Abstract
This paper analyzes the best speeds that can be obtained for single-scalar multiplication with variable base point by combining a huge range of options:
-
many choices of coordinate systems and formulas for individual group operations, including new formulas for tripling on Edwards curves;
-
double-base chains with many different doubling/tripling ratios, including standard base-2 chains as an extreme case;
-
many precomputation strategies, going beyond Dimitrov, Imbert, Mishra (Asiacrypt 2005) and Doche and Imbert (Indocrypt 2006).
The analysis takes account of speedups such as S – M tradeoffs and includes recent advances such as inverted Edwards coordinates.
The main conclusions are as follows. Optimized precomputations and triplings save time for single-scalar multiplication in Jacobian coordinates, Hessian curves, and tripling-oriented Doche/Icart/Kohel curves. However, even faster single-scalar multiplication is possible in Jacobi intersections, Edwards curves, extended Jacobi-quartic coordinates, and inverted Edwards coordinates, thanks to extremely fast doublings and additions; there is no evidence that double-base chains are worthwhile for the fastest curves. Inverted Edwards coordinates are the speed leader.
Permanent ID of this document: d721c86c47e3b56834ded945c814b5e0. Date of this document: 2007.10.03. This work has been supported in part by the European Commission through the IST Programme under Contract IST–2002–507932 ECRYPT.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Avanzi, R., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: The Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC, Boca Raton, USA (2005)
Barua, R., Lange, T. (eds.): INDOCRYPT 2006. LNCS, vol. 4329. Springer, Heidelberg (2006)
Bernstein, D.J., Lange, T.: Explicit-formulas database, http://www.hyperelliptic.org/EFD
Bernstein, D.J., Lange, T.: Inverted Edwards coordinates. In: AAECC 2007 (to appear, 2007)
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Asiacrypt 2007 [17], pp. 29–50 (2007), http://cr.yp.to/newelliptic/
Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic curves in cryptography. London Mathematical Society Lecture Note Series, vol. 265. Cambridge University Press, Cambridge (1999)
Brauer, A.: On addition chains. Bulletin of the American Mathematical Society 45, 736–739 (1939)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Dimitrov, V., Imbert, L., Mishra, P.K.: Efficient and secure elliptic curve point multiplication using double-base chains. In: ASIACRYPT 2005 [19], pp. 59–78 (2005)
Doche, C., Icart, T., Kohel, D.R.: Efficient scalar multiplication by isogeny decompositions. In: PKC 2006 [21], pp. 191–206 (2006)
Doche, C., Imbert, L.: Extended double-base number system with applications to elliptic curve cryptography. In: Indocrypt 2006 [2], pp. 335–348 (2006)
Doche, C., Lange, T.: Arithmetic of Elliptic Curves, Ch. 13 in [1], pp. 267–302. CRC Press, Boca Raton, USA (2005)
Duquesne, S.: Improving the arithmetic of elliptic curves in the Jacobi model. Information Processing Letters 104, 101–105 (2007)
Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007), http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html
Hankerson, D., Menezes, A.J., Vanstone, S.A.: Guide to elliptic curve cryptography. Springer, Berlin (2003)
Hisil, H., Carter, G., Dawson, E.: New formulae for efficient elliptic curve arithmetic. In: Indocrypt 2007. LNCS, vol. 4859, pp. 138–151. Springer, Heidelberg (2007)
Kurosawa, K. (ed.): Advances in cryptology–ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007)
IEEE P1363. Standard specifications for public key cryptography. IEEE (2000)
Roy, B. (ed.): ASIACRYPT 2005. LNCS, vol. 3788. Springer, Heidelberg (2005)
Thurber, E.G.: On addition chains l(mn) ≤ l(n) − b and lower bounds for c(r). Duke Mathematical Journal 40, 907–913 (1973)
Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): PKC 2006. LNCS, vol. 3958. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernstein, D.J., Birkner, P., Lange, T., Peters, C. (2007). Optimizing Double-Base Elliptic-Curve Single-Scalar Multiplication. In: Srinathan, K., Rangan, C.P., Yung, M. (eds) Progress in Cryptology – INDOCRYPT 2007. INDOCRYPT 2007. Lecture Notes in Computer Science, vol 4859. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77026-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-77026-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77025-1
Online ISBN: 978-3-540-77026-8
eBook Packages: Computer ScienceComputer Science (R0)