On Redundant τ-Adic Expansions and Non-adjacent Digit Sets

  • Roberto Maria Avanzi
  • Clemens Heuberger
  • Helmut Prodinger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)

Abstract

This paper studies τ-adic expansions of scalars, which are important in the design of scalar multiplication algorithms on Koblitz Curves, and are less understood than their binary counterparts.

At Crypto ’97 Solinas introduced the width-wτ-adic non-adjacent form for use with Koblitz curves. It is an expansion of integers \(z=\sum_{i=0}^\ell z_i\tau^i\), where τ is a quadratic integer depending on the curve, such that \(z_i\ne 0\) implies zw + i − 1 = ... = zi + 1= 0, like the sliding window binary recodings of integers. We show that the digit sets described by Solinas, formed by elements of minimal norm in their residue classes, are uniquely determined. However, unlike for binary representations, syntactic constraints do not necessarily imply minimality of weight.

Digit sets that permit recoding of all inputs are characterized, thus extending the line of research begun by Muir and Stinson at SAC 2003 to Koblitz Curves.

Two new useful digit sets are introduced: one set makes precomputations easier, the second set is suitable for low-memory applications, generalising an approach started by Avanzi, Ciet, and Sica at PKC 2004 and continued by several authors since. Results by Solinas, and by Blake, Murty, and Xu are generalized.

Termination, optimality, and cryptographic applications are considered. We show how to perform a “windowed” scalar multiplication on Koblitz curves without doing precomputations first, thus reducing memory storage dependent on the base point to just one point.

References

  1. 1.
    Avanzi, R.M.: A Note on the Signed Sliding Window Integer Recoding and its Left-to-Right Analogue. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 130–143. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Avanzi, R.M.: Delaying and Merging Operations in Scalar Multiplication: Applications to Curve-Based Cryptosystems. In: Bihamel, E. (ed.) SAC 2006. LNCS, vol. 4356, pp. 203–219. Springer, Heidelberg (to appear)Google Scholar
  3. 3.
    Avanzi, R.M., Ciet, M., Sica, F.: Faster Scalar Multiplication on Koblitz Curves combining Point Halving with the Frobenius Endomorphism. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 28–40. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Avanzi, R.M., Dimitrov, V., Doche, C., Sica, F.: Extending Scalar Multiplication using Double Bases. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 130–144. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Avanzi, R.M., Heuberger, C., Prodinger, H.: Minimality of the Hamming Weight of the τ-NAF for Koblitz Curves and Improved Combination with Point Halving. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 332–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Avanzi, R.M., Heuberger, C., Prodinger, H.: Scalar Multiplication on Koblitz Curves Using the Frobenius Endomorphism and its Combination with Point Halving: Extensions and Mathematical Analysis. Algorithmica 46, 249–270 (2006)Google Scholar
  7. 7.
    Avanzi, R.M., Sica, F.: Scalar Multiplication on Koblitz Curves Using Double Bases. Cryptology ePrint Archive, Report 2006/067Google Scholar
  8. 8.
    Blake, I.F., Murty, V.K., Xu, G.: A note on window τ-NAF algorithm. Information Processing Letters 95, 496–502 (2005)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Cohen, H., Frey, G. (eds.): The Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)Google Scholar
  10. 10.
    Coron, J.-S., M’Raïhi, D., Tymen, C.: Fast generation of pairs (k,[k]p) for Koblitz elliptic curves. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 151–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Heuberger, C., Prodinger, H.: Analysis of Alternative Digit Sets for Nonadjacent Representations. Monatshefte für Mathematik, pp. 219–248 (2006)Google Scholar
  12. 12.
    Kátai, I., Kovács, B.: Canonical number systems in imaginary quadratic fields. Acta Math. Hungar. 37, 159–164 (1981)MATHCrossRefGoogle Scholar
  13. 13.
    Kátai, I., Szabó, J.: Canonical Number Systems for Complex Integers. Acta Scientiarum Mathematicarum 1975, 255–260Google Scholar
  14. 14.
    Knudsen, E.W.: Elliptic Scalar Multiplication Using Point Halving. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 135–149. Springer, Heidelberg (1999)Google Scholar
  15. 15.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 48, 203–209 (1987)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  17. 17.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  18. 18.
    Muir, J.A., Stinson, D.R.: Alternative digit sets for nonadjacent representations. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 306–319. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Muir, J.A., Stinson, D.R.: Minimality and other properties of the width-w nonadjacent form. Math. Comp. 75, 369–384 (2006)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Okeya, K., Takagi, T., Vuillaume, C.: Short Memory Scalar Multiplication on Koblitz Curves. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 91–105. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Park, D.J., Sim, S.G., Lee, P.J.: Fast scalar multiplication method using change-of-basis matrix to prevent power analysis attacks on Koblitz curves. In: Chae, K.-J., Yung, M. (eds.) Information Security Applications. LNCS, vol. 2908, pp. 474–488. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Schroeppel, R.: Elliptic curve point ambiguity resolution apparatus and method. International Application Number PCT/US00/31014 (filed 9 November, 2000)Google Scholar
  23. 23.
    Solinas, J.A.: An improved algorithm for arithmetic on a family of elliptic curves. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 357–371. Springer, Heidelberg (1997)Google Scholar
  24. 24.
    Solinas, J.A.: Efficient Arithmetic on Koblitz Curves. Designs, Codes and Cryptography 19(2/3), 125–179 (2000)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Roberto Maria Avanzi
    • 1
  • Clemens Heuberger
    • 2
  • Helmut Prodinger
    • 3
  1. 1.Faculty of Mathematics and Horst Görtz Institute for IT Security, Ruhr-University BochumGermany
  2. 2.Institut für Mathematik B, Technische Universität GrazAustria
  3. 3.Department of Mathematics, University of StellenboschSouth Africa

Personalised recommendations