Optimizing Double-Base Elliptic-Curve Single-Scalar Multiplication

  • Daniel J. Bernstein
  • Peter Birkner
  • Tanja Lange
  • Christiane Peters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)

Abstract

This paper analyzes the best speeds that can be obtained for single-scalar multiplication with variable base point by combining a huge range of options:

  • many choices of coordinate systems and formulas for individual group operations, including new formulas for tripling on Edwards curves;

  • double-base chains with many different doubling/tripling ratios, including standard base-2 chains as an extreme case;

  • many precomputation strategies, going beyond Dimitrov, Imbert, Mishra (Asiacrypt 2005) and Doche and Imbert (Indocrypt 2006).

The analysis takes account of speedups such as SM tradeoffs and includes recent advances such as inverted Edwards coordinates.

The main conclusions are as follows. Optimized precomputations and triplings save time for single-scalar multiplication in Jacobian coordinates, Hessian curves, and tripling-oriented Doche/Icart/Kohel curves. However, even faster single-scalar multiplication is possible in Jacobi intersections, Edwards curves, extended Jacobi-quartic coordinates, and inverted Edwards coordinates, thanks to extremely fast doublings and additions; there is no evidence that double-base chains are worthwhile for the fastest curves. Inverted Edwards coordinates are the speed leader.

Keywords

Edwards curves double-base number systems double-base chains addition chains scalar multiplication tripling quintupling 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Avanzi, R., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: The Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC, Boca Raton, USA (2005)Google Scholar
  2. 2.
    Barua, R., Lange, T. (eds.): INDOCRYPT 2006. LNCS, vol. 4329. Springer, Heidelberg (2006)MATHGoogle Scholar
  3. 3.
    Bernstein, D.J., Lange, T.: Explicit-formulas database, http://www.hyperelliptic.org/EFD
  4. 4.
    Bernstein, D.J., Lange, T.: Inverted Edwards coordinates. In: AAECC 2007 (to appear, 2007)Google Scholar
  5. 5.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Asiacrypt 2007 [17], pp. 29–50 (2007), http://cr.yp.to/newelliptic/
  6. 6.
    Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic curves in cryptography. London Mathematical Society Lecture Note Series, vol. 265. Cambridge University Press, Cambridge (1999)MATHGoogle Scholar
  7. 7.
    Brauer, A.: On addition chains. Bulletin of the American Mathematical Society 45, 736–739 (1939)MATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Dimitrov, V., Imbert, L., Mishra, P.K.: Efficient and secure elliptic curve point multiplication using double-base chains. In: ASIACRYPT 2005 [19], pp. 59–78 (2005)Google Scholar
  10. 10.
    Doche, C., Icart, T., Kohel, D.R.: Efficient scalar multiplication by isogeny decompositions. In: PKC 2006 [21], pp. 191–206 (2006)Google Scholar
  11. 11.
    Doche, C., Imbert, L.: Extended double-base number system with applications to elliptic curve cryptography. In: Indocrypt 2006 [2], pp. 335–348 (2006)Google Scholar
  12. 12.
    Doche, C., Lange, T.: Arithmetic of Elliptic Curves, Ch. 13 in [1], pp. 267–302. CRC Press, Boca Raton, USA (2005)Google Scholar
  13. 13.
    Duquesne, S.: Improving the arithmetic of elliptic curves in the Jacobi model. Information Processing Letters 104, 101–105 (2007)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007), http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html MATHCrossRefGoogle Scholar
  15. 15.
    Hankerson, D., Menezes, A.J., Vanstone, S.A.: Guide to elliptic curve cryptography. Springer, Berlin (2003)Google Scholar
  16. 16.
    Hisil, H., Carter, G., Dawson, E.: New formulae for efficient elliptic curve arithmetic. In: Indocrypt 2007. LNCS, vol. 4859, pp. 138–151. Springer, Heidelberg (2007)Google Scholar
  17. 17.
    Kurosawa, K. (ed.): Advances in cryptology–ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007)MATHGoogle Scholar
  18. 18.
    IEEE P1363. Standard specifications for public key cryptography. IEEE (2000)Google Scholar
  19. 19.
    Roy, B. (ed.): ASIACRYPT 2005. LNCS, vol. 3788. Springer, Heidelberg (2005)MATHGoogle Scholar
  20. 20.
    Thurber, E.G.: On addition chains l(mn) ≤ l(n) − b and lower bounds for c(r). Duke Mathematical Journal 40, 907–913 (1973)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): PKC 2006. LNCS, vol. 3958. Springer, Heidelberg (2006)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
  • Peter Birkner
    • 2
  • Tanja Lange
    • 2
  • Christiane Peters
    • 2
  1. 1.Department of Mathematics, Statistics, and Computer Science (M/C 249), University of Illinois at Chicago, Chicago, IL 60607–7045USA
  2. 2.Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, P.O. Box 513, 5600 MB EindhovenThe Netherlands

Personalised recommendations