Efficiencies in Binary Elliptic Curves

  • Scott T. E. HirschfeldEmail author
  • Lynn M. Batten
  • Mohammed K. I. Amain
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10964)


This paper discusses the choices of elliptic curve models available to the would-be implementer, and assists the decision as to which model to use by examining the links between security and efficiency. In early public key cryptography schemes, such as ElGamal and RSA, the use of finite fields over large prime numbers was prevalent, thus preventing the need for difficult and expensive computations over extension fields. Thus, with the introduction of elliptic curve models, the same computational infrastructure using prime fields was inevitably used. As it became clear that elliptic curve models were more efficient than their public key competitors, they acquired a great deal of attention. In more recent times, and with the onset of the Internet of Things, the cryptography community is faced with the challenge of improving the efficiency of cryptography even further, resulting in many papers dealing with improvements of computational efficiencies. This search, along with improvements in both software and hardware dealing with characteristic two fields has instigated the analysis of elliptic curve constructions over binary extension fields. In particular, the ability to identify an object in the field with a bit string aids computation for binary elliptic curves. These circumstances account for our focus on binary elliptic curve fields in this paper in which we present an in-depth discussion on their efficiency and security properties along with other relevant features of various binary elliptic curve models.


Elliptic curve Binary extension field Internet of Things 


  1. 1.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). Scholar
  3. 3.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Ann. Math. 126(3), 649–673 (1987)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Fan, J., Guo, X., De Mulder, E., Schaumont, P., Preneel, B. and Verbauwhede, I.: State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 76–87. IEEE, June 2010Google Scholar
  5. 5.
    Fan, J., Verbauwhede, I.: An updated survey on secure ECC implementations: attacks, countermeasures and cost. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012). Scholar
  6. 6.
    De Win, E., Mister, S., Preneel, B., Wiener, M.: On the performance of signature schemes based on elliptic curves. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 252–266. Springer, Heidelberg (1998). Scholar
  7. 7.
    Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003). Scholar
  8. 8.
    Marzouqi, H., Al-Qutayri, M., Salah, K.: Review of elliptic curve cryptography processor designs. Microprocess. Microsyst. 39(2), 97–112 (2015)CrossRefGoogle Scholar
  9. 9.
    Belgarric, P., Fouque, P.-A., Macario-Rat, G., Tibouchi, M.: Side-channel analysis of Weierstrass and Koblitz curve ECDSA on android smartphones. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 236–252. Springer, Cham (2016). Scholar
  10. 10.
    Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007). Scholar
  11. 11.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman and Hall, CRC Press, Boca Raton (2006)zbMATHGoogle Scholar
  14. 14.
    Karaklajić, D., Fan, J., Schmidt, J.M., Verbauwhede, I.: Low-cost fault detection method for ECC using Montgomery powering ladder. In: Proceedings of 2011 Design, Automation & Test in Europe, pp. 1–6. IEEE (2011)Google Scholar
  15. 15.
    Naccache, D., Smart, N.P., Stern, J.: Projective coordinates leak. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 257–267. Springer, Heidelberg (2004). Scholar
  16. 16.
    Edwards, H.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44(3), 393–422 (2007)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary edwards curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008). Scholar
  18. 18.
    Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Lambda coordinates for binary elliptic curves. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 311–330. Springer, Heidelberg (2013). Scholar
  19. 19.
    Kim, K.H., Lee, C.O., Negre, C.: Binary edwards curves revisited. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 393–408. Springer, Cham (2014). Scholar
  20. 20.
    Rashidi, B.: A Survey on Hardware Implementations of Elliptic Curve Cryptosystems. arXiv preprint arXiv:1710.08336 (2017)
  21. 21.
    Bernstein, D.J.: Batch binary Edwards. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009). Scholar
  22. 22.
    Devigne, J., Joye, M.: Binary Huff curves. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 340–355. Springer, Heidelberg (2011). Scholar
  23. 23.
