Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve

  • Katsuyuki Okeya
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2162)

Abstract

We present a scalar multiplication algorithm with recovery of the y-coordinate on a Montgomery form elliptic curve over any non-binary field.

The previous algorithms for scalar multiplication on a Montgomery form do not consider how to recover the y-coordinate. So although they can be applicable to certain restricted schemes (e.g. ECDH and ECDSA-S), some schemes (e.g. ECDSA-V and MQV) require scalar multiplication with recovery of the y-coordinate.

We compare our proposed scalar multiplication algorithm with the traditional scalar multiplication algorithms (including Window-methods in Weierstrass form), and discuss the Montgomery form versus the Weierstrass form in the performance of implementations with several techniques of elliptic curve cryptosystems (including ECES, ECDSA, and ECMQV). Our results clarify the advantage of the cryptographic usage of Montgomery-form elliptic curves in constrained environments such as mobile devices and smart cards.

Keywords

Elliptic Curve Cryptosystem Montgomery form Fast Scalar Multiplication y-coordinate recovery 

References

  1. [AMV93]
    Agnew, G. B., Mullin, R.C., Vanstone, S.A., An Implementation of Elliptic Curve Crypto systems Over F 2 155, IEEE Journal on Selected Areas in Communications, vol. 11, No. 5, (1993), 804–813.CrossRefGoogle Scholar
  2. [ANSI]
    ANSI X9.62, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm(ECDSA), 1999.Google Scholar
  3. [BP98]
    Bailey, D.V., Paar, C., Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms, Advances in Cryptology-CRYPTO’98, LNCS1462, (1998), 472–485.Google Scholar
  4. [BSS99]
    Blake, I.F., Seroussi, G., Smart, N.P., Elliptic Curves in Cryptography, Cambridge University Press, (1999).Google Scholar
  5. [CMO98]
    Cohen, H., Miyaji, A., Ono, T., Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Advances in Cryptology-ASIACRYPT’ 98, LNCS1514, (1998), 51–65.Google Scholar
  6. [Coh93]
    Cohen, H., A course in computational algebraic number theory, GTM138, Springer-Verlag, New York, (1993).Google Scholar
  7. [ElG85]
    ElGamal, T., A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, 31 (1985), 469–472.MathSciNetMATHCrossRefGoogle Scholar
  8. [Enge99]
    Enge, A., Elliptic Curves and their applications to Cryptography, Kluwer Academic publishers, (1999).Google Scholar
  9. [HHM00]
    Hankerson, D., Hernandez, J.L., Menezes, A., Software Implementation of Elliptic Curve Cryptography Over Binary Fields, Pre-Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES2000), (2000), 1–24.Google Scholar
  10. [IEEEp1363]
    IEEE P1363 Standard Specifications for Public-Key Cryptography (1999), Available at http://grouper.ieee.org/groups/1363/
  11. [Kur98]
    Kurumatani, H. A Japanese patent announcement P2000-187438A (In Japanese) Submitted in 22nd of Dec. (1998), available from http://www.jpo-miti.go.jp/home.htm
  12. [Kob87]
    Koblitz, N., Elliptic curve crypto systems, Math. Comp. 48, (1987), 203–209.MathSciNetMATHCrossRefGoogle Scholar
  13. [Koc]
    Kocher, C., Cryptanalysis of Diffie-Hellman,RSA,DSS, and Other Systems Using Timing Attacks, Available at http://www.cryptography.com/
  14. [Koc96]
    Kocher, C., Timing Attacks on Implementations of Diffie-Hellman, RSA,DSS, and Other Systems, Advances in Cryptology-CRYPTO’ 96, LNCS1109, (1996), 104–113.Google Scholar
  15. [LD99]
    López, J., Dahab, R., Fast Multiplication on Elliptic Curves over GF(2 n) without Precomputation, Cryptographic Hardware and Embedded Systems (CHES’99), LNCS1717, (1999), 316–327.CrossRefGoogle Scholar
  16. [LH00]
    Lim, C.H. and Hwang, H.S., Fast implementation of Elliptic Curve Arithmetic in GF(p m), Proc. PKC’00 LNCS1751, (2000), 405–421.Google Scholar
  17. [LL94]
    Lim, C. and Lee, P., More flexible exponentiation with precomputation, Advances in Cryptology-CRYPTO’ 94, LNCS839, (1994), 95–107.Google Scholar
  18. [LV00]
    Lenstra, A.K. and Verheul, E.R, Selecting Cryptographic Key Sizes, Proc. PKC’00 LNCS1751, (2000), 446–465.Google Scholar
  19. [Mil86]
    Miller, V.S., Use of elliptic curves in cryptography, Advances in Cryptology-CRYPTO’ 85, LNCS218, (1986), 417–426.Google Scholar
  20. [Mon87]
    Montgomery, P.L., Speeding the Pollard and Elliptic Curve Methods of Factorizations, Math. Comp. 48, (1987), 243–264MathSciNetMATHCrossRefGoogle Scholar
  21. [OKS00]
    Okeya, K., Kurumatani, H., Sakurai, K., Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications, Public Key Cryptography (PKC2000), LNCS1751, (2000), 238–257.CrossRefGoogle Scholar
  22. [OS00]
    Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190.Google Scholar
  23. [OSK99]
    Ohgishi, K., Sakai, R., Kasahara, M., Elliptic Curve Signature Scheme with No y Coordinate, Proc. SCIS’99,W4-1.3 (1999), 285–287.Google Scholar
  24. [SEC-1]
    Standards for Efficient Cryptography, Elliptic Curve Cryptography Ver.1.0, (2000), Available at http://www.secg.org/secgdocs.htm
  25. [Van97]
    Vanstone, S.A., Accelerated finite field operations on an elliptic curve, GB patent, Application number GB9713138.7 (Date Lodged, 20.06. 1997).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Katsuyuki Okeya
    • 1
  • Kouichi Sakurai
    • 2
  1. 1.Software DivisionHitachi, Ltd.YokohamaJapan
  2. 2.Department of Computer Science and Communication EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations