On Modular Decomposition of Integers

  • Billy Bob Brumley
  • Kaisa Nyberg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5580)


At Crypto 2001, Gallant et al. showed how to exploit fast endomorphisms on some specific classes of elliptic curves to obtain fast scalar multiplication. The GLV method works by decomposing scalars into two small portions using multiplications, divisions, and rounding operations in the rationals. We present a new simple method based on the extended Euclidean algorithm that uses notably different operations than that of traditional decomposition. We obtain strict bounds on each component. Additionally, we examine the use of random decompositions, useful for key generation or cryptosystems requiring ephemeral keys. Specifically, we provide a complete description of the probability distribution of random decompositions and give bounds for each component in such a way that ensures a concrete level of entropy. This is the first analysis on distribution of random decompositions in GLV allowing the derivation of the entropy and thus an answer to the question first posed by Gallant in 1999.


elliptic curve cryptography GLV method integer decompositions 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bellman, R., Straus, E.G.: Problems and Solutions: Solutions of Advanced Problems: 5125. Amer. Math. Monthly 71(7), 806–808 (1964)MathSciNetCrossRefGoogle Scholar
  3. 3.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory 31(4), 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Advances in cryptology—EUROCRYPT 2009. LNCS, Springer, Heidelberg (2009) (to appear)Google Scholar
  5. 5.
    Gallant, R.: Faster elliptic curve cryptography using efficient endomorphisms. In: 3rd workshop on Elliptic Curve Cryptography—ECC 1999 (1999) (presentation slides)Google Scholar
  6. 6.
    SECG: Recommended elliptic curve domain parameters. Standards for Efficient Cryptography SEC 2 (September 20, 2000)Google Scholar
  7. 7.
    ANSI: Public key cryptography for the financial services industry: Key agreement and key transport using elliptical curve cryptography (2001) ANSI X9.63Google Scholar
  8. 8.
    Hankerson, D., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, New York (2004)zbMATHGoogle Scholar
  9. 9.
    Babai, L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Kim, D., Lim, S.: Integer decomposition for fast scalar multiplication on elliptic curves. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 13–20. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Sica, F., Ciet, M., Quisquater, J.J.: Analysis of the Gallant-Lambert-Vanstone method based on efficient endomorphisms: elliptic and hyperelliptic curves. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 21–36. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Park, Y.H., Jeong, S., Kim, C.H., Lim, J.: An alternate decomposition of an integer for faster point multiplication on certain elliptic curves. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 323–334. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Grabner, P.J., Heuberger, C., Prodinger, H.: Distribution results for low-weight binary representations for pairs of integers. Theoret. Comput. Sci. 319(1-3), 307–331 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Antipa, A., Brown, D., Gallant, R., Lambert, R., Struik, R., Vanstone, S.: Accelerated verification of ECDSA signatures. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 307–318. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Knuth, D.E.: The Art of Computer Programming, Volume II: Seminumerical Algorithms, 2nd edn. Addison-Wesley, Reading (1981)zbMATHGoogle Scholar
  16. 16.
    Järvinen, K., Forsten, J., Skyttä, J.: Efficient circuitry for computing τ-adic non-adjacent form. In: Proceedings of the 13th IEEE International Conference on Electronics, Circuits and Systems, ICECS 2006, pp. 232–235. IEEE, Los Alamitos (2006)CrossRefGoogle Scholar
  17. 17.
    Lange, T., Shparlinski, I.E.: Distribution of some sequences of points on elliptic curves. J. Math. Cryptol. 1(1), 1–11 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005)Google Scholar
  19. 19.
    IEEE: IEEE P1363 working group for public-key cryptography standards. meeting minutes (November 15, 2000),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Billy Bob Brumley
    • 1
  • Kaisa Nyberg
    • 1
    • 2
  1. 1.Department of Information and Computer ScienceHelsinki University of TechnologyTKKFinland
  2. 2.Nokia Research CenterFinland

Personalised recommendations