Binary Edwards Curves

  • Daniel J. Bernstein
  • Tanja Lange
  • Reza Rezaeian Farashahi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5154)

Abstract

This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves, i.e., addition formulas that work for all pairs of input points, with no exceptional cases. If n ≥ 3 then the complete curves cover all isomorphism classes of ordinary elliptic curves over Open image in new window.

This paper also presents dedicated doubling formulas for these curves using 2M + 6S + 3D, where M is the cost of a field multiplication, S is the cost of a field squaring, and D is the cost of multiplying by a curve parameter. These doubling formulas are also the first complete doubling formulas in the literature, with no exceptions for the neutral element, points of order 2, etc.

Finally, this paper presents complete formulas for differential addition, i.e., addition of points with known difference. A differential addition and doubling, the basic step in a Montgomery ladder, uses 5M + 4S + 2D when the known difference is given in affine form.

Keywords

Elliptic curves Edwards curves binary fields complete addition law Montgomery ladder countermeasures against side-channel attacks 

References

  1. 1.
    Agnew, G.B., Mullin, R.C., Vanstone, S.A.: An implementation of elliptic curve cryptosystems over \(F_{2^{155}}\). IEEE Journal on Selected Areas in Communications 11, 804–813 (1993); Citations in this document: §7, §7 CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Asiacrypt 2007 [24] pp. 29–50 (2007); Citations in this document: §1, §1, §1, §1Google Scholar
  3. 3.
    Billet, O., Joye, M.: The Jacobi model of an elliptic curve and side-channel analysis. In: AAECC 2003 [12] pp. 34–42 (2003), http://eprint.iacr.org/2002/125; MR 2005c:94045. Citations in this document: §1
  4. 4.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in elliptic curve cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press, Cambridge (2005); MR 2007g:94001. See [17] MATHGoogle Scholar
  5. 5.
    Brier, É., Déchène, I., Joye, M.: Unified point addition formulae for elliptic curve cryptosystems. In: [32], pp. 247–256 (2004); Citations in this document: §1Google Scholar
  6. 6.
    Brier, É., Joye, M.: Weierstrass elliptic curves and side-channel attacks. In: PKC 2002 [31], pp. 335–345 (2002), www.geocities.com/MarcJoye/publications.html; Citations in this document: §1, §7
  7. 7.
    Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005); MR 2007f:14020. See [9], [25] Google Scholar
  8. 8.
    Desmedt, Y.G. (ed.): PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002); See [16], [33]MATHGoogle Scholar
  9. 9.
    Doche, C., Lange, T.: Arithmetic of elliptic curves. In: [7], pp. 267–302 (2005); MR 2162729. Citations in this document: §2, §6, §6Google Scholar
  10. 10.
    Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007), http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html; Citations in this document: §1MATHCrossRefGoogle Scholar
  11. 11.
    Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.-P.: Parallel scalar multiplication on general elliptic curves over \(\mathbb{F}_p\) hedged against non-differential side-channel attacks (2002), http://eprint.iacr.org/2002/007; Citations in this document: §7
  12. 12.
    Fossorier, M., Høholdt, T., Poli, A. (eds.): AAECC 2003. LNCS, vol. 2643. Springer, Heidelberg (2003), MR 2004j:94001. See [3] MATHGoogle Scholar
  13. 13.
    Gaudry, P.: Variants of the Montgomery form based on Theta functions (2006), http://www.loria.fr/~gaudry/publis/toronto.pdf; Citations in this document: §7, §7
  14. 14.
    Gaudry, P., Lubicz, D.: The arithmetic of characteristic 2 Kummer surfaces (2008), http://eprint.iacr.org/2008/133; Citations in this document: §7
  15. 15.
    Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: PKC 2002 [31], pp. 280–296 (2002); Citations in this document §7 Google Scholar
