Fast Point Multiplication Algorithms for Binary Elliptic Curves with and without Precomputation

In this paper we introduce new methods for computing constant-time variable-base point multiplications over the Galbraith-Lin-Scott (GLS) and the Koblitz families of elliptic curves. Using a left-to-right double-and-add and a right-to-left halve-and-add Montgomery ladder over a GLS curve, we present some of the fastest timings yet reported in the literature for point multiplication. In addition, we combine these two procedures to compute a multi-core protected scalar multiplication. Furthermore, we designed a novel regular \(\tau \)-adic scalar expansion for Koblitz curves. As a result, using the regular recoding approach, we set the speed record for a single-core constant-time point multiplication on standardized binary elliptic curves at the \(128\)-bit security level.

[1]  Sanjit Chatterjee,et al.  A New Protocol for the Nearby Friend Problem , 2009, IMACC.

[2]  Francisco Rodríguez-Henríquez,et al.  Lambda Coordinates for Binary Elliptic Curves , 2013, CHES.

[3]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[4]  Michael Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2009, Journal of Cryptology.

[5]  Francisco Rodríguez-Henríquez,et al.  Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction , 2011, Journal of Cryptographic Engineering.

[6]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[7]  Shay Gueron,et al.  Fast software implementation of binary elliptic curve cryptography , 2015, Journal of Cryptographic Engineering.

[8]  Tsuyoshi Takagi,et al.  Improvement of Faugère et al.'s Method to Solve ECDLP , 2013, IWSEC.

[9]  Francisco Rodríguez-Henríquez,et al.  Two is the fastest prime: lambda coordinates for binary elliptic curves , 2014, Journal of Cryptographic Engineering.

[10]  Shay Gueron,et al.  Fast prime field elliptic-curve cryptography with 256-bit primes , 2014, Journal of Cryptographic Engineering.

[11]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[12]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[13]  Marc Joye,et al.  Exponent Recoding and Regular Exponentiation Algorithms , 2009, AFRICACRYPT.

[14]  Patrick Longa,et al.  Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and Their Implementation on GLV-GLS Curves , 2014, CT-RSA.

[15]  Christophe Nègre,et al.  New Parallel Approaches for Scalar Multiplication in Elliptic Curve over Fields of Small Characteristic , 2015, IEEE Transactions on Computers.

[16]  Craig Costello,et al.  Fast Cryptography in Genus 2 , 2013, Journal of Cryptology.

[17]  F. Hess Generalising the GHS attack on the elliptic curve discrete logarithm problem , 2004 .

[18]  Alfred Menezes,et al.  Elliptic Curve Cryptography: The Serpentine Course of a Paradigm Shift , 2011, IACR Cryptol. ePrint Arch..

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[20]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[21]  Patrick Longa,et al.  Four-Dimensional Gallant–Lambert–Vanstone Scalar Multiplication , 2011, Journal of Cryptology.

[22]  Alfred Menezes,et al.  Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields , 2009, IEEE Transactions on Computers.

[23]  Jean-Jacques Quisquater,et al.  On Polynomial Systems Arising from a Weil Descent , 2012, ASIACRYPT.

[24]  Tanja Lange,et al.  Kummer Strikes Back: New DH Speed Records , 2014, ASIACRYPT.

[25]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[26]  Michael Shantz,et al.  Solving the Elliptic Curve Discrete Logarithm Problem Using Semaev Polynomials, Weil Descent and Gröbner Basis Methods - An Experimental Study , 2013, Number Theory and Cryptography.

[27]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[28]  Christophe Nègre,et al.  Impact of Optimized Field Operations AB, AC and AB + CD in Scalar Multiplication over Binary Elliptic Curve , 2013, AFRICACRYPT.

[29]  Tsuyoshi Takagi,et al.  Efficient Representations on Koblitz Curves with Resistance to Side Channel Attacks , 2005, ACISP.

[30]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[31]  Benjamin Smith,et al.  Faster Compact Diffie-Hellman: Endomorphisms on the x-line , 2014, IACR Cryptol. ePrint Arch..

[32]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..