Random Euclidean Addition Chain Generation and Its Application to Point Multiplication

  • Fabien Herbaut
  • Pierre-Yvan Liardet
  • Nicolas Méloni
  • Yannick Téglia
  • Pascal Véron
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6498)


Efficiency and security are the two main objectives of every elliptic curve scalar multiplication implementations. Many schemes have been proposed in order to speed up or secure its computation, usually thanks to efficient scalar representation [30,10,24], faster point operation formulae [8,25,13] or new curve shapes [2]. As an alternative to those general methods, authors have suggested to use scalar belonging to some subset with good computational properties [15,14,36,41,42], leading to faster but usually cryptographically weaker systems. In this paper, we use a similar approach. We propose to modify the key generation process using a small Euclidean addition chain c instead of a scalar k. This allows us to use a previous scheme, secure against side channel attacks, but whose efficiency relies on the computation of small chains computing the scalar. We propose two different ways to generate short Euclidean addition chains and give a first theoretical analysis of the size and distribution of the obtained keys. We also propose a new scheme in the context of fixed base point scalar multiplication.


point multiplication exponentiation addition chain SPA elliptic curves 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bernstein, D.J., Lange, T.: Explicit-formulas database,
  2. 2.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: On the security of 1024-bit rsa and 160-bit elliptic curve cryptography. Technical report, EPFL IC LACAL and Alcatel-Lucent Bell Laboratories and Microsoft Research (2009)Google Scholar
  4. 4.
    Boyko, V., Peinado, M., Venkatesan, R.: Speeding up discrete log and factoring based schemes via precomputations (1998)Google Scholar
  5. 5.
    Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Certicom Research. Sec 2: Recommended elliptic curve domain parameters standards for efficient cryptography. Technical report, Certicom (2000)Google Scholar
  7. 7.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Cryptography, Discrete Mathematics and its Applications, vol. 34. Chapman & Hall/CRC (2005)Google Scholar
  8. 8.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    de Rooij, P.: On Schnorr’s preprocessing for digital signature schemes. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 435–439. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  10. 10.
    Dimitrov, V., Imbert, L., Mishra, P.K.: Efficient and secure elliptic curve point multiplication using double-base chains. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 59–78. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Graham, R.L., Knuth, D.E., Patashnik, O.: Concrete Mathematics: A Foundation for Computer Science. Addison-Wesley, Reading (1989)zbMATHGoogle Scholar
  12. 12.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  13. 13.
    Hisil, H., Koon-Ho Wong, K., Carter, G., Dawson, E.: Twisted Edwards curves revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Hoffstein, J., Silverman, J.H.: Random small hamming weight products with applications to cryptography. Discrete Appl. Math. 130(1), 37–49 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    M’Raïhi, D., Coron, J.-S., Tymen, C.: Fast generation of pairs (k, [k]p) for koblitz elliptic curves. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 151–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Joye, M., Quisquater, J.-J.: Hessian elliptic curves and side-channel attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit rsa modulus. Technical report, EPFL IC LACAL and NTT and University of Bonn and INRIA CNRS LORIA and Microsoft Research and CWI (2010)Google Scholar
  18. 18.
    Knuth, D., Yao, A.: Analysis of the subtractive algorithm for greater common divisors. Proc. Nat. Acad. Sci. USA 72(12), 4720–4722 (1975)CrossRefzbMATHGoogle Scholar
  19. 19.
    Knuth, D.E.: The Art of Computer Programming: Fundamental Algorithms, 3rd edn, vol. 2. Addison Wesley, Reading (July 1997)zbMATHGoogle Scholar
  20. 20.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  21. 21.
    Koc, C.K., Acar, T.: Analyzing and comparing montgomery multiplication algorithms. IEEE Micro 16, 26–33 (1996)CrossRefGoogle Scholar
  22. 22.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  23. 23.
    Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC systems using the Jacobi form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Longa, P., Gebotys, C.: Setting speed records with the (fractional) multibase non-adjacent form method for efficient elliptic curve scalar multiplication. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography – PKC 2009. LNCS, vol. 5443, pp. 443–462. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Longa, P., Miri, A.: New composite operations and precomputation scheme for elliptic curve cryptosystems over prime fields. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 229–247. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Meloni, N.: Arithmétique pour la Cryptographie basée sur les Courbes Elliptiques. PhD thesis, Université de Montpellier, France (2007)Google Scholar
  27. 27.
    Meloni, N.: New point addition formulae for ECC applications. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 189–201. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Mironov, I., Mityagin, A., Nissim, K.: Hard instances of the constrained discrete logarithm problem. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 582–598. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 324–334. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Möller, B.: Improved techniques for fast exponentiation. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 298–312. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. 31.
    Montgomery, P.: Speeding the pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Montgomery, P.L.: Evaluating recurrences of form X m + n = f(X m,X n,X m − n) via Lucas chains (1992),
  33. 33.
    Mui, J.A., Stinson, D.R.: On the low hamming weight discrete logarithm problem for nonadjacent representations. Applicable Algebra in Engineering, Communication and Computing 16, 461–472 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Nguyên, P.Q., Stern, J.: The hardness of the hidden subset sum problem and its cryptographic implications. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 31–46. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  35. 35.
    Reznick, B.: Regularity properties of the stern enumeration of the rationals. Journal of Integer Sequences 11 (2008)Google Scholar
  36. 36.
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4, 161–174 (1991)CrossRefzbMATHGoogle Scholar
  37. 37.
    Stern, M.A.: über eine zahlentheoretische funktion. Journal für die reine und angewandte Mathematik 55, 193–220 (1858)CrossRefGoogle Scholar
  38. 38.
    Stinson, D.R.: Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem. Mathematics of Computation 71, 379–391 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Theriault, N.: Spa resistant left-to-right integer recodings. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 345–358. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  40. 40.
    U.S. Department of Commerce and National Intitute of Standards and Technology. Digital signature standard (DSS). Technical report (2009)Google Scholar
  41. 41.
    Yacobi, Y.: Exponentiating faster with addition chains. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 222–229. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  42. 42.
    Yacobi, Y.: Fast exponentiation using data compression. SIAM J. Comput. 28(2), 700–703 (1999)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Fabien Herbaut
    • 1
    • 2
  • Pierre-Yvan Liardet
    • 3
  • Nicolas Méloni
    • 1
  • Yannick Téglia
    • 3
  • Pascal Véron
    • 1
  1. 1.IMATHUniversité du Sud Toulon-VarFrance
  2. 2.IUFM de NiceUniversité de NiceFrance
  3. 3.ST Microelectronics, RoussetFrance

Personalised recommendations