Abstract
This paper discusses representations for computation on non-supersingular elliptic curves over binary fields, where computations are performed on the x-coordinates only. We discuss existing methods and present a new one, giving rise to a faster addition routine than previous Montgomery-representations. As a result a double exponentiation routine is described that requires 8.5 field multiplications per exponent bit, but that does not allow easy y-coordinate recovery. For comparison, we also give a briefu pdate oft he survey by Hankerson et al. and conclude that, for non-constrained devices, using a Montgomeryrepresentation is slower for both single and double exponentiation than projective methods with y-coordinate.
The author is sponsored by STW project EWI.4536.
Part oft he work was done while visiting BRICS, Center of the Danish National Research Foundation, Aarhus University, Denmark.
Chapter PDF
Similar content being viewed by others
References
G. Agnew, R. Mullin, and S. Vanstone. An implementation ofellip tic curve cryptosystems over F2155. IEEE J-SAC, 11(5):804–813, 1993. 241, 245
T. Akishita. Fast simultaneous scalar multiplication on elliptic curve with Montgomery form. SAC’01, LNCS 2259, pages 255–268. 241, 249
D. Bailey and C. Paar. Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology, 14(3):153–176, 2001. 240
I. Blake, G. Seroussi, and N. Smart. Elliptic Curvesi n Cryptography. Cambridge University Press, 1999. 243
D. Bleichenbacher. Efficiency and Security of Cryptosystems based on Number Theory. PhD thesis, ETH Zürich, 1996. 248
É. Brier and M. Joye. Weierstraβ elliptic curves and side-channel attacks. PKC’02, LNCS 2274, pages 335–345. 241, 249
H. Cohen, A. Miyaji, and T. Ono. Efficient elliptic curve exponentiation using mixed coordinates. Asiacrypt’98, LNCS 1514, pages 51–65. 240
D. Hankerson, J. López Hernandez, and A. Menezes. Software implementation of elliptic curve cryptography over binary fields. CHES’00, LNCS 1965, pages 1–24. 242, 243, 244, 245
T. Izu and T. Takagi. A fast parallel elliptic curve multiplication resistant against side channel attacks. PKC’02, LNCS 2274, pages 280–296. 241, 245, 249
D. Johnson and A. Menezes. The elliptic curve digital signature algorithm (ECDSA). CACR Technical report CORR 99-31, University of W aterloo, 1999. 241
B. King. An improved implementation ofellip tic curves over GF(2n) when using projective point arithmetic. SAC’01, LNCS 2259, pages 134–150. 240, 244
D. E. Knuth. Seminumerical Algorithms, volume 2 of The Art of Computer Programming. Addison Wesley, 3 edition, 1997. 248
D. E. Knuth, editor. Selected paperson analysis of algorithms. CSLI Publications, Stanford, 2000. 253
D. E. Knuth and C. H. Papadimitriou. Duality in addition chains. Bull. Eur. Assoc. Theor. Comput. Sci EATCS, 13:2–4, 1981. Reprinted in [13, Chapter 31]. 251
D. H. Lehmer. Computer technology applied to the theory ofn umbers. Studiesin Number Theory, volume 6 of MAA Studiesin Mathematics, pages 117–151, 1969. 249
J. López and R. Dahab. Improved arithmetic for elliptic curve arithmetic in GF(2m). SAC’98, LNCS 1556, pages 201–212. 244
J. López and R. Dahab. Fast multiplication on elliptic curves over GF(2m) without precomputation. CHES’99, LNCS 1717, pages 316–327. 241, 245, 246, 247, 248, 252
A. J. Menezes and S. A. Vanstone. Elliptic curve cryptosystems and their implementation. Journal of Cryptology, 6(4):209–224, 1993.
B. Möller. Algorithms for multi-exponentiation. SAC’01, LNCS 2259, pages 165–180. 244, 245
P. L. Montgomery. Evaluating recurrences off orm X m+n = f(Xm,Xn,Xm-n) via Lucas chains. Available from http://ftp.cwi.nl: /pub/pmontgom/Lucas.ps.gz, 1983. 241, 248, 249, 250
P. L. Montgomery. Speeding the Pollard and elliptic curve methods off actorization. Mathematicsof Computation, 48(170):243–264, 1987. 240, 241, 242
P. L. Montgomery, Aug. 2000. Private communication: expon2fitxt, Dual elliptic curve exponentiation. 249
National Institute of Sta ndards and Technology. Digital Signature Standard, 2000. FIPS Publication 186–2. 241
K. Okeya, H. Kurumatani, and K. Sakurai. Elliptic curves with the Montgomeryform and their cryptographic applications. PKC’00, LNCS 1751, pages 238–257. 241
K. Okeya and K. Sakurai. Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery oft he y-coordinate on a Montgomery-form elliptic curve. CHES’01, LNCS 2162, pages 126–141. 241
B. Schoenmakers, Aug. 2000. Personal communication. 249
M. Stam and A. K. Lenstra. Speeding up XTR. Asiacrypt’01, LNCS 2248, pages 125–143. 241, 251
E. G. Straus. Problems and solutions: (5125) addition chains ofv ectors. American Mathematical Monthly, 71:806–808, 1964. 249
Y. Tsuruoka. Computing short Lucas chains for elliptic curve cryptosystems. IEICE Trans. Fundamentals, E84-A(5):1227–1233, 2001. 251
S. A. Vanstone, R. C. Mullin, A. Antipa, and R. Gallant. Accelerated finite field operations on an elliptic curve. WO 99/49386, Patent Cooperation Treaty, 1999. 241, 246, 252
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stam, M. (2003). On Montgomery-Like Representations for Elliptic Curves over GF(2k). In: Desmedt, Y.G. (eds) Public Key Cryptography — PKC 2003. PKC 2003. Lecture Notes in Computer Science, vol 2567. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36288-6_18
Download citation
DOI: https://doi.org/10.1007/3-540-36288-6_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00324-3
Online ISBN: 978-3-540-36288-3
eBook Packages: Springer Book Archive