Extending Scalar Multiplication Using Double Bases

  • Roberto Avanzi
  • Vassil Dimitrov
  • Christophe Doche
  • Francesco Sica
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)


It has been recently acknowledged [4,6,9] that the use of double bases representations of scalars n, that is an expression of the form n = ∑ e, s, t (–1) e A s B t can speed up significantly scalar multiplication on those elliptic curves where multiplication by one base (say B) is fast. This is the case in particular of Koblitz curves and supersingular curves, where scalar multiplication can now be achieved in o(logn) curve additions.

Previous literature dealt basically with supersingular curves (in characteristic 3, although the methods can be easily extended to arbitrary characteristic), where A,B ∈ℕ. Only [4] attempted to provide a similar method for Koblitz curves, where at least one base must be non-real, although their method does not seem practical for cryptographic sizes (it is only asymptotic), since the constants involved are too large.

We provide here a unifying theory by proposing an alternate recoding algorithm which works in all cases with optimal constants. Furthermore, it can also solve the until now untreatable case where both A and B are non-real. The resulting scalar multiplication method is then compared to standard methods for Koblitz curves. It runs in less than logn/loglogn elliptic curve additions, and is faster than any given method with similar storage requirements already on the curve K-163, with larger improvements as the size of the curve increases, surpassing 50% with respect to the τ-NAF for the curves K-409 and K-571. With respect of windowed methods, that can approach our speed but require O(log(n)/loglog(n)) precomputations for optimal parameters, we offer the advantage of a fixed, small memory footprint, as we need storage for at most two additional points.


Elliptic Curve Elliptic Curf Scalar Multiplication Polynomial Basis Curve Addition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Avanzi, R.M., Ciet, M., Sica, F.: Faster Scalar Multiplication on Koblitz Curves Combining Point Halving with the Frobenius Endomorphism. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 28–40. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Avanzi, R.M., Heuberger, C., Prodinger, H.: On Redundant τ-Adic Expansions and Non-adjacent Digit Sets. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 285–301. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Avanzi, R.M., Heuberger, C., Prodinger, H.: Minimality of the Hamming Weight of the τ-NAF for Koblitz Curves and Improved Combination with Point Halving. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 332–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Avanzi, R.M., Sica, F.: Scalar Multiplication on Koblitz Curves Using Double Bases. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 131–146. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Ciet, M., Sica, F.: An Analysis of Double Base Number Systems and a Sublinear Scalar Multiplication Algorithm. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 171–182. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Coron, J.-S., M’Raïhi, D., Tymen, C.: Fast Generation of Pairs (k,[k]P) for Koblitz Elliptic Curves. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 151–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Dimitrov, V.S., Imbert, L., Mishra, P.K.: Efficient and secure elliptic curve point multiplication using double-base chains. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 59–78. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Dimitrov, V.S., Imbert, L., Mishra, P.K.: Fast elliptic curve point multiplication using double-base chains. Cryptology ePrint Archive, Report 2005/069 (2005), Available from:
  10. 10.
    Dimitrov, V.S., Järvinen, K.U., Jacobson Jr., M.J., Chan, W.F., Huang, Z.: FPGA Implementation of Point Multiplication on Koblitz Curves Using Kleinian Integers. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 445–459. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Dimitrov, V.S., Jullien, G.A., Miller, W.C.: An algorithm for modular exponentiation. Information Processing Letters 66(3), 155–159 (1998)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Doche, C., Lange, T.: Arithmetic of Elliptic Curves. In: Cohen, H., Frey, G. (eds.) Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Inc., Boca Raton (2005)Google Scholar
  13. 13.
    Doche, C., Lange, T.: Arithmetic of Special Curves. In: Cohen, H., Frey, G. (eds.) Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Inc., Boca Raton (2005)Google Scholar
  14. 14.
    Fong, K., Hankerson, D., López, J., Menezes, A.J.: Field Inversion and Point Halving Revisited. IEEE Trans. Comp. 53(8), 1047–1059 (2004)CrossRefGoogle Scholar
  15. 15.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Knudsen, E.W.: Elliptic Scalar Multiplication Using Point Halving. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 135–149. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  18. 18.
    Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)MATHGoogle Scholar
  19. 19.
    Okeya, K., Takagi, T., Vuillaume, C.: Short Memory Scalar Multiplication on Koblitz Curves. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 91–105. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Park, D.J., Sim, S.G., Lee, P.J.: Fast Scalar Multiplication Method Using Change-of-Basis Matrix to Prevent Power Analysis Attacks on Koblitz Curves. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 474–488. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Reitwiesner, G.W.: Binary arithmetic. Advances in Computers 1, 231–308 (1960)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Schroeppel, R.: Elliptic curve point ambiguity resolution apparatus and method, International Application Number PCT/US00/31014, filed (November 9, 2000)Google Scholar
  23. 23.
    Schroeppel, R.: Elliptic curves: Twice as fast!. In: Presentation at the Crypto 2000 Rump Session (2000)Google Scholar
  24. 24.
    Solinas, J.A.: An improved algorithm for arithmetic on a family of elliptic curves. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 357–371. Springer, Heidelberg (1997)Google Scholar
  25. 25.
    Solinas, J.A.: Efficient arithmetic on Koblitz curves. Designs, Codes and Cryptography 19, 195–249 (2000)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Roberto Avanzi
    • 1
  • Vassil Dimitrov
    • 2
  • Christophe Doche
    • 3
  • Francesco Sica
    • 4
  1. 1.Faculty of Mathematics and Horst Görtz Institute for IT SecurityRuhr-University BochumGermany
  2. 2.Advanced Technology Information Processing Systems laboratory, Centre for Informations Security and CryptographyUniversity of CalgaryCanada
  3. 3.Department of ComputingMacquarie UniversityNorth RydeAustralia
  4. 4.Department of Mathematics and Computer Science – AcecryptMount Allison UniversitySackvilleCanada

Personalised recommendations