EUROCRYPT 1999: Advances in Cryptology — EUROCRYPT ’99 pp 375-388

# An Analysis of Exponentiation Based on Formal Languages

• Luke O’Connor
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1592)

## Abstract

A recoding rule for exponentiation is a method for reducing the cost of the exponentiation a e by reducing the number of required multiplications. If w(e) is the (hamming) weight of e, and ē the result of applying the recoding rule A to e, then the purpose is to reduce w A (ē) as compared to w(e). A well-known example of a recoding rule is to convert a binary exponent into a signed-digit representation in terms of the digits {1; $$\bar 1$$, 0} where $$\bar 1$$ = −1, by recoding runs of 1’s. In this paper we show how three recoding rules can be modelled via regular languages to obtain precise information about the resulting weight distributions. In particular we analyse the recoding rules employed by the 2 k -ary, sliding window and optimal signed-digit exponentiation algorithms. We prove that the sliding window method has an expected recoded weight of approximately n/(k +1) for relevant k-bit windows and n-bit exponents, and also that the variance is small. We also prove for the optimal signed digit method that the expected weight is approximately n/3 with a variance of 2n/27. In general the sliding window method provides the best performance, and performs less than 85% of the multiplications required for the other methods for a majority of exponents.

## Keywords

Elliptic Curve Formal Language Regular Expression Binary String Regular Language
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

## References

1. 1.
See the Maple homepage at http://www.maplesoft.com.
2. 2.
S. Arno and F. Wheeler. Signed digit representations of minimal hamming weight. IEEE Transactions on Computers, 42(8):1007–1010, 1993.
3. 3.
E. A. Bender and S. G. Williamson. Foundations of Applied Combinatorics. Addison-Wesley Publishing Company, 1991.Google Scholar
4. 4.
J. Bos and M. Coster. Addition chain heuristics. Advances in Cryptology, CRYPTO 89, Lecture Notes in Computer Science, vol. 218, G. Brassard ed., Springer-Verlag, pages 400–407, 1990.
5. 5.
N. Chomsky and P. Schutzenberger. The algebraic theory of context-free languages. In P Braffort and North Holland Hirchberg, D., editors, Computer programming and formal languages, pages 118–161, 1963.Google Scholar
6. 6.
W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):472–492, 1976.
7. 7.
T. ElGamal. A public key cryptosystem and signature system based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):473–481, 1985.
8. 8.
D. Gollman, Y. Han, and C. Mitchell. Redundant integer representations and fast exponentiation. Designs, Codes and Cryptography, 7:135–151, 1996.Google Scholar
9. 9.
R. L. Graham, D. E. Knuth, and O. Patshnik. Concrete Mathematics, A Foundation for Computer Science, First Edition. Addison Wesley, 1989.Google Scholar
10. 10.
J. Hopcroft and J. Ullman. An Introduction to Automata, Languages and Computation. Reading, MA: Addison Wesley, 1979.Google Scholar
11. 11.
L. Hui and K.-Y. Lam. Fast square-and-multiply exponentiation for RSA. Electronics Letters, 30(17):1396–1397, 1994.
12. 12.
J. Jedwab and C. Mitchell. Minimum weight modified signed-digit representations and fast exponentiation. Electronics Letters, 25:1171–1172, 1989.
13. 13.
C. K. Koc. High-radix and bit encoding techniques for modular exponentiation. International Journal of Computer Mathematics, 40:139–156, 1991.
14. 14.
C. K. Koc. Analysis of sliding window techniques for exponentiation. Computers and Mathematics with Applications, 30(10):17–24, 1995.
15. 15.
D. E. Knuth. The Art of Computer Programming: Volume 2, Seminumerical Algorithms. Addsion Wesley, 1981.Google Scholar
16. 16.
N. Koblitz. CM curves with good cryptographic properties. Advances in Cryptology, CRYPTO 91, Lecture Notes in Computer Science, vol. 576, J. Feigenbaum ed., Springer-Verlag, pages 279–287, 1992.Google Scholar
17. 17.
K. Koyama and T. Tsuruoka. Speeding up elliptic curve cryptosystems using a signed binary window method. In Advances in Cryptology, CRYPTO 92, Lecture Notes in Computer Science, vol. 740, E. F. Brickell ed., Springer-Verlag, pages 345–357, 1992.Google Scholar
18. 18.
A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC press, 1996.Google Scholar
19. 19.
F. Morain and J. Olivos. Speeding up the computations on an elliptic curve using addition-subtraction chains. Theoretical Informatics and Applications, 24(6):531–544, 1990.
20. 20.
G. Reitwiesener. Binary arithmetic. In F. L. Alt, editor, Advances in Computers, pages 232–308, 1960.Google Scholar
21. 21.
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
22. 22.
R Sedgewick and P. Flajolet. An introduction to the analysis of algorithms. Addison-Wesley Publishing Company, 1996.Google Scholar
23. 23.
J. A. Solinas. An improved algorithm for arithmetic on a family of elliptic curves. Advances in Cryptology, CRYPTO 97, Lecture Notes in Computer Science, vol. 1294, B. S. Kaliski ed., Springer-Verlag, pages 357–371, 1997.
24. 24.
Y. Yacobi. Exponentiating faster with addition chains. Advances in Cryptology, EUROCRYPT 90, Lecture Notes in Computer Science, vol. 473, I. B. Damgård ed., Springer-Verlag, pages 222–229, 1991.Google Scholar