  16. 16.
    Izu, T., Takagi, T.: Exceptional procedure attack on elliptic curve cryptosystems. In: PKC 2003 [8], pp. 224–239 (2002); Citations in this document: §1 Google Scholar
  17. 17.
    Joye, M.: Defences against side-channel analysis. In: [4], pp. 87–100 (2005); Citations in this document: §1Google Scholar
  18. 18.
    Joye, M., Quisquater, J.-J.: Hessian elliptic curves and side-channel attacks. In: CHES 2001 [22], pp. 402–410 (2001); MR 2003k:94032, www.geocities.com/MarcJoye/publications.html; Citations in this document: §1
  19. 19.
    Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: CHES 2002 [20], pp. 291–302 (2003), http://www.gemplus.com/smart/rd/publications/pdf/JY03mont.pdf; Citations in this document: §7
  20. 20.
    Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.): CHES 2002. LNCS, vol. 2523. Springer, Heidelberg (2003); See [19]Google Scholar
  21. 21.
    Kim, K.H., Kim, S.I.: A new method for speeding up arithmetic on elliptic curves over binary fields (2007), http://eprint.iacr.org/2007/181; Citations in this document: §6
  22. 22.
    Koç, Ç.K., Naccache, D., Paar, C. (eds.): CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001); MR 2003g:94002. See [18], [27] MATHGoogle Scholar
  23. 23.
    Koç, Ç.K., Paar, C. (eds.): CHES 1999. LNCS, vol. 1717. Springer, Heidelberg (1999); See [29] MATHGoogle Scholar
  24. 24.
    Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007); See [2] MATHGoogle Scholar
  25. 25.
    Lange, T.: Mathematical countermeasures against side-channel attacks. In: [7], pp. 687–714 (2005); MR 2163785, Citations in this document: §1Google Scholar
  26. 26.
    Lange, T.: A note on López-Dahab coordinates. Tatra Mountains Mathematical Publications 33, 75–81 (2006), http://eprint.iacr.org/2004/323; MR 2007f:11139. Citations in this document: §6MATHMathSciNetGoogle Scholar
  27. 27.
    Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC systems using the Jacobi form. In: CHES 2001, [22], pp. 391–401 (2001); MR 2003k:94033, Citations in this document: §1 Google Scholar
  28. 28.
    López, J., Dahab, R.: Improved algorithms for elliptic curve arithmetic in GF(2n). In: SAC 1998, [35], pp. 201–212 (1999); MR 1715809, Citations in this document: §6 Google Scholar
  29. 29.
    López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputation. In: CHES 1999, [23], pp. 316–327 (1999); Citations in this document: §7, §7, §7, §7 Google Scholar
  30. 30.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987), http://links.jstor.org/sici?sici=0025-5718(198701)48:177243:STPAEC2.0.CO;2-3; MR 88e:11130. Citations in this document: §7 Google Scholar
  31. 31.
    Naccache, D., Paillier, P. (eds.): PKC 2002. LNCS, vol. 2274. Springer, Heidelberg (2002); MR 2005b:94044. See [6], [15]MATHGoogle Scholar
  32. 32.
    Nedjah, N., Mourelle, L.M. (eds.): Embedded cryptographic hardware: methodologies & architectures. Nova Science Publishers (2004); ISBN 1–59454–012–8. See [5]Google Scholar
  33. 33.
    Stam, M.: On Montgomery-like representations for elliptic curves over GF(2k). In: PKC 2003, [8], pp. 240–254 (2002); Citations in this document: §7, §7, §7 Google Scholar
  34. 34.
    Stein, W. (ed.): Sage Mathematics Software (Version 2.8.13). The Sage Group (2008), http://www.sagemath.org Citations in this document: §3
  35. 35.
    Tavares, S., Meijer, H. (eds.): SAC 1998. LNCS, vol. 1556. Springer, Heidelberg (1999); MR 1715799. See [28] MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
  • Tanja Lange
    • 2
  • Reza Rezaeian Farashahi
    • 2
    • 3
  1. 1.Department of Mathematics, Statistics, and Computer Science (M/C 249)University of Illinois at ChicagoChicagoUSA
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands
  3. 3.Dept. of Mathematical SciencesIsfahan University of TechnologyIsfahanIran

Personalised recommendations