Twisted Edwards Curves Revisited

  • Huseyin Hisil
  • Kenneth Koon-Ho Wong
  • Gary Carter
  • Ed Dawson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5350)

Abstract

This paper introduces fast algorithms for performing group operations on twisted Edwards curves, pushing the recent speed limits of Elliptic Curve Cryptography (ECC) forward in a wide range of applications. Notably, the new addition algorithm uses \(8\mathrm{\textbf{M}}\) for suitably selected curve constants. In comparison, the fastest point addition algorithms for (twisted) Edwards curves stated in the literature use \(9\mathrm{\textbf{M}} + 1\mathrm{\textbf{S}}\). It is also shown that the new addition algorithm can be implemented with four processors dropping the effective cost to \(2\mathrm{\textbf{M}}\). This implies an effective speed increase by the full factor of 4 over the sequential case. Our results allow faster implementation of elliptic curve scalar multiplication. In addition, the new point addition algorithm can be used to provide a natural protection from side channel attacks based on simple power analysis (SPA).

Keywords

Efficient elliptic curve arithmetic unified addition side channel attack SPA 

References

  1. 1.
    Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: Optimizing double-base elliptic-curve single-scalar multiplication. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 167–182. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: ECM using Edwards curves. Cryptology ePrint Archive, Report 2008/016 (2008), http://eprint.iacr.org/
  4. 4.
    Bernstein, D.J., Lange, T.: Explicit-formulas database (2007), http://www.hyperelliptic.org/EFD
  5. 5.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., Lange, T.: Inverted Edwards coordinates. In: Boztaş, S., Lu, H.-F. (eds.) AAECC 2007. LNCS, vol. 4851, pp. 20–27. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Billet, O., Joye, M.: The Jacobi model of an elliptic curve and side-channel analysis. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 34–42. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Brier, E., Joye, M.: Fast point multiplication on elliptic curves through isogenies. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 43–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Cohen, H., Frey, G. (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)Google Scholar
  11. 11.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Doche, C., Icart, T., Kohel, D.R.: Efficient scalar multiplication by isogeny decompositions. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 191–206. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Edwards, H.M.: A normal form for elliptic curves. Bulletin of the AMS 44(3), 393–422 (2007)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Eisenträger, K., Lauter, K., Montgomery, P.L.: Fast elliptic curve arithmetic and improved Weil pairing evaluation. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 343–354. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P.: Parallel scalar multiplication on general elliptic curves over \(\mathbb{F}_p\) hedged against non-differential side-channel attacks. Cryptology ePrint Archive, Report 2002/007 (2002), http://eprint.iacr.org/
  16. 16.
    Gaudry, P., Lubicz, D.: The arithmetic of characteristic 2 Kummer surfaces. Cryptology ePrint Archive, Report 2008/133 (2008), http://eprint.iacr.org/
  17. 17.
    Hisil, H., Wong, K., Carter, G., Dawson, E.: Faster group operations on elliptic curves. Cryptology ePrint Archive, Report 2007/441 (2007), http://eprint.iacr.org/
  18. 18.
    Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 280–296. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Izu, T., Takagi, T.: Exceptional procedure attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 224–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Joye, M., Quisquater, J.J.: Hessian elliptic curves and side-channel attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Joye, M., Yen, S.M.: The Montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Liardet, P.Y., Smart, N.P.: Preventing SPA/DPA in ECC systems using the Jacobi form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    de Rooij, P.: Efficient exponentiation using precomputation and vector addition chains. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 389–399. Springer, Heidelberg (1995)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Huseyin Hisil
    • 1
  • Kenneth Koon-Ho Wong
    • 1
  • Gary Carter
    • 1
  • Ed Dawson
    • 1
  1. 1.Information Security InstituteQueensland University of TechnologyAustralia

Personalised recommendations