Algorithms for Multi-exponentiation

  • Bodo Möller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2259)


This paper compares different approaches for computing power products \( \prod _{1 \leqslant i \leqslant k} g_i^{e_i } \) in commutative groups. We look at the conventional simultaneous exponentiation approach and present an alternative strategy, interleaving exponentiation. Our comparison shows that in general groups, sometimes the conventional method and sometimes interleaving exponentiation is more efficient. In groups where inverting elements is easy (e.g. elliptic curves), interleaving exponentiation with signed exponent recoding usually wins over the conventional method.


  1. 1.
    American National Standards Institute (ANSI). Public key cryptography for the financial services industry: The elliptic curve digital signature algorithm (ECDSA). ANSI X9.62, 1998.Google Scholar
  2. 2.
    Biehl, I., Buchmann, J., Hamdy, S., and Meyer, A. A signature scheme based on the intractability of extracting roots. Designs, Codes and Cryptography. To appear.Google Scholar
  3. 3.
    Bos, J., and Coster, M. Addition chain heuristics. In Advances in Cryptology—CRYPTO’ 89 (1989), G. Brassard, Ed., vol. 435 of Lecture Notes in Computer Science, pp. 400–407.CrossRefGoogle Scholar
  4. 4.
    Brands, S. Rethinking Public Key Infrastructures and Digital Certificates—Building in Privacy. MIT Press, 2000.Google Scholar
  5. 5.
    Brickell, Gordon, McCurley, and Wilson. Fast exponentiation with precomputation. In Advances in Cryptology—EUROCRYPT’ 92 (1993), R. A. Rueppel, Ed., vol. 658 of Lecture Notes in Computer Science, pp. 200–207.CrossRefGoogle Scholar
  6. 6.
    Brown, M., Hankerson, D., López, J., and Menezes, A. Software implementation of the NIST elliptic curves over prime fields. In Progress in Cryptology—CT-RSA 2001 (2001), D. Naccache, Ed., vol. 2020 of Lecture Notes in Computer Science, pp. 250–265.CrossRefGoogle Scholar
  7. 7.
    Buchmann, J., and Hamdy, S. A survey on IQ cryptography. In Proceedings of Public Key Cryptography and Computational Number Theory, 2000. To appear. Preprint available at
  8. 8.
    Cohen, H., Ono, T., and Miyaji, A. Efficient elliptic curve exponentiation using mixed coordinates. In Advances in Cryptology—ASIACRYPT’ 98 (1998), K. Ohta and D. Pei, Eds., vol. 1514 of Lecture Notes in Computer Science, pp. 51–65.Google Scholar
  9. 9.
    de Rooij, P. Efficient exponentiation using precomputation and vector addition chains. In Advances in Cryptology—EUROCRYPT’ 94 (1995), T. Helleseth, Ed., vol. 950 of Lecture Notes in Computer Science, pp. 389–399.CrossRefGoogle Scholar
  10. 10.
    Dimitrov, V. S., Jullien, G. A., and Miller, W. C. Complexity and fast algorithms for multiexponentiation. IEEE Transactions on Computers 49 (2000), 141–147.CrossRefMathSciNetGoogle Scholar
  11. 11.
    ElGamal, T. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31 (1985), 469–472.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Kocher, P. C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology—CRYPTO’ 96 (1996), N. Koblitz, Ed., vol. 1109 of Lecture Notes in Computer Science, pp. 104–113.Google Scholar
  13. 13.
    Kocher, P. C., Jaffe, J., and Jun, B. Differential power analysis. In Advances in Cryptology—CRYPTO’ 99 (1999), M. Wiener, Ed., vol. 1666 of Lecture Notes in Computer Science, pp. 388–397.CrossRefGoogle Scholar
  14. 14.
    Lim, C. H., and Lee, P. J. More flexible exponentiation with precomputation. In Advances in Cryptology—CRYPTO’ 94 (1994), Y. G. Desmedt, Ed., vol. 839 of Lecture Notes in Computer Science, pp. 95–107.Google Scholar
  15. 15.
    Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  16. 16.
    Miyaji, A., Ono, T., and Cohen, H. Efficient elliptic curve exponentiation. In International Conference on Information and Communications Security—ICICS’ 97 (1997), Y. Han, T. Okamoto, and S. Qing, Eds., vol. 1334 of Lecture Notes in Computer Science, pp. 282–290.Google Scholar
  17. 17.
    National Institute of Standards and Technology (NIST). Digital Signature Standard (DSS). FIPS PUB 186-2, 2000.Google Scholar
  18. 18.
    Solinas, J. A. An improved algorithm for arithmetic on a family of elliptic curves. In Advances in Cryptology—CRYPTO’ 97 (1997), B. S. Kaliski, Jr., Ed., vol. 1294 of Lecture Notes in Computer Science, pp. 357–371.CrossRefGoogle Scholar
  19. 19.
    Solinas, J. A. Efficient arithmetic on Koblitz curves. Designs, Codes and Cryptography 19 (2000), 195–249.zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Straus, E. G. Problems and solutions: Addition chains of vectors. American Mathematical Monthly 71 (1964), 806–808.CrossRefMathSciNetGoogle Scholar
  21. 21.
    Yen, S.-M., Laih, C.-S., and Lenstra, A. K. Multi-exponentiation. IEE Proceedings—Computers and Digital Techiques 141 (1994), 325–326.zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Bodo Möller
    • 1
  1. 1.Fachbereich InformatikTechnische Universität DarmstadtDarmstadt

Personalised recommendations