Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves

Efficiently computable homomorphisms allow elliptic curve point multiplication to be accelerated using the Gallant-Lambert- Vanstone (GLV) method. We extend results of Iijima, Matsuo, Chao and Tsujii which give such homomorphisms for a large class of elliptic curves by working over ${\mathbb F}_{p^2}$ and demonstrate that these results can be applied to the GLV method. In general we expect our method to require about 0.75 the time of previous best methods (except for subfield curves, for which Frobenius expansions can be used). We give detailed implementation results which show that the method runs in between 0.70 and 0.84 the time of the previous best methods for elliptic curve point multiplication on general curves.

[1]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[2]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[3]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[4]  Iwan M. Duursma,et al.  Speeding up the Discrete Log Computation on Curves with Automorphisms , 1999, ASIACRYPT.

[5]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[6]  J. Solinas Low-Weight Binary Representations for Pairs of Integers , 2001 .

[7]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[8]  Bodo Möller Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.

[9]  Seongan Lim,et al.  Integer Decomposition for Fast Scalar Multiplication on Elliptic Curves , 2002, Selected Areas in Cryptography.

[10]  Jean-Jacques Quisquater,et al.  Analysis of the Gallant-Lambert-Vanstone Method Based on Efficient Endomorphisms: Elliptic and Hyperelliptic Curves , 2002, Selected Areas in Cryptography.

[11]  Jongin Lim,et al.  An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves , 2002, Public Key Cryptography.

[12]  Bodo Möller,et al.  Improved Techniques for Fast Exponentiation , 2002, ICISC.

[13]  S. Tsujii,et al.  Construction of Frobenius maps of twists elliptic curves and its application to elliptic scalar multiplication , 2002 .

[14]  Y. Nogami Fast Generation of Elliptic Curves with Prime Order over F_{p^{2^c}} , 2003 .

[15]  Alexander Rostovtsev,et al.  Elliptic Curve Point Multiplication , 2003, MMM-ACNS.

[16]  Y. Morikawa,et al.  Fast generation of elliptic curves with prime order over extension field of even extension degree , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[17]  Bodo Möller,et al.  Fractional Windows Revisited: Improved Signed-Digit Representations for Efficient Exponentiation , 2004, ICISC.

[18]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[19]  Roberto Maria Avanzi,et al.  Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations , 2004, CHES.

[20]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[21]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[22]  Scott A. Vanstone,et al.  Accelerated Verification of ECDSA Signatures , 2005, Selected Areas in Cryptography.

[23]  Tsuyoshi Takagi,et al.  Analysis of fractional window recoding methods and their application to elliptic curve cryptosystems , 2006, IEEE Transactions on Computers.

[24]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[25]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[26]  Daniel R. L. Brown Multi-Dimensional Montgomery Ladders for Elliptic Curves , 2006, IACR Cryptol. ePrint Arch..

[27]  D. Bernstein Differential addition chains , 2006 .

[28]  Tanja Lange,et al.  Inverted Edwards Coordinates , 2007, AAECC.

[29]  Michael Scott,et al.  Optimizing Multiprecision Multiplication for Public Key Cryptography , 2007, IACR Cryptol. ePrint Arch..

[30]  Tanja Lange,et al.  Analysis and optimization of elliptic-curve single-scalar multiplication , 2007, IACR Cryptol. ePrint Arch..

[31]  Serdar Boztas,et al.  Applied Algebra, Algebraic Algorithms and Error-Correcting Codes , 2001, Lecture Notes in Computer Science.

[32]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[33]  Bodo Möller,et al.  Faster Multi-exponentiation through Caching: Accelerating (EC)DSA Signature Verification , 2008, SCN.

[34]  H. Edwards A normal form for elliptic curves , 2007 .

[35]  Pierrick Gaudry,et al.  The mpFq library and implementing curve-based key exchanges , 2007 .

[36]  Erik Dahmen,et al.  Affine Precomputation with Sole Inversion in Elliptic Curve Cryptography , 2007, ACISP.

[37]  Michael Scott,et al.  Exponentiation in Pairing-Friendly Groups Using Homomorphisms , 2008, Pairing.

[38]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[39]  Patrick Longa,et al.  New Composite Operations and Precomputation Scheme for Elliptic Curve Cryptosystems over Prime Fields , 2008, Public Key Cryptography.

[40]  Kazuto Matsuo,et al.  Skew-Frobenius Maps on Hyperelliptic Curves , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[41]  晋輝 趙,et al.  H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen and F. Vercauteren (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography, Discrete Math. Appl. (Boca Raton)., Chapman & Hall/CRC, 2006年,xxxiv + 808ページ. , 2009 .

[42]  Alfred Menezes,et al.  Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields , 2009, IEEE Transactions on Computers.

[43]  Pierrick Gaudry,et al.  Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem , 2009, J. Symb. Comput..

[44]  Speeding the Pollard and Elliptic Curve Methods , 2010 .

[45]  M. Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2011, Journal of Cryptology.