How to Use Koblitz Curves on Small Devices?

  • Kimmo JärvinenEmail author
  • Ingrid Verbauwhede
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8968)


Koblitz curves allow very efficient scalar multiplications because point doublings can be traded for cheap Frobenius endomorphisms by representing the scalar as a \(\tau \)-adic expansion. Typically elliptic curve cryptosystems, such as ECDSA, also require the scalar as an integer. This results in a need for conversions between integers and the \(\tau \)-adic domain, which are costly and prevent from using Koblitz curves on very constrained devices, such as RFID tags or wireless sensors. In this paper, we provide a solution to this problem by showing how complete cryptographic processes, such as ECDSA signing, can be completed in the \(\tau \)-adic domain with very few resources, consequently outsourcing the expensive conversions to a more powerful party. We also provide small circuitries that require about 76 gate equivalents on 0.13 \(\upmu \)m CMOS and that are applicable for all Koblitz curves.


Elliptic Curve Clock Cycle Scalar Multiplication Finite State Machine Point Doubling 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We would like to thank the anonymous reviewers for their valuable comments and improvement suggestions. The work was partly funded by KU Leuven under GOA TENSE (GOA/11/007) and the F+ fellowship (F+/13/039) and by the Hercules Foundation (AKUL/11/19).


  1. 1.
    Adikari, J., Dimitrov, V., Järvinen, K.: A fast hardware architecture for integer to \(\tau \)NAF conversion for Koblitz curves. IEEE Trans. Comput. 61(5), 732–737 (2012)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Azarderakhsh, R., Järvinen, K.U., Mozaffari-Kermani, M.: Efficient algorithm and architecture for elliptic curve cryptography for extremely constrained secure applications. IEEE Trans. Circ. Syst. I-Regul. Pap. 61(4), 1144–1155 (2014)CrossRefGoogle Scholar
  3. 3.
    Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-cost elliptic curve cryptography for wireless sensor networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 6–17. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  4. 4.
    Benits Jr, W.D., Galbraith, S.D.: The GPS identification scheme using frobenius expansions. In: Lucks, S., Sadeghi, A.-R., Wolf, C. (eds.) WEWoRC 2007. LNCS, vol. 4945, pp. 13–27. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  5. 5.
    Brumley, B.B., Järvinen, K.U.: Koblitz curves and integer equivalents of frobenius expansions. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 126–137. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  6. 6.
    Brumley, B.B., Järvinen, K.U.: Conversion algorithms and implementations for Koblitz curve cryptography. IEEE Trans. Comput. 59(1), 81–92 (2010)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Hasan, M.A.: Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Trans. Comput. 50(10), 1071–1083 (2001)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Hein, D., Wolkerstorfer, J., Felber, N.: ECC is ready for RFID – a proof in silicon. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 401–413. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  9. 9.
    Järvinen, K.: Optimized FPGA-based elliptic curve cryptography processor for high-speed applications. Integr. VLSI J. 44(4), 270–279 (2011)CrossRefGoogle Scholar
  10. 10.
    Järvinen, K., Forsten, J., Skyttä, J.: Efficient circuitry for computing \(\tau \)-adic non-adjacent form. In: Proceedings of the 13th IEEE International Conference on Electronics, Circuits and Systems – ICECS 2006, pp. 232–235. IEEE (2006)Google Scholar
  11. 11.
    Joye, M., Tymen, C.: Compact encoding of non-adjacent forms with applications to elliptic curve cryptography. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 353–364. Springer, Heidelberg (2001)Google Scholar
  12. 12.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992) Google Scholar
  14. 14.
    Koçabas, Ü., Fan, J., Verbauwhede, I.: Implementation of binary edwards curves for very-constrained devices. In: Proceedings of the 21st IEEE International Conference on Application-specific Systems Architectures and Processors – ASAP 2010, pp. 185–191. IEEE (2010)Google Scholar
  15. 15.
    Lange, T.: Koblitz curve cryptosystems. Finite Fields Appl. 11, 200–229 (2005)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-curve-based security processor for RFID. IEEE Trans. Comput. 57(11), 1514–1527 (2008)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Meier, W., Staffelbach, O.: Efficient multiplication on certain nonsupersingular elliptic curves. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 333–344. Springer, Heidelberg (1993) Google Scholar
  18. 18.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986) Google Scholar
  19. 19.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)CrossRefzbMATHGoogle Scholar
  20. 20.
    Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved? In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995) Google Scholar
  21. 21.
    National Institute of Standards and Technology (NIST): Digital signature standard (DSS). Federal Information Processing Standard, FIPS PUB 186–4 (July 2013)Google Scholar
  22. 22.
    Okeya, K., Takagi, T., Vuillaume, C.: Efficient representations on Koblitz curves with resistance to side channel attacks. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 218–229. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  23. 23.
    Sinha Roy, S., Fan, J., Verbauwhede, I.: Accelerating scalar conversion for Koblitz curve cryptoprocessors on hardware platforms. In: IEEE Transactions on Very Large Scale Integration (VLSI) Systems (to appear)Google Scholar
  24. 24.
    Solinas, J.A.: Efficient arithmetic on Koblitz curves. Des. Codes Crypt. 19(2–3), 195–249 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  25. 25.
    Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction. J. Crypt. Eng. 1(3), 187–199 (2011)CrossRefGoogle Scholar
  26. 26.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of Design, Automation and Test in Europe Conference and Exhibition – DATE 2004, vol. 1, pp. 246–251. IEEE (2004)Google Scholar
  27. 27.
    Vuillaume, C., Okeya, K., Takagi, T.: Defeating simple power analysis on Koblitz curves. In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E89-A(5), pp. 1362–1369 (May 2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.KU Leuven ESAT/COSIC and iMindsLeuven-HeverleeBelgium
  2. 2.Department of Information and Computer ScienceAalto UniversityEspooFinland

Personalised recommendations