    Blake, I.F., Seroussi, G., Smart, N.: Elliptic curves in cryptography. In: London Mathematical Society Lecture Notes, vol. 265. Cambridge University Press, Cambridge (1999)Google Scholar
  24. 24.
    [X9.62.1999] Accredited Standards Committee X9. American national standard x9.62-1999, public key cryptography for the financial services industry: The elliptic curve digital signature algorithm (ECDSA). Draft at
  25. 25.
    Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptogr. Eng. 4(1), 3–17 (2014)CrossRefGoogle Scholar
  26. 26.
    Costello, C., Smith, B.: Montgomery curves and their arithmetic: the case of large characteristic fields. IACR Cryptology ePrint Archive, vol. 2017, p. 212 (2017)Google Scholar
  27. 27.
    Oliveira, T., López, J., Rodríguez-Henríquez, F.: The Montgomery ladder on binary elliptic curves. J. Cryptogr. Eng. 1–18 (2017).
  28. 28.
    Bernstein, D.J., Lange, T.: Montgomery curves and the Montgomery ladder. IACR Cryptology ePrint Archive (2017)Google Scholar
  29. 29.
    Hamburg, M.: Decaf: eliminating cofactors through point compression. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 705–723. Springer, Heidelberg (2015). Scholar
  30. 30.
    Farashahi, R.R., Joye, M.: Efficient arithmetic on Hessian curves. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 243–260. Springer, Heidelberg (2010). Scholar
  31. 31.
    Solinas, J.A.: Efficient arithmetic on Koblitz curves. In: Koblitz, N. (ed.) Towards a Quarter-Century of Public Key Cryptography, pp. 125–179. Springer, Boston (2000). Scholar
  32. 32.
    Aranha, D.F., Faz-Hernández, A., López, J., Rodríguez-Henríquez, F.: Faster implementation of scalar multiplication on Koblitz curves. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 177–193. Springer, Heidelberg (2012). Scholar
  33. 33.
    Bernstein, D., Lange, T.: Explicit-Formulas Database (2014). Accessed 2 Apr 2017
  34. 34.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001). Scholar
  35. 35.
    Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2009). Scholar
  36. 36.
    Hankerson, D., Karabina, K., Menezes, A.: Analyzing the Galbraith-Lin-Scott point multiplication method for elliptic curves over binary fields. IEEE Trans. Comput. 58(10), 1411–1420 (2009)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Gueron, S.: AES-GCM for efficient authenticated encryption–ending the reign of HMAC-SHA-1. Real-World Cryptography (2013)Google Scholar
  38. 38.
    Alcaide, A., Palomar, E., Montero-Castillo, J., Ribagorda, A.: Anonymous authentication for privacy-preserving IoT target-driven applications. Comput. Secur. 37, 111–123 (2013)CrossRefGoogle Scholar
  39. 39.
    Markmann, T., Schmidt, T.C., Wählisch, M.: Federated end-to-end authentication for the constrained internet of things using IBC and ECC. ACM SIGCOMM Comput. Commun. Rev. 45(4), 603–604 (2015)CrossRefGoogle Scholar
  40. 40.
    Chatzigiannakis, I., Vitaletti, A., Pyrgelis, A.: A privacy-preserving smart parking system using an IoT elliptic curve based security platform. Comput. Commun. 89, 165–177 (2016)CrossRefGoogle Scholar
  41. 41.
    Wenger, E., Hutter, M.: Exploring the design space of prime field vs. binary field ECC-hardware implementations. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 256–271. Springer, Heidelberg (2012). Scholar
  42. 42.
    Azarderakhsh, R., Jarvinen, K.U., Mozaffari-Kermani, M.: Efficient algorithm and architecture for elliptic curve cryptography for extremely constrained secure applications. IEEE Trans. Circ. Syst. I Regul. Pap. 61(4), 1144–1155 (2014)CrossRefGoogle Scholar
  43. 43.
    Halak, B., Waizi, S.S., Islam, A.: A Survey of Hardware Implementations of Elliptic Curve Cryptographic Systems (2016).
  44. 44.
    Ozturk, E., Gopal, V.: Enabling High-performance Galois-counter mode on Intel architecture processors. Intel white paper (2012)Google Scholar
  45. 45.
    Galbraith, S.D., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Crypt. 78(1), 51–72 (2016)MathSciNetCrossRefGoogle Scholar
  46. 46.
    Feix, B., Roussellet, M., Venelli, A.: Side-channel analysis on blinded regular scalar multiplications. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 3–20. Springer, Cham (2014). Scholar
  47. 47.
    Chen, C.: FPGA implementation for elliptic curve cryptography over binary extension field. M.A.Sc., University of Windsor, 10 December 2017, Electronic Theses and Dissertations (2017)Google Scholar
  48. 48.
    Lalonde, D.R.: Private and public-key side-channel threats against hardware accelerated cryptosystems. M.A.Sc., University of Windsor, 13 December 2017, Electronic Theses and Dissertations (2017)Google Scholar
  49. 49.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). Scholar
  50. 50.
    Maplesoft. User Manual (2015).

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Deakin UniversityGeelongAustralia

Personalised recommendations