Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography

  • Marc Joye
  • Christophe Tymen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1992)


Techniques for fast exponentiation (multiplication) in various groups have been extensivelystudied for use in cryptographic primitives. Specifically, the coding of the exponent (multiplier) plays an important role in the performances of the algorithms used. The crucial optimization relies in general on minimizing the Hamming weight of the exponent (multiplier). This can be performed optimallywith nonadjacent representations. This paper introduces a compact encoding of non-adjacent representations that allows to skip the exponent recoding step. Furthermore, a straightforward technique for picking random numbers that alreadysatisfythe non-adjacence propertyis proposed. Several examples of application are given, in particular in the context of scalar multiplication on elliptic curves.

Keywords Public-keycry ptography non-adjacent forms elliptic curves, smart-cards. 


  1. 1.
    W. Diffe and M. E. Hellman, “New directions in cryptography,” IEEE Trans. on Information Theory, vol. 22, pp. 644–654, 1976.CrossRefGoogle Scholar
  2. 2.
    T. El Gamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. on Information Theory, vol. 31, pp. 469–472, 1985.CrossRefMathSciNetzbMATHGoogle Scholar
  3. 3.
    D. M. Gordon, “A surveyof fast exponentiation methods,” J. Algorithms, vol. 27, pp. 129–146, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4. IEEE Std P1363-2000, IEEE Standard Specifications for Public-Key Cryptography, IEEE Computer Society, August 20, 2000.Google Scholar
  5. 5.
    M. Joye and S.-M. Yen, “Optimal left-to-right binary signed-digit recoding,” IEEE Trans. Computers, vol. 49, pp. 740–748, 2000.CrossRefGoogle Scholar
  6. 6.
    N. Koblitz, “CM-curves with good cryptographic properties,” Advances in Cryptology-CRYPTO’91, LNCS 576, pp. 279–287, Springer-Verlag, 1992.Google Scholar
  7. 7.
    W. Meier and O. Staffelbach, “Efficient multiplication on certain non-supersingular elliptic curves,” Advances in Cryptology-CRYPTO’92, LNCS 740, pp. 333–344, Springer-Verlag, 1993.Google Scholar
  8. 8.
    F. Morain and J. Olivos, “Speeding up the computations on an elliptic curve using addition-subtraction chains,” Theoretical Informatics and Applications, vol. 24, pp. 531–543, 1990.zbMATHMathSciNetGoogle Scholar
  9. 9.
    P. Nguyen and J. Stern, “The hardness of the hidden subset sum problem and its cryptographic implications,” Advances in Cryptology-CRYPTO’99, LNCS 1666, pp. 31–46, Springer-Verlag, 1999.Google Scholar
  10. 10.
    A. Pinkus and S. Zafrany, Fourier Series and Integral Transforms, Cambridge UniversityPress, 1997.Google Scholar
  11. 11.
    G. W. Reitwiesner, “Binaryarithmetic,” Advances in Computers, vol. 1, pp. 231–308, 1960.MathSciNetGoogle Scholar
  12. 12.
    J. H. Silverman, The Arithmetic of Elliptic Curves, GTM 106, Springer-Verlag, 1986.Google Scholar
  13. 13.
    J. A. Solinas, “An improved algorithm for arithmetic on a familyof elliptic curves,” Advances in Cryptology-CRYPTO’97, LNCS 1294, pp. 357–371, Springer-Verlag, 1997.CrossRefGoogle Scholar
  14. 14.
    J. H. van Lint, Introduction to Coding Theory, GTM 86, Springer-Verlag, 3rd edition, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Marc Joye
    • 1
  • Christophe Tymen
    • 2
  1. 1.Gemplus Card InternationalGémenosFrance
  2. 2.Gemplus Card InternationalIssy-les-MoulineauxFrance

Personalised recommendations