Advertisement

Batch Binary Edwards

  • Daniel J. Bernstein
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5677)

Abstract

This paper sets new software speed records for high-security Diffie-Hellman computations, specifically 251-bit elliptic-curve variable-base-point scalar multiplication. In one second of computation on a $200 Core 2 Quad Q6600 CPU, this paper’s software performs 30000 251-bit scalar multiplications on the binary Edwards curve d(x + x2 + y + y2) = (x + x2)(y + y2) over the field \({\bf F}_2[t]/(t^{251}+t^7+t^4+t^2+1)\) where d = t57 + t54 + t44 + 1. The paper’s field-arithmetic techniques can be applied in much more generality but have a particularly efficient interaction with the completeness of addition formulas for binary Edwards curves.

Keywords

Scalar multiplication Diffie–Hellman batch throughput vectorization Karatsuba Toom elliptic curves binary Edwards curves differential addition complete addition formulas 

References

  1. 1.
    Digital signature standard (DSS). Federal Information Processing Standard 186-2. National Institute of Standards and Technology (2000), http://csrc.nist.gov/publications/fips/, Citations in this document: § 3
  2. 2.
    Standard specifications for public key cryptography. IEEE, Los Alamitos (2000); Citations in this document: §3 Google Scholar
  3. 3.
    Information theory workshop, ITW 2006, Chengdu. IEEE, Los Alamitos (2006), See [67]Google Scholar
  4. 4.
    SPEED: software performance enhancement for encryption and decryption (2007), http://www.hyperelliptic.org/SPEED, See [35]
  5. 5.
    Design, automation & test in Europe conference & exhibition, 2007. In: DATE 2007. IEEE, Los Alamitos (2007), See [57]Google Scholar
  6. 6.
    Fifth international conference on information technology: new generations (ITNG 2008), Las Vegas, Nevada, USA, April 7-8, 2008. IEEE, Los Alamitos (2008), See [37]Google Scholar
  7. 7.
    Fifth workshop on fault diagnosis and tolerance in cryptography (FDTC 2008). IEEE, Los Alamitos (2008), See [31] Google Scholar
  8. 8.
    Aoki, K., Hoshino, F., Kobayashi, T.: A cyclic window algorithm for ECC defined over extension fields. In: [58], pp. 62–73 (2001); Citations in this document: §1 Google Scholar
  9. 9.
    Aoki, K., Hoshino, F., Kobayashi, T., Oguro, H.: Elliptic curve arithmetic using SIMD. In: [27], pp. 235–247 (2001), Citations in this document: §1, §1Google Scholar
  10. 10.
    Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14, 153–176 (2001); ISSN 0933-2790, Citations in this document: §1MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Bernstein, D.J.: Fast multiplication (2000), http://cr.yp.to/talks.html#2000.08.14, Citations in this document: §2
  12. 12.
    Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: [69], pp. 207–228 (2006), http://cr.yp.to/papers.html#curve25519, Citations in this document: §1, §1, §1, §3, §3
  13. 13.
    Bernstein, D.J.: Can we avoid tests for zero in fast elliptic-curve arithmetic (2006), http://cr.yp.to/papers.html#curvezero, Citations in this document: §1
  14. 14.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: [49], pp. 29–50 (2007), http://cr.yp.to/papers.html#newelliptic, Citations in this document: §1
  15. 15.
    Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2009), http://bench.cr.yp.to (accessed June 3, 2009); Citations in this document: §1
  16. 16.
    Bernstein, D.J., Lange, T., Farashahi, R. R.: Binary Edwards curves. In: [55], pp. 244–265 (2008), http://cr.yp.to/papers.html#edwards2, Citations in this document: §1, §1, §1, §3, §3, §3, §3, §3, §3, §3, §3
  17. 17.
    Biham, E. (ed.): FSE 1997. LNCS, vol. 1267. Springer, Heidelberg (1997); ISBN 3-540-63247-6, See [18]zbMATHGoogle Scholar
  18. 18.
    Biham, E.: A fast new DES implementation in software. In: [17], pp. 260–272 (1997); Citations in this document: §1Google Scholar
  19. 19.
    Bodrato, M.: Towards optimal Toom-Cook multiplication for univariate and multivariate polynomials in characteristic 2 and 0. In: [23], pp. 116–133 (2007), http://bodrato.it/papers/#WAIFI2007, Citations in this document: §2
  20. 20.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. Journal of Symbolic Computation 24, 235–265 (1997); Citations in this document: §3 MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Boyd, C., Montague, P., Nguyen, K.: Elliptic curve based password authenticated key exchange protocols. In: [66], pp. 487–501 (2001), http://sky.fit.qut.edu.au/~boydc/papers/, Citations in this document: §3
  22. 22.
    Brent, R.P., Gaudry, P., Thomé, E., Zimmermann, P.: Faster multiplication in GF(2)[x]. In: [65], pp. 153–166, http://wwwmaths.anu.edu.au/~brent/pub/pub232.html, Citations in this document: §1, §2
