Advertisement

Efficient Software Implementation of Laddering Algorithms Over Binary Elliptic Curves

  • Diego F. Aranha
  • Reza Azarderakhsh
  • Koray Karabina
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10662)

Abstract

Designing efficient and secure implementations of Elliptic Curve Cryptography (ECC) has attracted enormous interest from both theoreticians and practitioners. The main contenders in terms of performance are curves defined over binary extension fields or large prime characteristic fields. In addition to the efficiency requirements, security advantages such as implementation simplicity and resistance to side-channel attacks are receiving increasing attention in research and commercial applications. In this paper, we keep pushing in this direction and study efficient implementation of regular scalar multiplication algorithms for binary curves equipped with efficient endomorphisms. Our focus is on implementing the Galbraith-Lin-Scott (GLS) family of binary curves by exploring the space of different models and laddering algorithms, for their high performance, reasonable implementation simplicity, lower memory consumption and side-channel resistance. Our results demonstrate that laddering implementations can be competitive with window-based methods by obtaining a new speed record for laddering implementations of elliptic curves on high-end Intel processors.

Notes

Acknowledgements

The authors would like to thank the reviewers for their comments. This work is supported in parts by the Intel/FAPESP grant 14/50704-7 under project “Secure Execution of Cryptographic Algorithms”, and the grants NIST-60NANB16D246, NSF CNS-1661557, and ARO W911NF-17-1-0311.

References

  1. 1.
    Azarderakhsh, R., Karabina, K.: A new double point multiplication algorithm and its application to binary elliptic curves with endomorphisms. IEEE Trans. Comput. 63(10), 2614–2619 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bernstein, D.J.: Differential addition chains, Preprint (2006)Google Scholar
  3. 3.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed high-security signatures. J. Cryptograph. Eng. 2(2), 77–89 (2012)CrossRefzbMATHGoogle Scholar
  4. 4.
    Bernstein, D.J., Lange, T.: Montgomery curves and the Montgomery ladder. In: Bos, J.W., Lenstra, A.K. (eds.) Topics In Computational Number Theory Inspired by Peter L. Montgomery. Cambridge University Press (2017, to appear). https://eprint.iacr.org/2017/293
  5. 5.
    Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary edwards curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85053-3_16 CrossRefGoogle Scholar
  6. 6.
    Costello, C., Hisil, H., Smith, B.: Faster compact Diffie–Hellman: endomorphisms on the x-line. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 183–200. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_11 CrossRefGoogle Scholar
  7. 7.
    Costello, C., Longa, P.: Four\(\mathbb{Q}\): four-dimensional decompositions on a \(\mathbb{Q}\)-curve over the mersenne prime. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 214–235. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_10 CrossRefGoogle Scholar
  8. 8.
    Devigne, J., Joye, M.: Binary huff curves. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 340–355. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19074-2_22 CrossRefGoogle Scholar
  9. 9.
    Rezaeian Farashahi, R., Hosseini, S.G.: Differential addition on binary elliptic curves. In: Duquesne, S., Petkova-Nikova, S. (eds.) WAIFI 2016. LNCS, vol. 10064, pp. 21–35. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-55227-9_2 CrossRefGoogle Scholar
  10. 10.
    Galbraith, S.D., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Crypt. 78(1), 51–72 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. J. Cryptol. 24(3), 446–469 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Hankerson, D., Karabina, K., Menezes, A.: Analyzing the Galbraith-Lin-scott point multiplication method for elliptic curves over binary fields. IEEE Trans. Comput. 58(10), 1411–1420 (2009). http://dx.doi.org/10.1109/TC.2009.61 MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Institute of Electrical and Electronics Engineers: Traditional public-key cryptography (IEEE Std 1363–2000 and 1363a–2004) (2004). http://grouper.ieee.org/groups/1363/
  14. 14.
    Kohel, D.: Twisted \({\mu }_4\)-normal form for elliptic curves. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 659–678. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_23 CrossRefGoogle Scholar
  15. 15.
    López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputation. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 316–327. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48059-5_27 CrossRefGoogle Scholar
  16. 16.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    National Institute of Standards and Technology: Recommended Elliptic Curves for Federal Government Use. NIST Special Publication (1999). http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
  18. 18.
    Oliveira, T., Aranha, D.F., López, J., Rodríguez-Henríquez, F.: Fast point multiplication algorithms for binary elliptic curves with and without precomputation. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 324–344. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13051-4_20 CrossRefGoogle Scholar
  19. 19.
    Oliveira, T., Aranha, D.F., Hernandez, J.L., Rodríguez-Henríquez, F.: Improving the performance of the GLS254 curve. In: CHES Rump Session (2016)Google Scholar
  20. 20.
    Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Lambda coordinates for binary elliptic curves. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 311–330. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40349-1_18 CrossRefGoogle Scholar
  21. 21.
    Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptograph. Eng. 4(1), 3–17 (2014)CrossRefGoogle Scholar
  22. 22.
    Oliveira, T., López, J., Rodríguez-Henríquez, F.: Software implementation of Koblitz curves over quadratic fields. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 259–279. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_13 Google Scholar
  23. 23.
    Oliveira, T., López, J., Rodríguez-Henríquez, F.: The Montgomery ladder on binary elliptic curves. J. Cryptograph. Eng. (2017, to appear). https://eprint.iacr.org/2017/350
  24. 24.
    Stam, M.: On montgomery-like representations for elliptic curves over GF(2k). In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 240–254. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36288-6_18 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Diego F. Aranha
    • 1
  • Reza Azarderakhsh
    • 2
  • Koray Karabina
    • 2
  1. 1.University of CampinasCampinasBrazil
  2. 2.Florida Atlantic UniversityBoca RatonUSA

Personalised recommendations