Improved Fixed-Base Comb Method for Fast Scalar Multiplication

  • Nashwa A. F. Mohamed
  • Mohsin H. A. Hashim
  • Michael Hutter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7374)


Computing elliptic-curve scalar multiplication is the most time consuming operation in any elliptic-curve cryptosystem. In the last decades, it has been shown that pre-computations of elliptic-curve points improve the performance of scalar multiplication especially in cases where the elliptic-curve point P is fixed. In this paper, we present an improved fixed-base comb method for scalar multiplication. In contrast to existing comb methods such as proposed by Lim and Lee or Tsaur and Chou, we make use of a width-ω non-adjacent form representation and restrict the number of rows of the comb to be greater or equal ω. The proposed method shows a significant reduction in the number of required elliptic-curve point addition operation. The computational complexity is reduced by 33 to 38,% compared to Tsaur and Chou method even for devices that have limited resources. Furthermore, we propose a constant-time variation of the method to thwart simple-power analysis attacks.


Elliptic-curve cryptosystem scalar multiplication Lim-Lee method Tsaur-Chou method non-adjacent form width-ω NAF 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Booth, A.D.: A signed binary multiplication technique. Q. J. Mech. Applied Math., 236–240 (1951)Google Scholar
  2. 2.
    Bosma, W.: Signed bits and fast exponentiation. Jornal de Théorie des Nombers de Bordeaux 13, 27–41 (2001)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Brauer, A.: On addition chains. Bull. Amer. Math. Soc. 45, 736–739 (1939)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast Exponentiation with Precomputation (Extended Abstract). In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  5. 5.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of elliptic and hyperelliptic curve cryptography. Taylor and Francis Group, LLC (2006)zbMATHGoogle Scholar
  6. 6.
    Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Feng, M., Zhu, B.B., Xu, M., Li, S.: Efficient comb elliptic curve multiplication methods resistant to power analysis. IACR Cryptology ePrint Archive, 2005:222 (2005)Google Scholar
  8. 8.
    Gordan, D.M.: A survey of fast exponentiation methods. Journal of Algorithms 27, 129–146 (1998)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to elliptic curve cryptography. Springer, New York (2004)zbMATHGoogle Scholar
  10. 10.
    Hedabou, M., Pinel, P., Bénéteau, L.: A comb method to render ecc resistant against side channel attacks. Paper submitted only to the Cryptology ePrint Archive. 12754 (received, December 2, 2004)Google Scholar
  11. 11.
    Hedabou, M., Pinel, P., Bénéteau, L.: Countermeasures for Preventing Comb Method Against SCA Attacks. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 85–96. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–220 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Lim, C.H., Lee, P.J.: More Flexible Exponentiation with Precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar
  17. 17.
    Joye, M., Tunstall, M.: Exponent Recoding and Regular Exponentiation Algorithms. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 334–349. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer (2007) ISBN 978-0-387-30857-9Google Scholar
  19. 19.
    Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  20. 20.
    Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. Theor. Inform. Appli. 24, 531–543 (1989)MathSciNetGoogle Scholar
  22. 22.
    Reitwiesner, G.W.: Binary arithmetic. Advances in Computers 1, 231–308 (1960)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Sakai, Y., Sakurai, K.: Speeding up elliptic scalar multiplication using multidoubling. IEICE Transactions Fundamentals E85-A(5), 1075–1083 (2002)Google Scholar
  24. 24.
    Sakai, Y., Sakurai, K.: A New Attack with Side Channel Leakage During Exponent Recoding Computations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 298–311. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Silverman, J.H.: The arithmetic of elliptic curves, vol. 106. Springer, Berlin (1986)zbMATHGoogle Scholar
  26. 26.
    Solinas, J.A.: Effiecient arithmetic on koblitz curves. Designs, Codes and Cryptography 19, 195–249 (2000)MathSciNetzbMATHCrossRefGoogle Scholar
  27. 27.
    Thurber, E.G.: On addition chains l(mn) ≤ l(n) − b and lower bounds for c(r). Duke Mathematical Journal 40, 907–913 (1973)MathSciNetzbMATHCrossRefGoogle Scholar
  28. 28.
    Tsaur, W.-J., Chou, C.-H.: Efficient algorithm for speeding up the computations of elliptic curve cryptosystem. Applied Mathematics and Computation 168, 1045–1064 (2005)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nashwa A. F. Mohamed
    • 1
  • Mohsin H. A. Hashim
    • 1
  • Michael Hutter
    • 2
  1. 1.Faculty of Mathematical SciencesUniversity of KhartoumKhartoumSudan
  2. 2.Institute for Applied Information Processing and CommunicationsTU GrazGrazAustria

Personalised recommendations