An elliptic curve implementation of the finite field digital signature algorithm

  • Neal Koblitz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)


We construct a supersingular implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that is essentially equivalent to a finite field implementation of the Digital Signature Algorithm (DSA), and then we compare the efficiency of the two systems. The elliptic curve method is about 12 times faster. In the last section we use the same ideas to give a particularly efficient nonsupersingular implementation of elliptic curve cryptography in characteristic 7.

Key words

Digital Signature Elliptic Curve Supersingular Nonadjacent Form 


  1. 1.
    R. Balasubramanian and N. Koblitz, The improbability than an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, J. Cryptology 11 (1998), 141–145.MATHMathSciNetCrossRefGoogle Scholar
  2. 2.
    I. Blake, X. H. Gao, R. C. Mullin, S. A. Vanstone, and T. Yaghoobian, Applications of Finite Fields, Kluwer Acad. Publ., 1993.Google Scholar
  3. 3.
    S. Gao and H. W. Lenstra, Jr., Optimal normal bases, Designs, Codes and Cryptography 2 (1992), 315–323.MATHMathSciNetCrossRefGoogle Scholar
  4. 4.
    K. Ireland and M. I. Rosen, A Classical Introduction to Modern Number Theory, 2nd ed., Springer-Verlag, 1990.Google Scholar
  5. 5.
    N. Koblitz, Elliptic curve cryptosystems, Math. Comp. 48 (1987), 203–209.MATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    N. Koblitz, CM-curves with good cryptographic properties, Advances in Cryptology — Crypto '91, Springer-Verlag, 1992, 279–287.Google Scholar
  7. 7.
    N. Koblitz, A Course in Number Theory and Cryptography, 2nd ed., Springer-Verlag, 1994.Google Scholar
  8. 8.
    N. Koblitz, Algebraic Aspects of Cryptography, Springer-Verlag, 1998.Google Scholar
  9. 9.
    N. Koblitz, A. Menezes, and S. A. Vanstone, The state of elliptic curve cryptography, to appear in Designs, Codes and Cryptography.Google Scholar
  10. 10.
    W. Meier and O. Staffelbach, Efficient multiplication on certain non-supersingular elliptic curves, Advances in Cryptology — Crypto '92, Springer-Verlag, 1993, 333–344.Google Scholar
  11. 11.
    A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Acad. Publ., 1993.Google Scholar
  12. 12.
    A. Menezes, T. Okamoto, and S. A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Trans. Information Theory 39 (1993), 1639–1646.MATHMathSciNetCrossRefGoogle Scholar
  13. 13.
    A. Menezes and S. A. Vanstone, Elliptic curve cryptosystems and their implementation, J. Cryptology 6 (1993), 209–224.MATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    V. Miller, Uses of elliptic curves in cryptography, Advances in Cryptology — Crypto '85, Springer-Verlag, 1986, 417–426.Google Scholar
  15. 15.
    R. Mullin, I. Onyszchuk, S. A. Vanstone, and R. Wilson, Optimal normal bases in GF(p n), Discrete Applied Math. 22 (1988/89), 149–161.MathSciNetCrossRefGoogle Scholar
  16. 16.
    National Institute for Standards and Technology, Digital signature standard, FIPS Publication 186, 1993.Google Scholar
  17. 17.
    T. Satoh and K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, preprint.Google Scholar
  18. 18.
    R. Schroeppel, personal communication, Dec. 2, 1997.Google Scholar
  19. 19.
    R. Schroeppel, H. Orman, S. O'Malley, and O. Spatscheck, Fast key exchange with elliptic curve systems, Advances in Cryptology — Crypto '95, Springer-Verlag, 1995, 43–56.Google Scholar
  20. 20.
    I. A. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Math. Comp. 67 (1998), 353–356.MATHMathSciNetCrossRefGoogle Scholar
  21. 21.
    J. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag, 1986.Google Scholar
  22. 22.
    N. Smart, The discrete log problem on elliptic curves of trace 1, preprint.Google Scholar
  23. 23.
    J. Solinas, An improved algorithm for arithmetic on a family of elliptic curves, Advances in Cryptology — Crypto '97, Springer-Verlag, 1997, 357–371.Google Scholar
  24. 24.
    E. De Win, A. Bosselaers, S. Vandenberghe, P. De Gersem, and J. Vandewalle, A fast software implementation for arithmetic operations in GF(2n), Advances in Cryptology — Asiacrypt '96, Springer-Verlag, 1996, 65–76.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Neal Koblitz
    • 1
  1. 1.Dept. of MathematicsUniv. of WashingtonSeattleUSA

Personalised recommendations