (SIKE), as well as ECM.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adj, G., Cervantes-Vázquez, D., Chi-Domínguez, J.J., Menezes, A., Rodríguez-Henríquez, F.: On the cost of computing isogenies between supersingular elliptic curves. In International Conference on Selected Areas in Cryptography. pp. 322–343. Cham: Springer International Publishing (2018)

  2. Bernstein, D. J., Lange, T.: Montgomery curves and the Montgomery ladder, in Topics in Computational Number Theory inspired by Peter L. Montgomery (eds. J. W. Bos and A. K. Lenstra), Cambridge University Press, (2017), 82–115

  3. Castryck, W., Galbraith, S., Farashahi, R. R.: Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation, Cryptology ePrint Archive, Report 2008/218, 2008. Available from: http://eprint.iacr.org/2008/218

  4. Costello, C.: B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion, in ASIACRYPT,: LNCS, vol. 12492. Springer, Berlin 2020, 440–463 (2020)

  5. Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies, in ASIACRYPT,: eds. T. Takagi and T. Peyrin. Springer 2017, 303–329 (2017)

  6. Costello, C., Longa, P., Naehrig, M.: efficient algorithms for supersingular isogeny Diffie-Hellman, in CRYPTO,: eds. M. Robshaw and J. Katz. Springer 2016, 572–601 (2016)

  7. Costello, C., Longa, P., Naehrig, M.: SIDH Library. https://www.microsoft.com/en-us/research/project/sidh-library/, 2016-2020

  8. Costello, C., Smith, B.: Montgomery curves and their arithmetic—the case of large characteristic fields. J. Cryptogr. Eng. 8(3), 227–240 (2018)

    Article  Google Scholar 

  9. Dartois, P., Leroux, A., Robert, D., Wesolowski, B.: SQISignHD: New Dimensions in Cryptography, Cryptology ePrint Archive, Report 2023/436, 2023. Available from: http://eprint.iacr.org/2023/436

  10. Faz-Hernández, A., López, J., Ochoa-Jiménez, E., Rodríguez-Henríquez, F.: A faster software implementation of the supersingular isogeny Diffie-Hellman key exhange protocol. IEEE Trans. Comput. 67(11), 1622–1636 (2018)

    Article  MathSciNet  Google Scholar 

  11. De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8, 209–247 (2014)

    Article  MathSciNet  Google Scholar 

  12. Gaudry, P., Lubicz, D.: The arithmetic of characteristic 2 Kummer surfaces and of elliptic kummer lines. Fields Appl. 15(2), 246–260 (2009)

    Article  MathSciNet  Google Scholar 

  13. Ghantous, W., Pintore, F., Veroni, M.: Efficiency of SIDH-based signatures (yes, SIDH), Cryptology ePrint Archive, Report 2023/433, 2023. Available from: http://eprint.iacr.org/2023/433

  14. Hamburg, M.: Speeding up elliptic curve scalar multiplication without either precomputation or adaptive coordinates, in Rump Session of CHES 2017, Available from: https://ches.2017.rump.cr.yp.to/

  15. Hamburg, M.: Faster Montgomery and double-add ladders for short Weierstrass curves, Cryptology ePrint Archive, Report 2020/437, 2020. Available from: http://eprint.iacr.org/2020/437

  16. Huang, Y., Jin, Y., Hu, Z., Zhang, F.: Optimizing the evaluation of \(l\)-isogenous curve for isogeny-based cryptography. Inf. Process. Lett. 178, 106301 (2022)

    Article  MathSciNet  Google Scholar 

  17. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies, in PQCrypto,: LNCS, vol. 7071. Springer, Berlin 2011, 19–34 (2011)

  18. Jao, D., Azarderakhsh, R., Campagna, M., Costello, C., De Feo, L., Hess, B., Hutchinson, A., Jalali, A., Karabina, K., Koziel, B., LaMacchia, B., Longa, P., Naehrig, M., Pereira, G., Renes, J., Soukharev, V., Urbanik, D.: Supersingular isogeny key encapsulation, NIST Post-Quantum Cryptography https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-3-Submissions (2018)

