Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields

Galbraith, Lin, and Scott recently constructed efficiently computable endomorphisms for a large family of elliptic curves defined over IFq2 and showed, in the case where q is a prime, that the Gallant-Lambert-Vanstone point multiplication method for these curves is significantly faster than point multiplication for general elliptic curves over prime fields. In this paper, we investigate the potential benefits of using Galbraith-Lin-Scott elliptic curves in the case where q is a power of 2. The analysis differs from the q prime case because of several factors, including the availability of the point halving strategy for elliptic curves over binary fields. Our analysis and implementations show that Galbraith-Lin-Scott point multiplication method offers significant acceleration for curves over binary fields, in both doubling- and halving-based approaches. Experimentally, the acceleration surpasses that reported for prime fields (for the platform in common), a somewhat counterintuitive result given the relative costs of point addition and doubling in each case.

[1]  Erik Woodward Knudsen,et al.  Elliptic Scalar Multiplication Using Point Halving , 1999, ASIACRYPT.

[2]  Alfred Menezes,et al.  Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree , 2001, INDOCRYPT.

[3]  P. Gaudry,et al.  A general framework for subexponential discrete logarithm algorithms , 2002 .

[4]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Roberto Maria Avanzi,et al.  Another Look at Square Roots (and Other Less Common Operations) in Fields of Even Characteristic , 2007, Selected Areas in Cryptography.

[7]  Emmanuel Thomé,et al.  Index Calculus in Class Groups of Non-hyperelliptic Curves of Genus Three , 2008, Journal of Cryptology.

[8]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[9]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[10]  Brian King,et al.  An Improved Implementation of Elliptic Curves over GF(2) when Using Projective Point Arithmetic , 2001, Selected Areas in Cryptography.

[11]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[12]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[13]  Ramlan Mahmod,et al.  A New Addition Formula for Elliptic Curves over GF(2n) , 2002, IEEE Trans. Computers.

[14]  S. Tsujii,et al.  Construction of Frobenius maps of twists elliptic curves and its application to elliptic scalar multiplication , 2002 .

[15]  Brian King,et al.  Improvements to the Point Halving Algorithm , 2004, ACISP.

[16]  Darrel HANKERSON,et al.  Software Implementation of Pairings , 2009, Identity-Based Cryptography.

[17]  Ricardo Dahaby Improved Algorithms for Elliptic Curve Arithmetic in Gf(2 N ) Improved Algorithms for Elliptic Curve Arithmetic in Gf (2 N ) , 1998 .

[18]  M. Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2011, Journal of Cryptology.

[19]  Chae Hoon Lim,et al.  Speeding Up Elliptic Scalar Multiplication with Precomputation , 1999, ICISC.

[20]  Tanja Lange,et al.  A note on López-Dahab coordinates , 2004, IACR Cryptol. ePrint Arch..

[21]  F. Hess Generalising the GHS attack on the elliptic curve discrete logarithm problem , 2004 .

[22]  Ricardo Dahab,et al.  High-Speed Software Multiplication in F2m , 2000, INDOCRYPT.

[23]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[24]  David Jao,et al.  Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log? , 2004, ASIACRYPT.

[25]  Alfred Menezes,et al.  Field inversion and point halving revisited , 2004, IEEE Transactions on Computers.

[26]  Alfred Menezes,et al.  Analysis of the Weil Descent Attack of Gaudry, Hess and Smart , 2001, CT-RSA.

[27]  Bodo Möller Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.

[28]  Roberto Maria Avanzi,et al.  Effects of Optimizations for Software Implementations of Small Binary Field Arithmetic , 2007, WAIFI.

[29]  Douglas R. Stinson,et al.  Minimality and other properties of the width-w nonadjacent form , 2005, Math. Comput..

[30]  Tanja Lange,et al.  Binary Edwards Curves , 2008, CHES.

[31]  Kwang Ho Kim,et al.  A New Method for Speeding Up Arithmetic on Elliptic Curves over Binary Fields , 2007, IACR Cryptol. ePrint Arch..

[32]  Richard P. Brent,et al.  Faster Multiplication in GF(2)[x] , 2008, ANTS.

[33]  Michael E. Kounavis,et al.  A Technique for Accelerating Characteristic 2 Elliptic Curve Cryptography , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[34]  S. Galbraith Constructing Isogenies between Elliptic Curves Over Finite Fields , 1999 .

[35]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.