Although cryptographic software implementation is often performed by expert programmers, the range of performance and security driven options, as well as more mundane software engineering issues, still make it a challenge. The use of domain specific language and compiler techniques to assist in description and optimisation of cryptographic software is an interesting research challenge. Our results, which focus on Elliptic Curve Cryptography (ECC), show that a suitable language allows description of ECC based software in a manner close to the original mathematics; the corresponding compiler allows automatic production of an executable whose performance is competitive with that of a hand-optimised implementation. Our work are set within the context of CACE, an ongoing EU funded project on this general topic.


Elliptic Curve Cryptography (ECC) Implementation Compilers Optimisation Specialisation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    ARM Limited. ARM946E-S Technical Reference Manual. Available from:
  3. 3.
    Avanzi, R.M.: Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 148–162. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Barrett, P.D.: Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 311–323. Springer, Heidelberg (1987)Google Scholar
  5. 5.
    Barbosa, M., Page, D.: On the Automatic Construction of Indistinguishable Operations. Cryptology ePrint Archive Report 2005/174 (2005)Google Scholar
  6. 6.
    Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  7. 7.
    Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2004)Google Scholar
  8. 8.
    Camenisch, J., Rohe, M., Sadeghi, A-R.: Sokrates - A Compiler Framework for Zero-Knowledge Protocols. In: WEWoRC. Western European Workshop on Research in Cryptology (2005)Google Scholar
  9. 9.
    Computational Algebra Group, University of Sydney. Magma Computational Algebra System. Available from:
  10. 10.
    Consel, C., Hornof, L., Marlet, R., Muller, G., Thibault, S., Volanschi, E-N., Lawall, J., Noyá, J.: Tempo: Specializing Systems Applications and Beyond. ACM Computing Surveys 30(3) (1998)Google Scholar
  11. 11.
    Crescenzi, P., Kann, V.: A Compendium of NP Optimization Problems. Available from:
  12. 12.
    Dueck, G., Scheuer, T.: Threshold Accepting: A General Purpose Optimization Algorithm Appearing Superior to Simulated Annealing. Journal of Computational Physics 90(1), 161–175 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Gaudry, P., Thomé, E.: The mpFq Library and Implementing Curve-based Key Exchanges. In: SPEED. Software Performance Enhancement for Encryption and Decryption, pp. 49–64 (2007)Google Scholar
  14. 14.
    Gupta, D., Malloy, B., McRae, A.: The Complexity of Scheduling for Data Cache Optimization. Information Sciences 100(1-4) (1997)Google Scholar
  15. 15.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  16. 16.
    Hennessy, J.L., Patterson, D.A.: Computer Architecture: A Quantitative Approach. Morgan Kaufmann, San Francisco (2006)zbMATHGoogle Scholar
  17. 17.
    Knuth, D.: The Art of Computer Programming, Seminumerical Algorithms, vol. 2. Addison-Wesley, Reading (1999)Google Scholar
  18. 18.
    Koblitz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48, 203–209 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Koblitz, N.: Hyperelliptic Cryptosystems. Journal of Cryptology 3, 139–150 (1989)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  22. 22.
    Kowarschik, M., Wei, C.: An Overview of Cache Optimization Techniques and Cache-Aware Numerical Algorithms. In: Meyer, U., Sanders, P., Sibeyn, J.F. (eds.) Algorithms for Memory Hierarchies. LNCS, vol. 2625, pp. 213–232. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Lewis, J.R., Martin, B.: Cryptol: High Assurance, Retargetable Crypto Development and Validation. Military Communications Conference 2, 820–825 (2003)CrossRefGoogle Scholar
  24. 24.
    Lucks, S., Schmoigl, N., Tatli, E.I.: The Idea and the Architecture of a Cryptographic Compiler. In: WEWoRC. Western European Workshop on Research in Cryptology (2005)Google Scholar
  25. 25.
    Micali, S., Reyzin, L.: Physically Observable Cryptography (Extended Abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)Google Scholar
  26. 26.
    Miller, V.: Uses of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  27. 27.
    Montgomery, P.L.: Modular Multiplication Without Trial Division. Mathematics of Computation 44, 519–521 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Muchnick, S.S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco (1997)Google Scholar
  29. 29.
    Nielsen, J.D., Schwartzbach, M.I.: A Domain-Specific Programming Language for Secure Multiparty Computation. In: PLAS. Programming Languages and Analysis for Security (2007)Google Scholar
  30. 30.
    Page, D.: CAO: A Cryptography Aware Language and Compiler,
  31. 31.
    Sermulins, J., Thies, W., Rabbah, R., Amarasinghe, S.: Cache Aware Optimization of Stream Programs. In: ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems (2005)Google Scholar
  32. 32.
    Standards for Efficient Cryptography Group (SECG). SEC 2: Recommended Elliptic Curve Domain Parameters (2000), Available from
  33. 33.
    Shoup, V.: NTL: A Library for doing Number Theory. Available from:
  34. 34.
    Solinas, J.A.: Generalized Mersenne Numbers. Technical Report CORR 99-39, University of Waterloo (1999)Google Scholar
  35. 35.
    Walter, C.D.: Montgomery Exponentiation Needs No Final Subtractions. Electronics Letters 35, 1831–1832 (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • M. Barbosa
    • 1
  • A. Moss
    • 2
  • D. Page
    • 2
  1. 1.Departamento de Informática, Universidade do Minho, Campus de Gualtar, 4710-057 BragaPortugal
  2. 2.Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UBUnited Kingdom

Personalised recommendations