  23. 23.
    Carlet, C., Sunar, B. (eds.): WAIFI 2007. LNCS, vol. 4547. Springer, Heidelberg (2007); ISBN 978-3-540-73073-6, See [19]Google Scholar
  24. 24.
    Chang, N.S., Kim, C.H., Park, Y.-H., Lim, J.: A non-redundant and efficient architecture for Karatsuba-Ofman algorithm. In: [70], pp. 288–299 (2005); Citations in this document: §2Google Scholar
  25. 25.
    Chevassut, O., Fouque, P.-A., Gaudry, P., Pointcheval, D.: The Twist-AUgmented technique for key exchange. In: [69], pp. 410–426 (2006), http://www.loria.fr/~gaudry/papers.en.html, Citations in this document: §3
  26. 26.
    Chudnovsky, D.V., Chudnovsky, G.V.: Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Advances in Applied Mathematics 7, 385–434 (1986); MR 88h:11094, Citations in this document: §3MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Davida, G.I., Frankel, Y. (eds.): ISC 2001. LNCS, vol. 2200. Springer, Heidelberg (2001); ISBN 978-3-540-42662-2, See [9]zbMATHGoogle Scholar
  28. 28.
    Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007), http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html, Citations in this document: §3MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Fan, H., Sun, J., Gu, M., Lam., K.-Y.: Overlap-free Karatsuba-Ofman polynomial multiplication algorithms for hardware implementations (October 7, 2008), http://eprint.iacr.org/2007/393, Citations in this document: §2
  30. 30.
    Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited. IEEE Transactions on Computers 53, 1047–1059 (2004), http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html, ISSN 0018–9340, Citations in this document: §1CrossRefGoogle Scholar
  31. 31.
    Fouque, P.-A., Lercier, R., Réal, D., Valette, F.: Fault attack on elliptic curve with Montgomery ladder implementation. In: [7], pp. 92–98 (2008), http://www.di.ens.fr/~fouque/index-pub.html, Citations in this document: §3
  32. 32.
    Fürer, M.: Faster integer multiplication. In: [42], pp. 57–66 (2007), http://www.cse.psu.edu/~furer/, Citations in this document: §2
  33. 33.
    Galbraith, S., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: [43], pp. 518–535 (2009), http://eprint.iacr.org/2008/194, Citations in this document: §1, §3
  34. 34.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [46], pp. 190–200 (2001), MR 2003h:14043, Citations in this document: §3Google Scholar
  35. 35.
    Gaudry, P., Thomé, E.: The mpFq library and implementing curve-based key exchanges. In: [4], pp. 49–64 (2007), http://www.loria.fr/~gaudry/papers.en.html, Citations in this document: §1, §1, §1
  36. 36.
    Güneysu, T., Paar, C.: Ultra high performance ECC over NIST primes on commercial FPGAs. In: [55], pp. 62–78 (2008); Citations in this document: §1, §1Google Scholar
  37. 37.
    Gueron, S., Kounavis, M.E.: A technique for accelerating characteristic 2 elliptic curve cryptography. In: [6], pp. 265–272 (2008); Citations in this document: §1Google Scholar
  38. 38.
    Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: [48], pp. 1–24 (2000), http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps, Citations in this document: §1, §1
  39. 39.
    Hankerson, D., Karabina, K., Menezes., A.: Analyzing the Galbraith–Lin–Scott point multiplication method for elliptic curves over binary fields (2008), http://eprint.iacr.org/2008/334, Citations in this document: §1, §3
  40. 40.
    Intel Corporation, Carry-less multiplication and its usage for computing the GCM mode (2008), http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode, Citations in this document: §1
  41. 41.
    Intel Corporation, Intel Advanced Vector Extensions programming reference (2008), http://softwarecommunity.intel.com/isn/downloads/intelavx/Intel-AVX-Programming-Reference-31943302.pdf, Citations in this document: §1
  42. 42.
    Johnson, D.S., Feige, U. (eds.): Proceedings of the 39th annual ACM symposium on theory of computing, San Diego, California, USA, June 11–13. Association for Computing Machinery, New York (2007); ISBN 978–1–59593–631–8, See [32] Google Scholar
  43. 43.
    Joux, A. (ed.): EUROCRYPT 2009. LNCS, vol. 5479. Springer, Heidelberg (2009); ISBN 978-3-642-01000-2, See [33]zbMATHGoogle Scholar
  44. 44.
    Kaliski Jr., B.S.: One-way permutations on elliptic curves. Journal of Cryptology 3, 187–199 (1991), Citations in this document: §3MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    Karatsuba, A.A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics Doklady 7, 595–596 (1963), http://cr.yp.to/bib/entries.html#1963/karatsuba, ISSN 0038–5689, Citations in this document: §2, §2Google Scholar
  46. 46.
    Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001); ISBN 3-540-42456-3. MR 2003d:94002, See [34]zbMATHGoogle Scholar
  47. 47.
    Koblitz, A.H., Koblitz, N., Menezes, A.: Elliptic curve cryptography: the serpentine course of a paradigm shift (2008), http://eprint.iacr.org/2008/390, Citations in this document: §3
  48. 48.
    Koç, Ç.K., Paar, C. (eds.): CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000); ISBN 3-540-42521-7, See [38]zbMATHGoogle Scholar
  49. 49.
    Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007); ISBN 978-3-540-76899-9, See [14]zbMATHGoogle Scholar
  50. 50.
    Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: [56], pp. 121–134 (2007), Citations in this document: §1Google Scholar
  51. 51.
    Menezes, A., Qu, M.: Analysis of the Weil descent attack of Gaudry, Hess and Smart. In: [54], pp. 308–318 (2001), Citations in this document: §3Google Scholar
  52. 52.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987), http://links.jstor.org/sici?sici=0025-571819870148:177243:STPAEC2.0.CO;2-3; ISSN 0025-5718. MR 88e:11130, Citations in this document: §1, §3, §3, §3, §3MathSciNetCrossRefzbMATHGoogle Scholar
  53. 53.
    Montgomery, P.L.: Five, six, and seven-term Karatsuba-like formulae. IEEE Transactions on Computers 54, 362–369 (2005); Citations in this document: §2CrossRefzbMATHGoogle Scholar
  54. 54.
    Naccache, D. (ed.): CT-RSA 2008. LNCS, vol. 4964. Springer, Heidelberg (2008); ISBN 3-540-41898-9. MR 2003a:94039, See [51]Google Scholar
  55. 55.
    Oswald, E., Rohatgi, P. (eds.): CHES 2008. LNCS, vol. 5154. Springer, Heidelberg (2008); ISBN 978-3-540-85052-6, See [16], [36]zbMATHGoogle Scholar
  56. 56.
    Paillier, P., Verbauwhede, I. (eds.): CHES 2007. LNCS, vol. 4727. Springer, Heidelberg (2007); ISBN 978-3-540-74734-5, See [50]zbMATHGoogle Scholar
  57. 57.
    Peter, S., Langendörfer, P.: An efficient polynomial multiplier in GF(2m) and its application to ECC designs. In: [5] (2007), http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?isnumber=4211749&arnumber=4211979&count=305&index=229, Citations in this document: §2
  58. 58.
    Qing, S., Okamoto, T., Zhou, J. (eds.): ICICS 2001. LNCS, vol. 2229. Springer, Heidelberg (2001); ISBN 3-540-42880-1, See [8]Google Scholar
  59. 59.
    Rodríguez-Henríquez, F., Koç, Ç.K.: On fully parallel Karatsuba multipliers for GF(2m). In: [60], pp. 405–410 (2003); Citations in this document: §2, §2Google Scholar
  60. 60.
    Sahni, S. (ed.): Proceedings of the international conference on computer science and technology. Acta Press (2003); See [59]Google Scholar
  61. 61.
    Schönhage, A.: Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Informatica 7, 395–398 (1977), http://cr.yp.to/bib/entries.html#1977/schoenhage, ISSN 0001–5903. MR 55:9604, Citations in this document: §2CrossRefGoogle Scholar
  62. 62.
    Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971), http://cr.yp.to/bib/entries.html#1971/schoenhage-mult, ISSN 0010–485X. MR 45:1431. Citations in this document: §2MathSciNetCrossRefzbMATHGoogle Scholar
  63. 63.
    Stein, W. (ed.): Sage Mathematics Software (Version 3.2.3) The Sage Group (2009), http://www.sagemath.org, Citations in this document: §1
  64. 64.
    Toom, A.L.: The complexity of a scheme of functional elements realizing the multiplication of integers. Soviet Mathematics Doklady 3, 714–716 (1963); ISSN 0197–6788. Citations in this document: §2zbMATHGoogle Scholar
  65. 65.
    van der Poorten, A.J., Stein, A. (eds.): ANTS-VIII 2008. LNCS, vol. 5011. Springer, Heidelberg (2008); ISBN 978-3-540-79455-4, See [22]Google Scholar
  66. 66.
    Varadharajan, V., Mu, Y. (eds.): ACISP 2001. LNCS, vol. 2119. Springer, Heidelberg (2001); ISBN 978-3-540-42300-3, See [21]zbMATHGoogle Scholar
  67. 67.
    von zur Gathen, J., Shokrollahi, J.: Fast arithmetic for polynomials over \(\mathord{\text{\bf F}}_2\) in hardware. In: [3], pp. 107–111 (2006); Citations in this document: §2, §2, §2Google Scholar
  68. 68.
    Weimerskirch, A., Paar, C.: Generalizations of the Karatsuba algorithm for efficient implementations (2006), http://eprint.iacr.org/2006/224, Citations in this document: §2
  69. 69.
    Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): PKC 2006. LNCS, vol. 3958. Springer, Heidelberg (2006); ISBN 978-3-540-33851-2, See [12], [25]zbMATHGoogle Scholar
  70. 70.
    Zhou, J., López, J., Deng, R.H., Bao, F. (eds.): ISC 2005. LNCS, vol. 3650. Springer, Heidelberg (2005); ISBN 3-540-29001-X, See [24]Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
  1. 1.Department of Computer Science (MC 152)The University of Illinois at ChicagoChicago

Personalised recommendations