  19. Kim, K. H., Choe, J., Kim, S. Y., Kim, N., Hong, S.: Speeding up elliptic curve scalar multiplication without precomputation, Cryptology ePrint Archive, Report 2017/669, (2017). Available from http://eprint.iacr.org/2017/669

  20. Kim, K.H., Choe, J., Kim, S.Y., Kim, N., Hong, S.: Speeding up regular elliptic curve scalar multiplication without precomputation. Adv. Math. Commun. (2020). https://doi.org/10.3934/amc.2020090

    Article  MathSciNet  Google Scholar 

  21. Langley, A., Hamburg, M.: Elliptic curves for security, Internet Research Task Force (IRTF), Request for Comments : 7748, https://tools.ietf.org/html/rfc7748, (2016)

  22. Lenstra, H.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987)

    Article  MathSciNet  Google Scholar 

  23. Massolino, P. M. C., Longa, P., Renes, J., Batina, L.: A Compact and Scalable Hardware/Software Co-design of SIKE. Cryptology ePrint Archive, Report 2020/040, (2020). Available from: http://eprint.iacr.org/2020/040

  24. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comp. 48, 243–264 (1987)

    Article  MathSciNet  Google Scholar 

  25. Naehrig, M., Renes, J.: Dual isogenies and their application to public-key compression for isogeny-based cryptography, in ASIACRYPT 2019, Springer, 243–272 (2019)

  26. National Institute of Standards and Technology (NIST), Post-Quantum Cryptography Standardization-Round 1 Submissions. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions (2018)

  27. Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the \(y-\)coordinate on a Montgomery-form elliptic curve, in CHES: eds. Ç. K. Koç, D. Naccache, and C. Paar. Springer 2001, 126–141 (2001)

  28. Rao, S.R.S.: Three dimensional Montgomery ladder, differential point tripling on Montgomery curves and point quintupling on Weierstrass’ and Edwards curves, in AfricaCrypt,: eds. D. Pointcheval, A. Nitaj and T. Rachidi. Springer 2016, 84–106 (2016)

  29. Renes, J.: Computing isogenies between Montgomery curves using the action of \((0, 0)\), PQ Crypto,: eds. T. Lange and R. Steinwandt. Springer 2018, 229–247 (2018)

  30. Spiegel, M.R., Liu, J.: Mathematical Handbook of Formulas and Tables. Schaum’s Outline Series, 2nd edn. McGraw-Hill, New York (1999)

    Google Scholar 

  31. Zanon, G.H.M., Simplicio, M.A., Jr., Pereira, G.C.C.F., Doliskani, J., Barreto, P.S.L.M.: Agreement, Faster Isogeny-Based Compressed Key., in PQCrypto,: eds. T. Lange and R. Steinwandt. Springer 2018, 248–268 (2018)

Download references

Acknowledgements

The authors sincerely thank the Associated Editor and anonymous reviewers for their valuable comments that improved the quality of this article.

Author information

Authors and Affiliations

  1. Institute of Mathematics, State Academy of Sciences, Pyongyang, Democratic People’s Republic of Korea

    Kwang Ho Kim

  2. PGItech Corp., Pyongyang, Democratic People’s Republic of Korea

    Kwang Ho Kim & Kyong Il Pak

  3. Department of Mathematics, University of Paris VIII, 93526, Saint-Denis, France

    Sihem Mesnager

  4. University Sorbonne Paris Cité, LAGA, UMR 7539, CNRS, 93430 Villetaneuse and Telecom Paris, Polytechnic Institute of Paris, 91120, Palaiseau, France

    Sihem Mesnager

Authors
  1. Kwang Ho Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sihem Mesnager
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kyong Il Pak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sihem Mesnager.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, K.H., Mesnager, S. & Pak, K.I. Montgomery curve arithmetic revisited. J Cryptogr Eng (2024). https://doi.org/10.1007/s13389-024-00353-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s13389-024-00353-5

Keywords

Mathematics Subject Classification

Search

Navigation