Skip to main content
SpringerLink
Log in

2DT-GLS: Faster and Exception-Free Scalar Multiplication in the GLS254 Binary Curve

  • Conference paper
  • First Online:
Selected Areas in Cryptography (SAC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13742))

Included in the following conference series:

  • 41 Accesses

Abstract

We revisit and improve performance of arithmetic in the binary GLS254 curve by introducing the 2DT-GLS scalar multiplication algorithm. The algorithm includes theoretical and practice-oriented contributions of potential independent interest: (i) for the first time, a proof that the GLS scalar multiplication algorithm does not incur exceptions, such that faster incomplete formulas can be used; (ii) faster dedicated atomic formulas that alleviate the cost of precomputation; (iii) a table compression technique that reduces the storage needed for precomputed points; (iv) a refined constant-time scalar decomposition algorithm that is more robust to rounding. We also present the first GLS254 implementation for Armv8. With our contributions, we set new speed records for constant-time scalar multiplication by \(34.5\%\) and \(6\%\) on 64-bit Arm and Intel platforms, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See https://www.bearssl.org/constanttime.html.

References

  1. Aardal, M.A., Aranha, D.F.: 2DT-GLS: faster and exception-free scalar multiplication in the GLS254 binary curve. Cryptology ePrint Archive, Paper 2022/748 (2022). https://eprint.iacr.org/2022/748

  2. Ahmadi, O., Hankerson, D., Rodríguez-Henríquez, F.: Parallel formulations of scalar multiplication on Koblitz curves. J. UCS 14(3), 481–504 (2008)

    MathSciNet  Google Scholar 

  3. Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14

    Chapter  Google Scholar 

  4. Bernstein, D.J., Lange, T.: SafeCurves: choosing safe curves for elliptic-curve cryptography. https://safecurves.cr.yp.to/

  5. Bos, J.W., Costello, C., Hisil, H., Lauter, K.: High-performance scalar multiplication using 8-dimensional GLV/GLS decomposition. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 331–348. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_19

    Chapter  Google Scholar 

  6. Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Selecting elliptic curves for cryptography: an efficiency and security analysis. J. Cryptogr. Eng. 6(4), 259–286 (2016)

    Article  Google Scholar 

  7. Bos, J.W., Kleinjung, T., Niederhagen, R., Schwabe, P.: ECC2K-130 on cell CPUs. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 225–242. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9_14

    Chapter  Google Scholar 

  8. Chi, J.-J., Oliveira, T.: Attacking a binary GLS elliptic curve with Magma. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 308–326. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22174-8_17

    Chapter  Google Scholar 

  9. Ciet, M., Lange, T., Sica, F., Quisquater, J.-J.: Improved algorithms for efficient arithmetic on elliptic curves using fast endomorphisms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 388–400. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_24

    Chapter  Google Scholar 

  10. Costello, C., Longa, P.: Four\(\mathbb{Q}\): four-dimensional decompositions on a \(\mathbb{Q}\)-curve over the Mersenne prime. IACR Cryptol. ePrint Arch. 565 (2015)

    Google Scholar 

  11. Faz-Hernández, A., Longa, P., Sánchez, A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV-GLS curves (extended version). J. Cryptogr. Eng. 5(1), 31–52 (2015)

    Article  Google Scholar 

  12. Galbraith, S.D., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Cryptogr. 78(1), 51–72 (2016)

    Article  MathSciNet  Google Scholar 

  13. Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_30

    Chapter  Google Scholar 

  14. Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_11

    Chapter  Google Scholar 

  15. Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15(1), 19–46 (2002)

    Article  MathSciNet  Google Scholar 

  16. Gouvêa, C.P.L., López, J.: Implementing GCM on ARMv8. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 167–180. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_9

    Chapter  Google Scholar 

  17. Hankerson, D., Karabina, K., Menezes, A.: Analyzing the Galbraith-Lin-Scott point multiplication method for elliptic curves over binary fields. IEEE Trans. Comput. 58(10), 1411–1420 (2009)

    Article  MathSciNet  Google Scholar 

  18. Hess, F.: Generalising the GHS attack on the elliptic curve discrete logarithm problem. LMS J. Comput. Math. 7, 167–192 (2004)

