On Fast Calculation of Addition Chains for Isogeny-Based Cryptography

  • Brian KozielEmail author
  • Reza Azarderakhsh
  • David Jao
  • Mehran Mozaffari-Kermani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10143)


Addition chain calculations play a critical role in determining the efficiency of cryptosystems based on isogenies on elliptic curves. However, finding a minimal length addition chain is not easy; a generalized version of the problem, in which one must find a chain that simultaneously forms each of a sequence of values, is NP-complete. For the special primes used in such cryptosystems, finding fast addition chains for finite field arithmetic such as inversion and square root is also not easy. In this paper, we investigate the shape of smooth isogeny primes and propose new methods to calculate fast addition chains. Further, we also provide techniques to reduce the temporary register consumption of these large exponentials, applicable to both software and hardware implementations utilizing addition chains. Lastly, we utilize our procedures to compare multiple isogeny primes by the complexity of the addition chains.


Addition chains Post-quantum cryptography Isogeny-based cryptosystems Finite field 



The authors would like to thank the reviewers for their constructive comments. This material is based upon work supported by the NSF CNS-1464118 and NIST 60NANB16D246 awards.


  1. 1.
    Jao, D., Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25405-5_2 CrossRefGoogle Scholar
  2. 2.
    Crandall, R., Pomerance, C.: Prime Numbers: A Computational Perspective, 2nd edn. Springer, New York (2005)Google Scholar
  3. 3.
    Solinas, J.A.: Generalized Mersenne Numbers. Technical report, University of Waterloo (1999)Google Scholar
  4. 4.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \({GF}(2^m)\) using normal bases. Inf. Comput. 78(3), 171–177 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Koziel, B., Jalali, A., Azarderakhsh, R., Jao, D., Mozaffari-Kermani, M.: NEON-SIDH: efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM. In: 15th International Conference on Cryptology and Network Security, CANS 2016 (2016)Google Scholar
  6. 6.
    De Feo, L., Jao, D., Plut, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Crypt. 8(3), 209–247 (2014)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, AsiaPKC 2016, pp. 1–10. ACM, New York (2016)Google Scholar
  8. 8.
    Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53018-4_21 CrossRefGoogle Scholar
  9. 9.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M., Jao, D.: Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves. Cryptology ePrint Archive, Report 2016/672 (2016).
  10. 10.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M.: Fast hardware architectures for supersingular isogeny Diffie-Hellman key exchange on FPGA. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 191–206. Springer, Cham (2016). doi: 10.1007/978-3-319-49890-4_11 CrossRefGoogle Scholar
  11. 11.
    Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient Compression of SIDH Public Keys. Cryptology ePrint Archive, Report 2016/963 (2016).
  12. 12.
    Knuth, D.E.: The Art of Computer Programming, vol. 2, 3rd edn. Addison-Wesley Longman Publishing Co., Inc., Boston (1997)zbMATHGoogle Scholar
  13. 13.
    Brauer, A.: On addition chains. Bull. Am. Math. Soc. 45(10), 736–739 (1939)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Bos, J., Coster, M.: Addition chain heuristics. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 400–407. Springer, New York (1990). doi: 10.1007/0-387-34805-0_37 CrossRefGoogle Scholar
  15. 15.
    Koc, Ç.K.: Analysis of sliding window techniques for exponentiation. Comput. Math. Appl. 30, 17–24 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Gordon, D.M.: A survey of fast exponentiation methods. J. Algorithms 27(1), 129–146 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Möller, B.: Improved techniques for fast exponentiation. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 298–312. Springer, Heidelberg (2003). doi: 10.1007/3-540-36552-4_21 CrossRefGoogle Scholar
  18. 18.
    Adj, G., Rodríguez-Henríquez, F.: Square Root Computation Over Even Extension Fields. Cryptology ePrint Archive, Report 2012/685 (2012).
  19. 19.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (1992)Google Scholar
  20. 20.
    Vélu, J.: Isogénies entre courbes elliptiques. Comptes Rendus de l’Académie des Sciences Paris Séries A-B 273, A238–A241 (1971)Google Scholar
  21. 21.
    Lagarias, J., Odlyzko, A.: Effective versions of the chebotarev density theorem. In: Algebraic Number Fields: L-functions and Galois Properties. Symposium Proceedings of the University of Durham, pp. 409–464 (1975)Google Scholar
  22. 22.
    Joye, M., Paillier, P., Vaudenay, S.: Efficient generation of prime numbers. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 340–354. Springer, Heidelberg (2000). doi: 10.1007/3-540-44499-8_27 CrossRefGoogle Scholar
  23. 23.
    Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. J. Cryptogr. Eng. 5(2), 141–151 (2014)CrossRefGoogle Scholar
  24. 24.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001). doi: 10.1007/3-540-44709-1_5 CrossRefGoogle Scholar
  26. 26.
    Muller, S.: On the computation of square roots in finite fields. Des. Cod. Cryptogr. 31(3), 301–312 (2004)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Brian Koziel
    • 1
    Email author
  • Reza Azarderakhsh
    • 2
  • David Jao
    • 3
  • Mehran Mozaffari-Kermani
    • 4
  1. 1.Texas InstrumentsDallasUSA
  2. 2.CEECS Department and I-SENSE FAUBoca RatonUSA
  3. 3.C&O DepartmentUniversity of WaterlooWaterlooCanada
  4. 4.EME DepartmentRITRochesterUSA

Personalised recommendations