Advertisement

Faster Implementation of Scalar Multiplication on Koblitz Curves

  • Diego F. Aranha
  • Armando Faz-Hernández
  • Julio López
  • Francisco Rodríguez-Henríquez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7533)

Abstract

We design a state-of-the-art software implementation of field and elliptic curve arithmetic in standard Koblitz curves at the 128-bit security level. Field arithmetic is carefully crafted by using the best formulae and implementation strategies available, and the increasingly common native support to binary field arithmetic in modern desktop computing platforms. The i-th power of the Frobenius automorphism on Koblitz curves is exploited to obtain new and faster interleaved versions of the well-known τNAF scalar multiplication algorithm. The usage of the \(\tau^{\lfloor m/3 \rfloor}\) and \(\tau^{\lfloor m/4 \rfloor}\) maps are employed to create analogues of the 3-and 4-dimensional GLV decompositions and in general, the \(\lfloor m/s \rfloor\)-th power of the Frobenius automorphism is applied as an analogue of an s-dimensional GLV decomposition. The effectiveness of these techniques is illustrated by timing the scalar multiplication operation for fixed, random and multiple points. In particular, our library is able to compute a random point scalar multiplication in just below 105 clock cycles, which sets a new speed record across all curves with or without endomorphisms defined over binary or prime fields. The results of our optimized implementation suggest a trade-off between speed, compliance with the published standards and side-channel protection. Finally, we estimate the performance of curve-based cryptographic protocols instantiated using the proposed techniques and compare our results to related work.

Keywords

Efficient software implementation Koblitz elliptic curves scalar multiplication 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Koblitz, N.: CM-Curves with Good Cryptographic Properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  2. 2.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Secaucus (2003)Google Scholar
  3. 3.
    Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction. Journal of Cryptographic Engineering 1(3), 187–199 (2011)CrossRefGoogle Scholar
  4. 4.
    Longa, P., Gebotys, C.: Efficient Techniques for High-Speed Elliptic Curve Cryptography. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 80–94. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Gaudry, P., Thomé, E.: The mpFq library and implementing curve-based key exchanges. In: Software Performance Enhancement of Encryption and Decryption (SPEED 2007), pp. 49–64 (2009), http://www.hyperelliptic.org/SPEED/record.pdf
  6. 6.
    Brown, M., Hankerson, D., López, J., Menezes, A.: Software Implementation of the NIST Elliptic Curves Over Prime Fields. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 250–265. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-Speed High-Security Signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Software Implementation of Binary Elliptic Curves: Impact of the Carry-Less Multiplier on Scalar Multiplication. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 108–123. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Aranha, D.F., López, J., Hankerson, D.: Efficient Software Implementation of Binary Field Arithmetic Using Vector Instruction Sets. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 144–161. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Bos, J.W., Kleinjung, T., Niederhagen, R., Schwabe, P.: ECC2K-130 on Cell CPUs. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 225–242. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Cenk, M., Özbudak, F.: Improved Polynomial Multiplication Formulas over \(\mathbb{F}_2\) Using Chinese Remainder Theorem. IEEE Trans. Computers 58(4), 572–576 (2009)CrossRefGoogle Scholar
  13. 13.
    Intel: Intel Architecture Software Developer’s Manual Volume 2: Instruction Set Reference (2002), http://www.intel.com
  14. 14.
    Firasta, N., Buxton, M., Jinbo, P., Nasri, K., Kuo, S.: Intel AVX: New frontiers in performance improvement and energy efficiency (2008), White paper available at http://software.intel.com/
  15. 15.
    Fog, A.: Instruction tables: List of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs (2012), http://www.agner.org/optimize/instruction_tables.pdf
  16. 16.
    Montgomery, P.: Five, six, and seven-term Karatsuba-like formulae. IEEE Transactions on Computers 54(3), 362–369 (2005)zbMATHCrossRefGoogle Scholar
  17. 17.
    Gaudry, P., Brent, R., Zimmermann, P., Thomé, E.: The gf2x binary field multiplication library, https://gforge.inria.fr/projects/gf2x/
  18. 18.
    Scott, M.: Optimal Irreducible Polynomials for GF(2m) Arithmetic. Cryptology ePrint Archive, Report 2007/192 (2007), http://eprint.iacr.org/
  19. 19.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases. Inf. Comput. 78(3), 171–177 (1988)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    Guajardo, J., Paar, C.: Itoh-Tsujii inversion in standard basis and its application in cryptography and codes. Designs, Codes and Cryptography 25(2), 207–216 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Rodríguez-Henríquez, F., Morales-Luna, G., Saqib, N.A., Cruz-Cortés, N.: Parallel Itoh—Tsujii multiplicative inversion algorithm for a special class of trinomials. Des. Codes Cryptography 45(1), 19–37 (2007)zbMATHCrossRefGoogle Scholar
  22. 22.
    Solinas, J.A.: Efficient Arithmetic on Koblitz Curves. Designs, Codes and Cryptography 19(2-3), 195–249 (2000)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Gallant, R., Lambert, R., Vanstone, S.: Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Ahmadi, O., Hankerson, D., Rodríguez-Henríquez, F.: Parallel formulations of scalar multiplication on Koblitz curves. Journal of Universal Computer Science 14(3), 481–504 (2008)MathSciNetzbMATHGoogle Scholar
  25. 25.
    López, J., Dahab, R.: Improved Algorithms for Elliptic Curve Arithmetic in GF(2n). In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 201–212. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  26. 26.
    Al-Daoud, E., Mahmod, R., Rushdan, M., Kiliçman, A.: A New Addition Formula for Elliptic Curves over GF(2n). IEEE Trans. Computers 51(8), 972–975 (2002)CrossRefGoogle Scholar
  27. 27.
    Weber, D., Denny, T.: The Solution of McCurley’s Discrete Log Challenge. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 458–471. Springer, Heidelberg (1998)Google Scholar
  28. 28.
    Kim, K.H., Kim, S.I.: A new method for speeding up arithmetic on elliptic curves over binary fields. Cryptology ePrint Archive, Report 2007/181 (2007), http://eprint.iacr.org/
  29. 29.
    Birkner, P., Longa, P., Sica, F.: Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication. Cryptology ePrint Archive, Report 2011/608 (2011), http://eprint.iacr.org/, http://www.patricklonga.bravehost.com/speed_ecc.html#speed
  30. 30.
    Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (May 18, 2012), http://bench.cr.yp.to
  31. 31.
    Su, C., Fan, H.: Impact of Intel’s new instruction sets on software implementation of GF(2)[x] multiplication. Inf. Process. Lett. 112(12), 497–502 (2012)zbMATHCrossRefGoogle Scholar
  32. 32.
    Hamburg, M.: Fast and compact elliptic-curve cryptography. Cryptology ePrint Archive, Report 2012/309 (2012), http://eprint.iacr.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Diego F. Aranha
    • 1
  • Armando Faz-Hernández
    • 2
  • Julio López
    • 3
  • Francisco Rodríguez-Henríquez
    • 2
  1. 1.Departament of Computer ScienceUniversity of BrasíliaBrazil
  2. 2.Computer Science DepartmentCINVESTAV-IPNMexico
  3. 3.Institute of ComputingUniversity of CampinasBrazil

Personalised recommendations