An Analysis of Exponentiation Based on Formal Languages

  • Luke O’Connor
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1592)


A recoding rule for exponentiation is a method for reducing the cost of the exponentiation a e by reducing the number of required multiplications. If w(e) is the (hamming) weight of e, and ē the result of applying the recoding rule A to e, then the purpose is to reduce w A (ē) as compared to w(e). A well-known example of a recoding rule is to convert a binary exponent into a signed-digit representation in terms of the digits {1; \( \bar 1\), 0} where \( \bar 1\) = −1, by recoding runs of 1’s. In this paper we show how three recoding rules can be modelled via regular languages to obtain precise information about the resulting weight distributions. In particular we analyse the recoding rules employed by the 2 k -ary, sliding window and optimal signed-digit exponentiation algorithms. We prove that the sliding window method has an expected recoded weight of approximately n/(k +1) for relevant k-bit windows and n-bit exponents, and also that the variance is small. We also prove for the optimal signed digit method that the expected weight is approximately n/3 with a variance of 2n/27. In general the sliding window method provides the best performance, and performs less than 85% of the multiplications required for the other methods for a majority of exponents.


Elliptic Curve Formal Language Regular Expression Binary String Regular Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    See the Maple homepage at
  2. 2.
    S. Arno and F. Wheeler. Signed digit representations of minimal hamming weight. IEEE Transactions on Computers, 42(8):1007–1010, 1993.CrossRefGoogle Scholar
  3. 3.
    E. A. Bender and S. G. Williamson. Foundations of Applied Combinatorics. Addison-Wesley Publishing Company, 1991.Google Scholar
  4. 4.
    J. Bos and M. Coster. Addition chain heuristics. Advances in Cryptology, CRYPTO 89, Lecture Notes in Computer Science, vol. 218, G. Brassard ed., Springer-Verlag, pages 400–407, 1990.CrossRefGoogle Scholar
  5. 5.
    N. Chomsky and P. Schutzenberger. The algebraic theory of context-free languages. In P Braffort and North Holland Hirchberg, D., editors, Computer programming and formal languages, pages 118–161, 1963.Google Scholar
  6. 6.
    W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):472–492, 1976.CrossRefMathSciNetGoogle Scholar
  7. 7.
    T. ElGamal. A public key cryptosystem and signature system based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):473–481, 1985.CrossRefMathSciNetGoogle Scholar
  8. 8.
    D. Gollman, Y. Han, and C. Mitchell. Redundant integer representations and fast exponentiation. Designs, Codes and Cryptography, 7:135–151, 1996.Google Scholar
  9. 9.
    R. L. Graham, D. E. Knuth, and O. Patshnik. Concrete Mathematics, A Foundation for Computer Science, First Edition. Addison Wesley, 1989.Google Scholar
  10. 10.
    J. Hopcroft and J. Ullman. An Introduction to Automata, Languages and Computation. Reading, MA: Addison Wesley, 1979.Google Scholar
  11. 11.
    L. Hui and K.-Y. Lam. Fast square-and-multiply exponentiation for RSA. Electronics Letters, 30(17):1396–1397, 1994.CrossRefGoogle Scholar
  12. 12.
    J. Jedwab and C. Mitchell. Minimum weight modified signed-digit representations and fast exponentiation. Electronics Letters, 25:1171–1172, 1989.zbMATHCrossRefGoogle Scholar
  13. 13.
    C. K. Koc. High-radix and bit encoding techniques for modular exponentiation. International Journal of Computer Mathematics, 40:139–156, 1991.CrossRefzbMATHGoogle Scholar
  14. 14.
    C. K. Koc. Analysis of sliding window techniques for exponentiation. Computers and Mathematics with Applications, 30(10):17–24, 1995.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    D. E. Knuth. The Art of Computer Programming: Volume 2, Seminumerical Algorithms. Addsion Wesley, 1981.Google Scholar
  16. 16.
    N. Koblitz. CM curves with good cryptographic properties. Advances in Cryptology, CRYPTO 91, Lecture Notes in Computer Science, vol. 576, J. Feigenbaum ed., Springer-Verlag, pages 279–287, 1992.Google Scholar
  17. 17.
    K. Koyama and T. Tsuruoka. Speeding up elliptic curve cryptosystems using a signed binary window method. In Advances in Cryptology, CRYPTO 92, Lecture Notes in Computer Science, vol. 740, E. F. Brickell ed., Springer-Verlag, pages 345–357, 1992.Google Scholar
  18. 18.
    A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC press, 1996.Google Scholar
  19. 19.
    F. Morain and J. Olivos. Speeding up the computations on an elliptic curve using addition-subtraction chains. Theoretical Informatics and Applications, 24(6):531–544, 1990.zbMATHMathSciNetGoogle Scholar
  20. 20.
    G. Reitwiesener. Binary arithmetic. In F. L. Alt, editor, Advances in Computers, pages 232–308, 1960.Google Scholar
  21. 21.
    R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    R Sedgewick and P. Flajolet. An introduction to the analysis of algorithms. Addison-Wesley Publishing Company, 1996.Google Scholar
  23. 23.
    J. A. Solinas. An improved algorithm for arithmetic on a family of elliptic curves. Advances in Cryptology, CRYPTO 97, Lecture Notes in Computer Science, vol. 1294, B. S. Kaliski ed., Springer-Verlag, pages 357–371, 1997.CrossRefGoogle Scholar
  24. 24.
    Y. Yacobi. Exponentiating faster with addition chains. Advances in Cryptology, EUROCRYPT 90, Lecture Notes in Computer Science, vol. 473, I. B. Damgård ed., Springer-Verlag, pages 222–229, 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Luke O’Connor
    • 1
  1. 1.IBM Research DivisionZurich Research LaboratoryRüschlikonSwitzerland

Personalised recommendations