Abstract
On an elliptic curve, the degree of an isogeny corresponds essentially to the degrees of the polynomial expressions involved in its application. The multiplication–by–ℓ map [ℓ] has degree ℓ2, therefore the complexity to directly evaluate [ℓ](p) is O(ℓ2). For a small prime ℓ (= 2, 3) such that the additive binary representation provides no better performance, this represents the true cost of application of scalar multiplication. If an elliptic curve admits an isogeny ϕ of degree ℓ then the costs of computing ϕ(P) should in contrast be O(ℓ) field operations. Since we then have a product expression [ℓ]=\(\hat{\varphi}\varphi\), the existence of an ℓ-isogeny ϕ on an elliptic curve yields a theoretical improvement from O(ℓ2) to O(ℓ) field operations for the evaluation of [ℓ](p) by naïve application of the defining polynomials. In this work we investigate actual improvements for small ℓ of this asymptotic complexity. For this purpose, we describe the general construction of families of curves with a suitable decomposition [ℓ]=\(\hat{\varphi}\varphi\), and provide explicit examples of such a family of curves with simple decomposition for [3]. Finally we derive a new tripling algorithm to find complexity improvements to triplication on a curve in certain projective coordinate systems, then combine this new operation to non-adjacent forms for ℓ-adic expansions in order to obtain an improved strategy for scalar multiplication on elliptic curves.
Chapter PDF
Similar content being viewed by others
Keywords
References
[ACD+05] Avanzi, R.M., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Inc., Boca Raton (2005)
[Ber01] Bernstein, D.J.: A software implementation of NIST P-224, slides of a talk given at ECC 2001 (2001)
Brier, É., Joye, M.: Fast point multiplication on elliptic curves through isogenies. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 43–50. Springer, Heidelberg (2003)
[CJLM05] Ciet, M., Joye, M., Lauter, K., Montgomery, P.L.: Trading inversions for multiplications in elliptic curve cryptography. Des. Codes Cryptogr. (to appear, 2005); Also available from Cryptology ePrint Archive
[CLSQ03] Ciet, M., Lange, T., Sica, F., Quisquater, J.-J.: Improved algorithms for efficient arithmetic on elliptic curves using fast endomorphisms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 388–400. Springer, Heidelberg (2003)
[CMO97] Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 282–290. Springer, Heidelberg (1997)
[CMO98] Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)
[CS05] Ciet, M., Sica, F.: An Analysis of Double Base Number Systems and a sublinear scalar multiplication algorithm. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 171–182. Springer, Heidelberg (2005)
[DIM05] Dimitrov, V.S., Imbert, L., Mishra, P.K.: Efficient and secure elliptic curve point multiplication using double-base chains. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 59–78. Springer, Heidelberg (2005)
[DJM99] Dimitrov, V.S., Jullien, G.A., Miller, W.C.: Theory and applications of the double-base number system. IEEE Trans. on Computers 48(10), 1098–1106 (1999)
[GLV01] Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001)
[HMV03] Hankerson, D., Menezes, A.J., Vanstone, S.A.: Guide to elliptic curve cryptography. Springer, Heidelberg (2003)
[HT05] Han, D.-G., Takagi, T.: Some analysis of radix-r representations (preprint, 2005), http://eprint.iacr.org/2005/402/
[JMV05] Jao, D., Miller, S.D., Venkatesan, R.: Do all elliptic curves of the same order have the same difficulty of discrete log? In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 21–40. Springer, Heidelberg (2005)
[Kob92] Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)
[Lan05] Lange, T.: Koblitz curve cryptosystems. Finite Fields Appl. 11(2), 220–229 (2005)
[LD98] López, J., Dahab, R.: Improved algorithms for elliptic curve arithmetic in GF(2n), Tech. Report IC-98-39, Relatório Técnico (October 1998)
[MO90] Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. Inform. Theory Appl. 24, 531–543 (1990)
[MV90] Menezes, A.J., Vanstone, S.A.: The implementation of elliptic curve cryptosystems. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 2–13. Springer, Heidelberg (1990)
[Sol00] Solinas, J.A.: Efficient arithmetic on Koblitz curves. Des. Codes Cryptogr. 19, 195–249 (2000)
[TYW04] Takagi, T., Yen, S.-M., Wu, B.-C.: Radix-r non-adjacent form. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 99–110. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Doche, C., Icart, T., Kohel, D.R. (2006). Efficient Scalar Multiplication by Isogeny Decompositions. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11745853_13
Download citation
DOI: https://doi.org/10.1007/11745853_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33851-2
Online ISBN: 978-3-540-33852-9
eBook Packages: Computer ScienceComputer Science (R0)