Fast Generation of Pairs (k, [k]P) for Koblitz Elliptic Curves

  • Jean-Sébastien Coron
  • David M’Raïhi
  • Christophe Tymen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2259)


We propose a method for increasing the speed of scalar multiplication on binary anomalous (Koblitz) elliptic curves. By introducing a generator which produces random pairs (k, [k]P) of special shape, we exhibit a specific setting where the number of elliptic curve operations is reduced by 25% to 50% compared with the general case when k is chosen uniformly. This generator can be used when an ephemeral pair (k, [k]P) is needed by a cryptographic algorithm, and especially for Elliptic Curve Diffie-Hellman key exchange, ECDSA signature and El-Gamal encryption. The presented algorithm combines normal and polynomial basis operations to achieve optimal performance. We prove that a probabilistic signature scheme using our generator remains secure against chosen message attacks.

Key words

Elliptic curve binary anomalous curve scalar multiplication accelerated signature schemes pseudo-random generators 


  1. 1.
    V. Boyko, M. Peinado, and R. Venkatesan. Speeding up discrete log and factoring based schemes via precomputations. In Advances in Cryptology—Eurocrypt’ 98, pages 221–235. Springer Verlag, 1998.Google Scholar
  2. 2.
    D.M. Gordon. A survey of fast exponentiation methods. Journal of Algorithms, 27:129–146, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    B.S. Kaliski Jr. and T.L. Yin. Storage-efficient finite field basis conversion. In Selected areas in Cryptography—SAC’98, volume 1556, 1998.Google Scholar
  4. 4.
    N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48:203–209, 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    N. Koblitz. CM-curves with good cryptographic properties. In Joan Feigenbaum, editor, Advances in Cryptology—Crypto’ 91, pages 279–287, Berlin, 1991. Springer-Verlag. Lecture Notes in Computer Science Volume 576.Google Scholar
  6. 6.
    W. Meier and O. Staffelbach. Efficient multiplication on certain non-supersingular elliptic curves. In Advances in Cryptology—Crypto’ 92, volume LNCS 740, pages 333–344. Springer Verlag, 1993.CrossRefGoogle Scholar
  7. 7.
    A.J. Menezes. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, 1993.Google Scholar
  8. 8.
    V.S. Miller. Use of elliptic curves in cryptography. In Springer Verlag, editor, Proceedings of Crypto 85, volume LNCS 218, pages 417–426. Springer Verlag, 1986.Google Scholar
  9. 9.
    F. Morain and J. Olivos. Speeding up the computation of an elliptic curve using addition-subtraction chains. Inform. Theory Appl., 24:531–543, 1990.zbMATHMathSciNetGoogle Scholar
  10. 10.
    P. Nguyen. La géométrie des nombres en cryptologie. PhD thesis, Université de Paris 7, 1999.Google Scholar
  11. 11.
    P. Nguyen and J. Stern. The hardness of the hidden subset sum problem and its cryptographic implications. In Michael Wiener, editor, Advances in Cryptology—Crypto’99, pages 31–46, Berlin, 1999. Springer-Verlag. Lecture Notes in Computer Science.Google Scholar
  12. 12.
    Phong Nguyen, Igor Shparlinsky, and Jacques Stern. Distribution of Modular Subset Sums and the Security of the Server Aided Exponentiation. In Workshop on Cryptography and Computational Number Theory, 1999.Google Scholar
  13. 13.
    IEEE P1363. Standard Specifications for Public Key Cryptography. August 1998.Google Scholar
  14. 14.
    P. de Rooij. On the security of the Schnorr scheme using preprocessing. In Donald W. Davies, editor, Advances in Cryptology—EuroCrypt’ 91, pages 71–80, Berlin, 1991. Springer-Verlag. Lecture Notes in Computer Science Volume 547.Google Scholar
  15. 15.
    P. de Rooij. On Schnorr’s preprocessing for digital signature schemes. In Tor Helleseth, editor, Advances in Cryptology—EuroCrypt’ 93, pages 435–439, Berlin, 1993. Springer-Verlag. Lecture Notes in Computer Science Volume 765.Google Scholar
  16. 16.
    P. de Rooij. Efficient exponentiation using precomputation and vector addition chains. In Alfredo De Santis, editor, Advances in Cryptology—EuroCrypt’ 94, pages 389–399, Berlin, 1995. Springer-Verlag. Lecture Notes in Computer Science Volume 950.CrossRefGoogle Scholar
  17. 17.
    C. P. Schnorr. Efficient identification and signatures for smart cards. In Jean-Jacques Quisquater and Joos Vandewalle, editors, Advances in Cryptology—Euro-Crypt’89, pages 688–689, Berlin, 1989. Springer-Verlag. Lecture Notes in Computer Science Volume 434.Google Scholar
  18. 18.
    C. P. Schnorr. Efficient identification and signatures for smart cards. Journal of Cryptology, 4:161–174, 1991.zbMATHCrossRefGoogle Scholar
  19. 19.
    J.A. Solinas. An improved algorithm for arithmetic on a family of elliptic curves. In BurtKaliski, editor, Advances in Cryptology—Crypto’ 97, pages 357–371, Berlin, 1997. Springer-Verlag. Lecture Notes in Computer Science Volume 1294.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
  • David M’Raïhi
    • 2
  • Christophe Tymen
    • 1
  1. 1.École Normale SupérieureParisFrance
  2. 2.Gemplus Card InternationalRedwood CityUSA

Personalised recommendations