On Fast Calculation of Addition Chains for Isogeny-Based Cryptography

  • Brian Koziel
  • Reza Azarderakhsh
  • David Jao
  • Mehran Mozaffari-Kermani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10143)

Abstract

Addition chain calculations play a critical role in determining the efficiency of cryptosystems based on isogenies on elliptic curves. However, finding a minimal length addition chain is not easy; a generalized version of the problem, in which one must find a chain that simultaneously forms each of a sequence of values, is NP-complete. For the special primes used in such cryptosystems, finding fast addition chains for finite field arithmetic such as inversion and square root is also not easy. In this paper, we investigate the shape of smooth isogeny primes and propose new methods to calculate fast addition chains. Further, we also provide techniques to reduce the temporary register consumption of these large exponentials, applicable to both software and hardware implementations utilizing addition chains. Lastly, we utilize our procedures to compare multiple isogeny primes by the complexity of the addition chains.

Keywords

Addition chains Post-quantum cryptography Isogeny-based cryptosystems Finite field 

Notes

Acknowledgment

The authors would like to thank the reviewers for their constructive comments. This material is based upon work supported by the NSF CNS-1464118 and NIST 60NANB16D246 awards.

References

  1. 1.
    Jao, D., Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25405-5_2 CrossRefGoogle Scholar
  2. 2.
    Crandall, R., Pomerance, C.: Prime Numbers: A Computational Perspective, 2nd edn. Springer, New York (2005)Google Scholar
  3. 3.
    Solinas, J.A.: Generalized Mersenne Numbers. Technical report, University of Waterloo (1999)Google Scholar
  4. 4.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \({GF}(2^m)\) using normal bases. Inf. Comput. 78(3), 171–177 (1988)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Koziel, B., Jalali, A., Azarderakhsh, R., Jao, D., Mozaffari-Kermani, M.: NEON-SIDH: efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM. In: 15th International Conference on Cryptology and Network Security, CANS 2016 (2016)Google Scholar
  6. 6.
    De Feo, L., Jao, D., Plut, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Crypt. 8(3), 209–247 (2014)MathSciNetMATHGoogle Scholar
  7. 7.
    Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, AsiaPKC 2016, pp. 1–10. ACM, New York (2016)Google Scholar
  8. 8.
    Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53018-4_21 CrossRefGoogle Scholar
  9. 9.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M., Jao, D.: Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves. Cryptology ePrint Archive, Report 2016/672 (2016). http://eprint.iacr.org/2016/672
  10. 10.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M.: Fast hardware architectures for supersingular isogeny Diffie-Hellman key exchange on FPGA. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 191–206. Springer, Cham (2016). doi:10.1007/978-3-319-49890-4_11 CrossRefGoogle Scholar
  11. 11.
    Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient Compression of SIDH Public Keys. Cryptology ePrint Archive, Report 2016/963 (2016). http://eprint.iacr.org/2016/963
  12. 12.
    Knuth, D.E.: The Art of Computer Programming, vol. 2, 3rd edn. Addison-Wesley Longman Publishing Co., Inc., Boston (1997)MATHGoogle Scholar
  13. 13.
    Brauer, A.: On addition chains. Bull. Am. Math. Soc. 45(10), 736–739 (1939)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Bos, J., Coster, M.: Addition chain heuristics. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 400–407. Springer, New York (1990). doi:10.1007/0-387-34805-0_37 CrossRefGoogle Scholar
  15. 15.
    Koc, Ç.K.: Analysis of sliding window techniques for exponentiation. Comput. Math. Appl. 30, 17–24 (1995)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Gordon, D.M.: A survey of fast exponentiation methods. J. Algorithms 27(1), 129–146 (1998)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Möller, B.: Improved techniques for fast exponentiation. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 298–312. Springer, Heidelberg (2003). doi:10.1007/3-540-36552-4_21 CrossRefGoogle Scholar
  18. 18.
    Adj, G., Rodríguez-Henríquez, F.: Square Root Computation Over Even Extension Fields. Cryptology ePrint Archive, Report 2012/685 (2012). http://eprint.iacr.org/
  19. 19.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (1992)Google Scholar
  20. 20.
    Vélu, J.: Isogénies entre courbes elliptiques. Comptes Rendus de l’Académie des Sciences Paris Séries A-B 273, A238–A241 (1971)Google Scholar
  21. 21.
    Lagarias, J., Odlyzko, A.: Effective versions of the chebotarev density theorem. In: Algebraic Number Fields: L-functions and Galois Properties. Symposium Proceedings of the University of Durham, pp. 409–464 (1975)Google Scholar
  22. 22.
    Joye, M., Paillier, P., Vaudenay, S.: Efficient generation of prime numbers. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 340–354. Springer, Heidelberg (2000). doi:10.1007/3-540-44499-8_27 CrossRefGoogle Scholar
  23. 23.
    Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. J. Cryptogr. Eng. 5(2), 141–151 (2014)CrossRefGoogle Scholar
  24. 24.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001). doi:10.1007/3-540-44709-1_5 CrossRefGoogle Scholar
  26. 26.
    Muller, S.: On the computation of square roots in finite fields. Des. Cod. Cryptogr. 31(3), 301–312 (2004)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Brian Koziel
    • 1
  • Reza Azarderakhsh
    • 2
  • David Jao
    • 3
  • Mehran Mozaffari-Kermani
    • 4
  1. 1.Texas InstrumentsDallasUSA
  2. 2.CEECS Department and I-SENSE FAUBoca RatonUSA
  3. 3.C&O DepartmentUniversity of WaterlooWaterlooCanada
  4. 4.EME DepartmentRITRochesterUSA

Personalised recommendations