Abstract
Using double-base chains to represent integers, in particular chains with bases 2 and 3, can be beneficial to the efficiency of scalar multiplication. However, finding an optimal 2-3 chain as long been thought to be more expensive than the scalar multiplication itself, complicating the use of 2-3 chains in practical applications where the scalar is used only a few time (as in the Diffie-Hellman key exchange).
In the last few years, important progress has been made in obtaining the shortest possible double-base chain for a varying integer n. In 2008, Doche and Habsieger used a binary-tree based approach to get a (relatively close) approximation of the minimal chain. In 2015, Capuñay and Thériault presented the first deterministic polynomial-time algorithm to compute the minimal chain for a scalar, but the complexity of \(O((\log n)^{3+\epsilon })\) is too high for use with a varying scalars. More recently, Bernstein, Chuengsatiansup, and Lange used a graph-based approach to obtain an algorithm with running time \(O((\log n)^{2.5+\epsilon })\).
In this work, we adapt the algorithm of Capuñay and Thériault to obtain minimal chains in \(O((\log n)^2 \log \log n)\) bit operations and \(O((\log n)^2)\) bits of memory. This allows us to obtain minimal chains for 256-bits integers in the 0.280 ms range, making it useful to reduce scalar multiplication costs randomly-selected scalars.
We also show how to extend the result to other types of double-base and triple-base chains (although the complexity for triple-base chains is cubic instead of quadratic). In the case of environments with restricted memory, our algorithm can be adapted to compute the minimal chain in \(O((\log n)^2(\log \log n)^2)\) bit operations with only \(O(\log n(\log \log n)^2)\) bits of memory.
N. Thériault—This research was supported by FONDECYT grant 1151326 (Chile).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A C++ implementation for the SPA-secure algorithm can be found at:
https://github.com/leivaburto/23chains/blob/master/23_spa.cpp.
References
Abarzúa, R., Thériault, N.: Complete atomic blocks for elliptic curves in jacobian coordinates over prime fields. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 37–55. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_3
Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: Optimizing double-base elliptic-curve single-scalar multiplication. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 167–182. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77026-8_13
Bernstein, D.J., Chuengsatiansup, C., Kohel, D., Lange, T.: Twisted hessian curves. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 269–294. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22174-8_15
Bernstein, D.J., Chuengsatiansup, C., Lange, T.: Double-base scalar multiplication revisited. IACR eprint archive 2017/037 (2017)
Capuñay, A., Thériault, N.: Computing optimal 2-3 chains for pairings. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 225–244. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22174-8_13
Ciet, M., Joye, M., Lauter, K., Montgomery, P.L.: Trading inversions for multiplications in elliptic curve cryptography. Des. Codes Crypt. 39(2), 189–206 (2006). https://doi.org/10.1007/s10623-005-3299-y
Dimitrov, V., Imbert, L., Mishra, P.K.: Efficient and secure elliptic curve point multiplication using double-base chains. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 59–78. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_4
Dimitrov, V.S., Jullien, G.A., Miller, W.C.: An algorithm for modular exponentiation. Inform. Process. Lett. 66(3), 155–159 (1998). https://doi.org/10.1016/S0020-0190(98)00044-1
Doche, C., Habsieger, L.: A tree-based approach for computing double-base chains. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 433–446. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70500-0_32
Doche, C., Imbert, L.: Extended double-base number system with applications to elliptic curve cryptography. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 335–348. Springer, Heidelberg (2006). https://doi.org/10.1007/11941378_24
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987). https://doi.org/10.1090/S0025-5718-1987-0866109-5
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
Acknowledgements
The authors would like to thanks the anonymous referees for their useful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Triple-base chains
A Triple-base chains
The algorithms to obtain optimal 2-3-chains and 2-5-chains in Sects. 3 and 4 can be combined to obtain a polynomial time algorithm to compute optimal tripple-base (2-3-5) chains for n, which is described in Algorithm 3.
Since we are now working in three dimension, each plane corresponding a coordinate k (the power of 5 in \(2^i 3^j 5^k\)) must have access to the subchains for \(k-1\), so the array \(C_i\) is replaced by a double array \(C_{i,j}\).
Theorem 4
Let n be a positive integer, then Algorithm 3 returns a minimal 2-3-5 chain in \(O((\log n)^3 \log \log n)\) bit operations, and requires \(O((\log n)^3)\) bits of memory.
Proof
Similar to the proof of Theorem 3.
The ideas of Sect. 5 can also be applied to Algorithm 3, reducing its memory requirements to \(O((\log n)^2 (\log \log n)^2)\) bits, at the expense of increasing its complexity to \(O((\log n)^3 (\log \log n)^2)\).
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Leiva, C., Thériault, N. (2019). Optimal 2-3 Chains for Scalar Multiplication. In: Lange, T., Dunkelman, O. (eds) Progress in Cryptology – LATINCRYPT 2017. LATINCRYPT 2017. Lecture Notes in Computer Science(), vol 11368. Springer, Cham. https://doi.org/10.1007/978-3-030-25283-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-25283-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25282-3
Online ISBN: 978-3-030-25283-0
eBook Packages: Computer ScienceComputer Science (R0)