Arithmetic of Supersingular Koblitz Curves in Characteristic Three

We consider digital expansions of scalars for supersingular Koblitz curves in characteristic three. These are positional representations of integers to the base of τ , where τ is a zero of the characteristic polynomial T 2 ± 3T + 3 of a Frobenius endomorphism. They are then applied to the improvement of scalar multiplication on the Koblitz curves. A simple connection between τ -adic expansions and balanced ternary representations is given. Windowed non-adjacent representations are considered whereby the digits are elements of minimal norm. We give an explicit description of the elements of the digit set, allowing for a very simple and efficient precomputation strategy, whereby the rotational symmetry of the digit set is also used to reduce the memory requirements. With respect to the current state of the art for computing scalar multiplications on supersingular Koblitz curves we achieve the following improvements: (i) speed-ups of up to 40%, (ii) a reduction of memory consumption by a factor of three, (iii) our methods apply to all window sizes without requiring operation sequences for the precomputation stage to be determined offline first. Additionally, we explicitly describe the action of some endomorphisms on the Koblitz curve as a scalar multiplication by an explicitly given integer.

[1]  Kwang Ho Kim,et al.  Point Multiplication on Supersingular Elliptic Curves Defined over Fields of Characteristic 2 and 3 , 2008, SECRYPT.

[2]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[3]  Jerome A. Solinas An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[4]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[5]  Douglas R. Stinson,et al.  Alternative Digit Sets for Nonadjacent Representations , 2005, SIAM J. Discret. Math..

[6]  I. Kátai,et al.  Canonical number systems in imaginary quadratic fields , 1981 .

[7]  Alfred Menezes,et al.  Software Implementation of Arithmetic in F3m , 2007, WAIFI.

[8]  Braden Phillips,et al.  Minimal weight digit set conversions , 2004, IEEE Transactions on Computers.

[9]  Neal Koblitz,et al.  An Elliptic Curve Implementation of the Finite Field Digital Signature Algorithm , 1998, CRYPTO.

[10]  Roberto Maria Avanzi A Note on the Signed Sliding Window Integer Recoding and a Left-to-Right Analogue , 2004, Selected Areas in Cryptography.

[11]  Clemens Heuberger Redundant τ-Adic Expansions II: Non-Optimality and Chaotic Behaviour , 2010, Math. Comput. Sci..

[12]  Xiaofeng Chen,et al.  A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[13]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[14]  Francisco Rodríguez-Henríquez,et al.  A Comparison between Hardware Accelerators for the Modified Tate Pairing over F2m and F3m , 2008, Pairing.

[15]  Mark W Kroll Optimality of Digital Expansions to the Base of the Frobenius Endomorphism on Koblitz Curves in Characteristic Three , 2010 .

[16]  David W. Matula,et al.  Basic digit sets for radix representation , 1982, JACM.

[17]  Masaaki Shirase,et al.  An Algorithm for the nt Pairing Calculation in Characteristic Three and its Hardware Implementation , 2007, 18th IEEE Symposium on Computer Arithmetic (ARITH '07).

[18]  Helmut Prodinger,et al.  Analysis of Alternative Digit Sets for Nonadjacent Representations , 2006 .

[19]  Roberto Maria Avanzi,et al.  Redundant τ-adic expansions I: non-adjacent digit sets and their applications to scalar multiplication , 2008, Des. Codes Cryptogr..

[20]  Francisco Rodríguez-Henríquez,et al.  Multi-core Implementation of the Tate Pairing over Supersingular Elliptic Curves , 2009, CANS.

[21]  William J. Gilbert Radix representations of quadratic fields , 1981 .

[22]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[23]  Douglas R. Stinson,et al.  Minimality and other properties of the width-w nonadjacent form , 2005, Math. Comput..

[24]  Masaaki Shirase,et al.  An Algorithm for the ηT Pairing Calculation in Characteristic Three and its Hardware Implementation , 2006, IACR Cryptol. ePrint Arch..

[25]  Ian F. Blake,et al.  Efficient algorithms for Koblitz curves over fields of characteristic three , 2005, J. Discrete Algorithms.

[26]  Nigel P. Smart,et al.  Software Implementation of Finite Fields of Characteristic Three, for Use in Pairing-based Cryptosystems , 2002 .