Advertisement

Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications

  • Katsuyuki Okeya
  • Hiroyuki Kurumatani
  • Kouichi Sakurai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1751)

Abstract

We show that the elliptic curve cryptosystems based on the Montgomery-form E M :BY 2 = X 3 + AX 2 +X are immune to the timing-attacks by using our technique of randomized projective coordinates, while Montgomery originally introduced this type of curves for speeding up the Pollard and Elliptic Curve Methods of integer factorization [Math. Comp. Vol.48, No.177, (1987) pp.243-264].

However, it should be noted that not all the elliptic curves have the Montgomery-form, because the order of any elliptic curve with the Montgomery-form is divisible by “4”. Whereas recent ECC-standards [NIST,SEC-1] recommend that the cofactor of elliptic curve should be no greater than 4 for cryptographic applications.

Therefore, we present an efficient algorithm for generating Montgomery-form elliptic curve whose cofactor is exactly “4”. Finally, we give the exact consition on the elliptic curves whether they can be represented as a Montgomery-form or not. We consider divisibility by “8” for Montgomery-form elliptic curves.

We implement the proposed algorithm and give some numerical examples obtained by this.

Keywords

Elliptic Curve Cryptography Montgomery-form Efficient Implementation Timing-attacks 

References

  1. [AMV93]
    Agnew, G.B., Mullin, R.C., Vanstone, S.A.: An Implementation of Elliptic Curve Cryptosystems Over F\(_{2^155}\). IEEE Journal on Selected Areas in Communications 11(5), 804–813 (1993)CrossRefGoogle Scholar
  2. [ANSI]
    ANSI X9.62, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm(ECDSA) (1999)Google Scholar
  3. [BP98]
    Bailey, D.V., Paar, C.: Optimal Extension Fields for Fast Arithmetic in Public- Key Algorithms. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 472–485. Springer, Heidelberg (1998)Google Scholar
  4. [BSS99]
    Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  5. [CMO98]
    Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. [Cor99]
    Coron, J.S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Pre-Proceedings ofWorkshop on Cryptographic Hardware and Embedded Systems(CHES), pp. 292–302 (1999)Google Scholar
  7. [FR94]
    Frey, G., Rück, H.G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62, 865–874 (1994)zbMATHMathSciNetGoogle Scholar
  8. [Izu99a]
    Izu, T.: Elliptic Curve Exponentiation for Cryptosystem. In: SCIS 1999, vol. W4-1.1, pp. 275–280 (1999)Google Scholar
  9. [Izu99b]
    Izu, T.: Elliptic Curve Exponentiation without y-coordinate, Technical Report of IEICE. ISEC98-86, 93–98 (1999)Google Scholar
  10. [KMKH99]
    Kobayashi, T., Morita, H., Kobayashi, K., Hoshino, F.: Fast Elliptic Curve Algorithm Combining Frobenius Map and Table Reference to Adapt to Higher Characteristic. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 176–189. Springer, Heidelberg (1999)Google Scholar
  11. [Kob87]
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 48, 203–209 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  12. [Koc]
    Kocher, C.: Cryptanalysis of Diffie-Hellman,RSA,DSS, and Other Systems Using Timing Attacks, available at http://www.cryptography.com/
  13. [Koc96]
    Kocher, C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  14. [Mil86]
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  15. [MOV93]
    Menezes, A., Okamoto, T., Vanstone, A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transaction on Information Theory IT-39(5), 1639–1646 (1993)CrossRefMathSciNetGoogle Scholar
  16. [MOC98]
    Miyaji, A., Ono, T., Cohen, H.: Efficient elliptic curve exponentiation(II). In: SCIS 1998, vol. 7.1.D (1998)Google Scholar
  17. [Mon87]
    Montgomery, P.L.: Speeding the Pollard and Elliptic Curve Methods of Factorizations. Math. Comp. 48, 243–264 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  18. [NIST99]
    National Institute for Standards and Technology, Recommended Elliptic Curves for Federal Government Use (1999), Available at http://csrc.nist.gov/encryption/
  19. [SA98]
    Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Mathematici Universitatis Sancti Pauli, 88–92 (1998)Google Scholar
  20. [OSK99]
    Ohgishi, K., Sakai, R., Kasahara, M.: Elliptic Curve Signature Scheme with No y Coordinate. In: SCIS 1999, vol. W4-1.3, pp. 285–287 (1999)Google Scholar
  21. [SEC-1]
    Standards for Efficient Cryptography. Elliptic Curve Cryptography Ver.0.5 (1999) Available at, http://www.secg.org/drafts.htm
  22. [Sem98]
    Semaev, I.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p. Math. Comp. 67, 353–356 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  23. [Sma]
    Smart, N.P.: The Discrete Logarithm Problem on Elliptic Curves of Trace One. Journal of Cryptology (to appear) Google Scholar
  24. [TK99]
    Takeuchi, K., Koyama, K.: Fast Computation of Elliptic Curve Cryptosystems. In: SCIS 1999, vol. W4-1.2, pp. 281–284 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Katsuyuki Okeya
    • 1
  • Hiroyuki Kurumatani
    • 1
  • Kouichi Sakurai
    • 2
  1. 1.Software DivisionHitachi, Ltd.YokohamaJapan
  2. 2.Department of Computer Science and Communication EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations