Abstract
Let E be an elliptic curve defined over \({\mathbb{F}}_{2^n}\). The inverse operation of point doubling, called point halving, can be done up to three times as fast as doubling. Some authors have therefore proposed to perform a scalar multiplication by an “halve-and-add” algorithm, which is faster than the classical double-and-add method.
If the coefficients of the equation defining the curve lie in a small subfield of \({\mathbb{F}}_{2^n}\), one can use the Frobenius endomorphism τ of the field extension to replace doublings. Since the cost of τ is negligible if normal bases are used, the scalar multiplication is written in “base τ” and the resulting “τ-and-add” algorithm gives very good performance.
For elliptic Koblitz curves, this work combines the two ideas for the first time to achieve a novel decomposition of the scalar. This gives a new scalar multiplication algorithm which is up to 14.29% faster than the Frobenius method, without any additional precomputation.
Chapter PDF
Similar content being viewed by others
References
Ash, D.W., Blake, I.F., Vanstone, S.: Low complexity normal bases. Discrete Applied Math. 25, 191–210 (1989)
Avanzi, R.M.: On the complexity of certain multi-exponentiation techniques in cryptography. To appear in Journal of Cryptology
Fong, K., Hankerson, D., Lopez, J., Menezes, A.: Field inversion and point halving revisited, Available from, http://www.cs.siu.edu/~kfong/research/ECCpaper.ps (Unpublished Manuscript)
Hankerson, D., Lopez-Hernandez, J., Menezes, A.: Software Implementatin of Elliptic Curve Cryprography over Binary Fields. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 1–24. Springer, Heidelberg (2000)
Knudsen, E.W.: Elliptic Scalar Multiplication Using Point Halving. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 135–149. Springer, Heidelberg (1999)
Knuth, D.E.: The Art of Computer Programming, 3rd edn. Addison-Wesley, Reading (1999)
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of computation 48, 203–209 (1987)
Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 351–365. Springer, Heidelberg (2003)
Reitwiesner, G.W.: Binary arithmetic. Advances in Computers 1, 231–308 (1960)
Schroeppel, R.: Point halving wins big. In: Talks at (i) Midwest Arithmetical Geometry in Cryptography Workshop, University of Illinois at Urbana-Champaign, November 17-19 (2000); (ii): ECC 2001 Workshop, University of Waterloo, Ontario, Canada, October 29–31 (2001)
Schroeppel, R.: Elliptic curve point ambiguity resolution apparatus and method. International Application Number PCT/US00/31014, filed 9 (November 2000)
Solinas, J.A.: An improved algorithm for arithmetic on a family of elliptic curves. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 357–371. Springer, Heidelberg (1997)
Solinas, J.A.: Efficient Arithmetic on Koblitz Curves. Designs, Codes and Cryptography 19(2/3), 125–179 (2000)
Straus, E.G.: Addition chains of vectors (problem 5125). American Mathematical Monthly 71, 806–808 (1964)
IEEE Std 1363-2000. IEEE Standard Specifications for Public-Key Cryptography. IEEE Computer Society, Los Alamitos (August 29, 2000)
National Institute of Standards and Technology. Digital Signature Standard. FIPS Publication 186-2 (February 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Avanzi, R.M., Ciet, M., Sica, F. (2004). Faster Scalar Multiplication on Koblitz Curves Combining Point Halving with the Frobenius Endomorphism. In: Bao, F., Deng, R., Zhou, J. (eds) Public Key Cryptography – PKC 2004. PKC 2004. Lecture Notes in Computer Science, vol 2947. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24632-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-24632-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21018-4
Online ISBN: 978-3-540-24632-9
eBook Packages: Springer Book Archive