Fast Point Decompression for Standard Elliptic Curves

  • Billy Bob Brumley
  • Kimmo U. Järvinen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5057)


Many standard elliptic curves (e.g. NIST, SECG, ANSI X9.62, WTLS, ...) over the finite field \(\mathbb{F}_p\) have p a prime of Mersenne-like form—this yields faster field arithmetic. Point compression cuts the storage requirement for points (public keys) in half and is hence desirable. Point decompression in turn involves a square root computation. Given the special Mersenne-like form of a prime, in this paper we examine the problem of efficiently computing square roots in the base field. Although the motivation comes from standard curves, our analysis is for fast square roots in any arbitrary Mersenne-like prime field satisfying \(p \equiv 3 \pmod 4\). Using well-known methods from number theory, we present a general strategy for fast square root computation in these base fields. Significant speedup in the exponentiation is achieved compared to general methods for exponentiation. Both software and hardware implementation results are given, with a focus on standard elliptic curves.


elliptic curve cryptography square roots modulo p exponentiation addition chains 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    FIPS: Digital signature standard (DSS). FIPS PUB 186-2 (+ Change Notice). Technical report, U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology (2000)Google Scholar
  2. 2.
    IEEE: Standard specifications for public-key cryptography. Technical Report IEEE P1363 / D13, Institute of Electrical and Electronics Engineers, Inc. (1999)Google Scholar
  3. 3.
    ANSI: The elliptic curve digital signature algorithm. American National Standards Institute, ANSI X9.62-1998 (1998)Google Scholar
  4. 4.
    SECG: Standards for efficient cryptography. Standards for Efficient Cryptography Group, Version 1.0 (2000)Google Scholar
  5. 5.
    NIST: Recommended elliptic curves for federal government use. Technical report, National Institute of Standards and Technology (NIST) (1999)Google Scholar
  6. 6.
    WTLS: Wireless application protocol, wireless transport layer security specification. Wireless Application Forum (1999)Google Scholar
  7. 7.
    BSIG: Simple pairing whitepaper. Technical report, Bluetooth Special Interest Group (2006),
  8. 8.
    Cox, M., Engelschall, R., Henson, S., Laurie, B.: The OpenSSL Project. v0.9.8g (2007),
  9. 9.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  11. 11.
    Gordon, D.M.: A survey of fast exponentiation methods. J. Algorithms 27(1), 129–146 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Knuth, D.E.: Seminumerical Algorithms. 3rd edn. The Art of Computer Programming, vol. 2. Addison-Wesley, Reading (1998)zbMATHGoogle Scholar
  13. 13.
    Brauer, A.: On addition chains. Bulletin of the American Mathematical Society 45, 736–739 (1939)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    von zur Gathen, J., Nöcker, M.: Computing special powers in finite fields. Math. Comp. 73(247), 1499–1523 (2004) (electronic) zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Bos, J.N., Coster, M.J.: Addition chain heuristics. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 400–407. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 250–265. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Beiler, A.H.: Recreations in the Theory of Numbers. Dover, NY (1964)Google Scholar
  19. 19.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases. Inform. and Comput. 78(3), 171–177 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comp. 44(170), 519–521 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Altera: Stratix II device handbook, vol. 1–2, ver. 4.1 (2006)Google Scholar
  22. 22.
    Solinas, J.A.: Generalized Mersenne numbers. Technical report CORR 99-39, Centre for Applied Cryptographic Research, University of Waterloo (1999)Google Scholar
  23. 23.
    Guajardo, J., Blümel, R., Krieger, U., Paar, C.: Efficient implementation of elliptic curve cryptosystems on the TI MSP430x33x family of microcontrollers. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 365–382. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Crandall, R.: Method and apparatus for public key exchange in a cryptographic system. United States Patent 5,159,632 (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Billy Bob Brumley
    • 1
  • Kimmo U. Järvinen
    • 2
  1. 1.Department of Information and Computer ScienceHelsinki University of TechnologyTKKFinland
  2. 2.Department of Signal Processing and AcousticsHelsinki University of TechnologyTKKFinland

Personalised recommendations