    Article  MathSciNet  Google Scholar 

  19. Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(\(2^m\)) using normal bases. Inf. Comput. 78(3), 171–177 (1988)

    Article  Google Scholar 

  20. Joye, M., Tunstall, M.: Exponent recoding and regular exponentiation algorithms. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 334–349. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02384-2_21

    Chapter  Google Scholar 

  21. Kales, D., Rechberger, C., Schneider, T., Senker, M., Weinert, C.: Mobile private contact discovery at scale. In: USENIX Security Symposium, pp. 1447–1464. USENIX Association (2019)

    Google Scholar 

  22. Koblitz, A.H., Koblitz, N., Menezes, A.: Elliptic curve cryptography: the serpentine course of a paradigm shift. J. Number Theory 131(5), 781–814 (2011)

    Article  MathSciNet  Google Scholar 

  23. Lenngren, E.: AArch64 optimized implementation for X25519. https://github.com/Emill/X25519-AArch64

  24. Liu, Z., Longa, P., Pereira, G.C.C.F., Reparaz, O., Seo, H.: Four\(\mathbb{Q}\) on embedded devices with strong countermeasures against side-channel attacks. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 665–686. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_32

    Chapter  Google Scholar 

  25. Longa, P.: Four\(\mathbb{Q}\)NEON: faster elliptic curve scalar multiplications on ARM processors. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 501–519. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_27

    Chapter  Google Scholar 

  26. McLoughlin, M.B.: addchain: Cryptographic Addition Chain Generation in Go, October 2021. Repository https://github.com/mmcloughlin/addchain

  27. Oliveira, T., López-Hernández, J.C., Aranha, D.F., Rodríguez-Henríquez, F.: Improving the performance of the GLS254. Presentation at CHES 2016 Rump Session (2016)

    Google Scholar 

  28. Oliveira, T., López-Hernández, J.C., Aranha, D.F., Rodríguez-Henríquez, F.: Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptogr. Eng. 4(1), 3–17 (2014)

    Article  Google Scholar 

  29. Oliveira, T., López-Hernández, J.C., Cervantes-Vázquez, D., Rodríguez-Henríquez, F.: Koblitz curves over quadratic fields. J. Cryptol. 32(3), 867–894 (2019)

    Article  MathSciNet  Google Scholar 

  30. Renes, J., Costello, C., Batina, L.: Complete addition formulas for prime order elliptic curves. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 403–428. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_16

    Chapter  Google Scholar 

  31. Resende, A.C.D., Aranha, D.F.: Faster Unbalanced Private Set Intersection. In: Financial Cryptography. LNCS, vol. 10957, pp. 203–221. Springer (2018)

    Google Scholar 

  32. Smith, B.: Easy scalar decompositions for efficient scalar multiplication on elliptic curves and genus 2 Jacobians. CoRR abs/1310.5250 (2013)

    Google Scholar 

Download references

Acknowledgements

We thank Aurore Guillevic for discussions about preliminary results of this work, and Jonas Tambjerg Morthorst for help on the early Arm implementation. This work was partially supported by the Danish Independent Research Council under the project 1026-00350B (RENAIS).

Author information

Authors and Affiliations

  1. Department of Computer Science, Aarhus University, Aarhus, Denmark

    Marius A. Aardal & Diego F. Aranha

Authors
  1. Marius A. Aardal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Diego F. Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Diego F. Aranha .

Editor information

Editors and Affiliations

  1. Inria and École Polytechnique, Institut Polytechnique de Paris, Palaiseau, France

    Benjamin Smith

  2. Electrical and Computer Engineering, University of Windsor, Windsor, ON, Canada

    Huapeng Wu

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Aardal, M.A., Aranha, D.F. (2024). 2DT-GLS: Faster and Exception-Free Scalar Multiplication in the GLS254 Binary Curve. In: Smith, B., Wu, H. (eds) Selected Areas in Cryptography. SAC 2022. Lecture Notes in Computer Science, vol 13742. Springer, Cham. https://doi.org/10.1007/978-3-031-58411-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58411-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58410-7

  • Online ISBN: 978-3-031-58411-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation