Optimal extension fields for fast arithmetic in public-key algorithms

  • Daniel V. Bailey
  • Christof Paar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)


This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of public-key cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported optimizations focus on finite fields of the form GF(p) and GF(2 m ), an OEF is the class of fields GF(p m ), for p a prime of special form and m a positive integer. Modern RISC workstation processors are optimized to perform integer arithmetic on integers of size up to the word size of the processor. Our construction employs well-known techniques for fast finite field arithmetic which fully exploit the fast integer arithmetic found on these processors. In this paper, we describe our methods to perform the arithmetic in an OEF and the methods to construct OEFs. We provide a list of OEFs tailored for processors with 8, 16, 32, and 64 bit word sizes. We report on our application of this approach to construction of elliptic curve cryptosystems and demonstrate a substantial performance improvement over all previous reported software implementations of Galois field arithmetic for elliptic curves.


finite fields fast arithmetic pseudo-Mersenne primes Optimal Extension Fields OEF binomials modular reduction hyperelliptic curves elliptic curves cryptographic implementation 


  1. 1.
    Daniel V. Bailey. Optimal extension fields. Major Qualifying Project (Senior Thesis), 1998. Computer Science Department, Worcester Polytechnic Institute, Worcester, MA, USA.Google Scholar
  2. 2.
    Richard E. Crandall. Method and apparatus for public key exchange in a cryptographic system. US Patent 5463690, 1995.Google Scholar
  3. 3.
    Jorge Guajardo and Christof Paar. Efficient algorithms for elliptic curve cryptosystems. In Advances in Cryptology — Crypto '97, pages 342–356. Springer Lecture Notes in Computer Science, August 1997.Google Scholar
  4. 4.
    G. Harper, A. Menezes, and S. Vanstone. Public-key cryptosystems with very small key lengths. In Advances in Cryptology — EUROCRYPT '92, pages 163–173, May 1992.Google Scholar
  5. 5.
    D. Jungnickel. Finite Fields. B.I.-Wissenschaftsverlag, Mannheim, Leipzig, Wien, Zürich, 1993.Google Scholar
  6. 6.
    D.E. Knuth. The Art of Computer Programming. Volume 2: Seminumerical Algorithms. Addison-Wesley, Reading, Massachusetts, 2nd edition, 1981.Google Scholar
  7. 7.
    N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48:203–209, 1987.zbMATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    N. Koblitz. Hyperelliptic cryptosystems. Journal of Cryptology, l(3):129–150,1989.MathSciNetGoogle Scholar
  9. 9.
    J. Koeller, A. Menezes, M. Qu, and S. Vanstone. Elliptic Curve Systems. Draft 8, IEEE P1363 Standard for RSA, Diffie-Hellman and Related Public-Key Cryptography, May 1996. working document.Google Scholar
  10. 10.
    Kenji Koyama and Yukio Tsuruoka. Speeding up elliptic cryptosystems by using a signed binary window method. In Crypto '92. Springer Lecture Notes in Computer Science, 1992.Google Scholar
  11. 11.
    R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.Google Scholar
  12. 12.
    A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  13. 13.
    V. Miller. Uses of elliptic curves in cryptography. In Lecture Notes in Computer Science 218: Advances in Cryptology — CRYPTO '85, pages 417–426. Springer-Verlag, Berlin, 1986.Google Scholar
  14. 14.
    Atsuko Miyaji and Makoto Tatebayashi. Method for generating and verifying electronic signatures and privacy communication using elliptic curves. US Patent 5442707, 1995.Google Scholar
  15. 15.
    S. Paulus. Ein Algorithmus zur Berechnung der Klassengruppe quadratischer Ordnungen über Hauptidealringen. PhD thesis, Institute for Experimental Mathematics, University of Essen, Essen, Germany, June 1996.Google Scholar
  16. 16.
    R. Schroeppel, H. Orman, S. O'Malley, and O. Spatscheck. Fast key exchange with elliptic curve systems. Advances in Cryptology — CRYPTO '95, pages 43–56, 1995.Google Scholar
  17. 17.
    E. De Win, A. Bosselaers, S. Vandenberghe, P. De Gersem, and J. Vandewalle. A fast software implementation for arithmetic operations in GF(2n). In Asiacrypt '96. Springer Lecture Notes in Computer Science, 1996.Google Scholar
  18. 18.
    ANSI X9.62-199x. The Elliptic Curve Digital Signature Algorithm. Draft, January 1998. working document.Google Scholar
  19. 19.
    ANSI X9.63-199x. Elliptic Curve Key Agreement and Key Transport Protocols. Draft, January 1998. working document.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Daniel V. Bailey
    • 1
  • Christof Paar
    • 2
  1. 1.Computer Science DepartmentWorcester Polytechnic InstituteWorcesterUSA
  2. 2.ECE DepartmentWorcester Polytechnic InstituteWorcesterUSA

Personalised recommendations