Radix-r Non-Adjacent Form

  • Tsuyoshi Takagi
  • Sung-Ming Yen
  • Bo-Ching Wu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3225)


Recently, the radix-3 representation of integers is used for the efficient implementation of pairing based cryptosystems. In this paper, we propose non-adjacent form of radix-r representation (rNAF) and efficient algorithms for generating rNAF. The number of non-trivial digits is (r–2)(r+1)/2 and its average density of non-zero digit is asymptotically (r–1)/(2r–1). For r=3, the non-trivial digits are { ± 2, ± 4} and the non-zero density is 0.4. We then investigate the width-w version of rNAF for the general radix-r representation, which is a natural extension of the width-w NAF. Finally we compare the proposed algorithms with the generalized NAF (gNAF) discussed by Joye and Yen. The proposed scheme requires a larger table but its non-zero density is smaller even for large radix. We explain that gNAF is a simple degeneration of rNAF — we can consider that rNAF is a canonical form for the radix-r representation. Therefore, rNAF is a good alternative to gNAF.


Non-adjacent form radix-r representation signed window method elliptic curve cryptosystem pairing based cryptosystem 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BKL+02]
    Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [BGK+03]
    Bertoni, G., Guajardo, J., Kumar, S., Orlando, G., Paar, C., Wollinger, T.: Efficient GF(p m) arithmetic architectures for cryptographic applications. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 158–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. [BSS99]
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)MATHGoogle Scholar
  4. [BLS01]
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [CL73]
    Clark, W., Liang, J.: On Arithmetic Weight for a General Radix Representation of Integers. IEEE Transaction on IT IT-19, 823–826 (1973)CrossRefMathSciNetGoogle Scholar
  6. [DL03]
    Duursma, I., Lee, H.S.: Tate Pairing Implementation for Hyperelliptic Curves y2 = xp − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. [GHS02]
    Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. [Gor98]
    Gordon, D.: A Survey of Fast Exponentiation Methods. Journal of Algorithms 27, 129–146 (1998)MATHCrossRefMathSciNetGoogle Scholar
  9. [HPS02]
    Harrison, K., Page, D., Smart, N.: Software Implementation of Finite Fields of Characteristic Three. LMS Journal of Computation and Mathematics 5, 181–193 (2002)MATHMathSciNetGoogle Scholar
  10. [IEEE]
    IEEE P1363, Standard Specifications for Public-Key Cryptography (2000)Google Scholar
  11. [Jou02]
    Joux, A.: The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems (survey). In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. [JY02]
    Joye, M., Yen, S.M.: New Minimal Modified Radix-r Representation with Applications to Smart Cards. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 375–384. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. [MOC97]
    Miyaji, A., Ono, T., Cohen, H.: Efficient Elliptic Curve Exponentiation. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 282–291. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. [PS02]
    Page, D., Smart, N.: Hardware Implementation of Finite Fields of Characteristic Three. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 529–539. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. [PB04]
    Phillips, B., Burgess, N.: Minimal Weight Digit Set Conversions. IEEE Transactions on Computers 53(6), 666–677 (2004)CrossRefGoogle Scholar
  16. [SW02]
    Smart, N., Westwood, J.: Point Multiplication on Ordinary Elliptic Curves over Fields of Characteristic Three. Applicable Algebra in Engineering, Communication and Computing 13(6), 485–497 (2003)MATHCrossRefMathSciNetGoogle Scholar
  17. [Sol00]
    Solinas, J.: Efficient Arithmetic on Koblitz Curves. Design, Codes and Cryptography 19(2/3), 195–249 (2000)MATHCrossRefMathSciNetGoogle Scholar
  18. [Thu73]
    Thurber, E.G.: On Addition Chains l(mn) ≤ l(n) − b and Lower Bounds for c(r). Duke Mathematical Journal 40, 907–913 (1973)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Tsuyoshi Takagi
    • 1
  • Sung-Ming Yen
    • 2
  • Bo-Ching Wu
    • 2
  1. 1.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Laboratory of Cryptography and Information Security (LCIS), Dept of Computer Science and Information EngineeringNational Central UniversityChung-LiTaiwan, R.O.C.

Personalised recommendations