Efficient Software Implementation of Laddering Algorithms Over Binary Elliptic Curves

  • Diego F. AranhaEmail author
  • Reza Azarderakhsh
  • Koray Karabina
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10662)


Designing efficient and secure implementations of Elliptic Curve Cryptography (ECC) has attracted enormous interest from both theoreticians and practitioners. The main contenders in terms of performance are curves defined over binary extension fields or large prime characteristic fields. In addition to the efficiency requirements, security advantages such as implementation simplicity and resistance to side-channel attacks are receiving increasing attention in research and commercial applications. In this paper, we keep pushing in this direction and study efficient implementation of regular scalar multiplication algorithms for binary curves equipped with efficient endomorphisms. Our focus is on implementing the Galbraith-Lin-Scott (GLS) family of binary curves by exploring the space of different models and laddering algorithms, for their high performance, reasonable implementation simplicity, lower memory consumption and side-channel resistance. Our results demonstrate that laddering implementations can be competitive with window-based methods by obtaining a new speed record for laddering implementations of elliptic curves on high-end Intel processors.



The authors would like to thank the reviewers for their comments. This work is supported in parts by the Intel/FAPESP grant 14/50704-7 under project “Secure Execution of Cryptographic Algorithms”, and the grants NIST-60NANB16D246, NSF CNS-1661557, and ARO W911NF-17-1-0311.


  1. 1.
    Azarderakhsh, R., Karabina, K.: A new double point multiplication algorithm and its application to binary elliptic curves with endomorphisms. IEEE Trans. Comput. 63(10), 2614–2619 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bernstein, D.J.: Differential addition chains, Preprint (2006)Google Scholar
  3. 3.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed high-security signatures. J. Cryptograph. Eng. 2(2), 77–89 (2012)CrossRefzbMATHGoogle Scholar
  4. 4.
    Bernstein, D.J., Lange, T.: Montgomery curves and the Montgomery ladder. In: Bos, J.W., Lenstra, A.K. (eds.) Topics In Computational Number Theory Inspired by Peter L. Montgomery. Cambridge University Press (2017, to appear).
  5. 5.
    Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary edwards curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  6. 6.
    Costello, C., Hisil, H., Smith, B.: Faster compact Diffie–Hellman: endomorphisms on the x-line. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 183–200. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  7. 7.
    Costello, C., Longa, P.: Four\(\mathbb{Q}\): four-dimensional decompositions on a \(\mathbb{Q}\)-curve over the mersenne prime. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 214–235. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  8. 8.
    Devigne, J., Joye, M.: Binary huff curves. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 340–355. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  9. 9.
    Rezaeian Farashahi, R., Hosseini, S.G.: Differential addition on binary elliptic curves. In: Duquesne, S., Petkova-Nikova, S. (eds.) WAIFI 2016. LNCS, vol. 10064, pp. 21–35. Springer, Cham (2016). CrossRefGoogle Scholar
  10. 10.
    Galbraith, S.D., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Crypt. 78(1), 51–72 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. J. Cryptol. 24(3), 446–469 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Hankerson, D., Karabina, K., Menezes, A.: Analyzing the Galbraith-Lin-scott point multiplication method for elliptic curves over binary fields. IEEE Trans. Comput. 58(10), 1411–1420 (2009). MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Institute of Electrical and Electronics Engineers: Traditional public-key cryptography (IEEE Std 1363–2000 and 1363a–2004) (2004).
  14. 14.
    Kohel, D.: Twisted \({\mu }_4\)-normal form for elliptic curves. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 659–678. Springer, Cham (2017). CrossRefGoogle Scholar
  15. 15.
    López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputation. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 316–327. Springer, Heidelberg (1999). CrossRefGoogle Scholar
  16. 16.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    National Institute of Standards and Technology: Recommended Elliptic Curves for Federal Government Use. NIST Special Publication (1999).
  18. 18.
    Oliveira, T., Aranha, D.F., López, J., Rodríguez-Henríquez, F.: Fast point multiplication algorithms for binary elliptic curves with and without precomputation. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 324–344. Springer, Cham (2014). CrossRefGoogle Scholar
  19. 19.
    Oliveira, T., Aranha, D.F., Hernandez, J.L., Rodríguez-Henríquez, F.: Improving the performance of the GLS254 curve. In: CHES Rump Session (2016)Google Scholar
  20. 20.
    Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Lambda coordinates for binary elliptic curves. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 311–330. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  21. 21.
    Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptograph. Eng. 4(1), 3–17 (2014)CrossRefGoogle Scholar
  22. 22.
    Oliveira, T., López, J., Rodríguez-Henríquez, F.: Software implementation of Koblitz curves over quadratic fields. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 259–279. Springer, Heidelberg (2016). Google Scholar
  23. 23.
    Oliveira, T., López, J., Rodríguez-Henríquez, F.: The Montgomery ladder on binary elliptic curves. J. Cryptograph. Eng. (2017, to appear).
  24. 24.
    Stam, M.: On montgomery-like representations for elliptic curves over GF(2k). In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 240–254. Springer, Heidelberg (2003). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Diego F. Aranha
    • 1
    Email author
  • Reza Azarderakhsh
    • 2
  • Koray Karabina
    • 2
  1. 1.University of CampinasCampinasBrazil
  2. 2.Florida Atlantic UniversityBoca RatonUSA

Personalised recommendations