Faster and Lower Memory Scalar Multiplication on Supersingular Curves in Characteristic Three

  • Roberto Avanzi
  • Clemens Heuberger
Conference paper

DOI: 10.1007/978-3-642-19379-8_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6571)
Cite this paper as:
Avanzi R., Heuberger C. (2011) Faster and Lower Memory Scalar Multiplication on Supersingular Curves in Characteristic Three. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds) Public Key Cryptography – PKC 2011. PKC 2011. Lecture Notes in Computer Science, vol 6571. Springer, Berlin, Heidelberg


We describe new algorithms for performing scalar multiplication on supersingular elliptic curves in characteristic three. These curves can be used in pairing-based cryptography. Since in pairing-based protocols besides pairing computations also scalar multiplications are required, and the performance of the latter is not negligible, improving it is clearly important as well. The techniques presented here bring noticeable speed ups (up to 30% for methods using a variable amount of memory and up to 46.7% for methods with a small, fixed memory usage), while at the same time bringing substantial memory reductions – factors like 3 to 8 are not uncommon.

The starting point for our methods is a structure theorem for unit groups of residue classes of a quadratic order associated to the Frobenius endomorphism of the considered curves. This allows us to define new digit sets whose elements are products of powers of certain generators of said groups. There are of course several choices for these generators: we chose generators associated to endomorphisms for which we could find efficient explicit formulae in a suitable coordinate system. A multiple-base-like scalar multiplication algorithm making use of these digits and these formulae brings the claimed speed up.


Supersingular elliptic curves pairing-friendly elliptic curves scalar multiplication Frobenius expansion explicit formulae 
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Roberto Avanzi
    • 1
  • Clemens Heuberger
    • 2
  1. 1.Faculty of Mathematics and Horst Görtz Institute for IT SecurityRuhr-University BochumGermany
  2. 2.Institut für Mathematik BTechnische Universität GrazAustria

Personalised recommendations