Unbalanced digit sets and the closest choice strategy for minimal weight integer representations

An algorithm is presented that produces an optimal radix-2 representation of an input integer n using digits from the set $${D_{\ell,u}=\{a\in{\mathbb{Z}}:\ell \le a\le u\}}$$, where ℓ ≤ 0 and u ≥ 1. The algorithm works by scanning the digits of the binary representation of n from left-to-right (i.e., from most-significant to least-significant); further, the algorithm is of the online variety in that it needs to scan only a bounded number of input digits before giving an output digit (i.e., the algorithm produces output before scanning the entire input). The output representation is optimal in the sense that, of all radix-2 representations of n with digits from Dℓ,u, it has as few nonzero digits as possible (i.e., it has minimal weight). Such representations are useful in the efficient implementation of elliptic curve cryptography. The strategy the algorithm utilizes is to choose an integer of the form d 2i, where $${d \in D_{\ell,u}}$$ , that is closest to n with respect to a particular distance function. It is possible to choose values of ℓ and u so that the set Dℓ,u is unbalanced in the sense that it contains more negative digits than positive digits, or more positive digits than negative digits. Our distance function takes the possible unbalanced nature of Dℓ,u into account.

[1]  Braden Phillips,et al.  Minimal weight digit set conversions , 2004, IEEE Transactions on Computers.

[2]  Andrew D. Booth,et al.  A SIGNED BINARY MULTIPLICATION TECHNIQUE , 1951 .

[3]  Majid Khabbazian,et al.  A new minimal average weight representation for left-to-right point multiplication methods , 2005, IEEE Transactions on Computers.

[4]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[5]  Roberto Maria Avanzi A Note on the Signed Sliding Window Integer Recoding and a Left-to-Right Analogue , 2004, Selected Areas in Cryptography.

[6]  J. Olivos,et al.  Speeding up the computations on an elliptic curve using addition-subtraction chains , 1990, RAIRO Theor. Informatics Appl..

[7]  James A. Muir A Simple Left-to-Right Algorithm for Minimal Weight Signed Radix-$r$ Representations , 2007, IEEE Transactions on Information Theory.

[8]  Douglas R. Stinson,et al.  New Minimal Weight Representations for Left-to-Right Window Methods , 2005, CT-RSA.

[9]  W. Neville Holmes,et al.  Binary Arithmetic , 2007, Computer.

[10]  Gurmeet Singh Manku,et al.  Optimal routing in Chord , 2004, SODA '04.

[11]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[12]  Jefirey Shallit A Primer on Balanced Binary Representations , 1993 .

[13]  George W. Reitwiesner,et al.  Binary Arithmetic , 1960, Adv. Comput..

[14]  Marc Joye,et al.  Optimal Left-to-Right Binary Signed-Digit Recoding , 2000, IEEE Trans. Computers.

[15]  Volker Müller Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two , 1998, Journal of Cryptology.

[16]  Bodo Möller,et al.  Fractional Windows Revisited: Improved Signed-Digit Representations for Efficient Exponentiation , 2004, ICISC.

[17]  CLEMENS HEUBERGER,et al.  THE ALTERNATING GREEDY EXPANSION AND APPLICATIONS TO LEFT-TO-RIGHT ALGORITHMS IN CRYPTOGRAPHY , 2004 .

[18]  Helmut Prodinger,et al.  Analysis of linear combination algorithms in cryptography , 2005, TALG.

[19]  Helmut Prodinger,et al.  The alternating greedy expansion and applications to computing digit expansions from left-to-right in cryptography , 2005, Theor. Comput. Sci..

[20]  Tsuyoshi Takagi,et al.  Signed Binary Representations Revisited , 2004, CRYPTO.

[21]  Clemens Heuberger,et al.  Minimal weight and colexicographically minimal integer representations , 2007, J. Math. Cryptol..

[22]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..