Faster Implementation of Scalar Multiplication on Koblitz Curves

We design a state-of-the-art software implementation of field and elliptic curve arithmetic in standard Koblitz curves at the 128-bit security level. Field arithmetic is carefully crafted by using the best formulae and implementation strategies available, and the increasingly common native support to binary field arithmetic in modern desktop computing platforms. The i-th power of the Frobenius automorphism on Koblitz curves is exploited to obtain new and faster interleaved versions of the well-known τNAF scalar multiplication algorithm. The usage of the $\tau^{\lfloor m/3 \rfloor}$ and $\tau^{\lfloor m/4 \rfloor}$ maps are employed to create analogues of the 3-and 4-dimensional GLV decompositions and in general, the $\lfloor m/s \rfloor$-th power of the Frobenius automorphism is applied as an analogue of an s-dimensional GLV decomposition. The effectiveness of these techniques is illustrated by timing the scalar multiplication operation for fixed, random and multiple points. In particular, our library is able to compute a random point scalar multiplication in just below 105 clock cycles, which sets a new speed record across all curves with or without endomorphisms defined over binary or prime fields. The results of our optimized implementation suggest a trade-off between speed, compliance with the published standards and side-channel protection. Finally, we estimate the performance of curve-based cryptographic protocols instantiated using the proposed techniques and compare our results to related work.

[1]  Michael Scott,et al.  Optimal Irreducible Polynomials for GF(2m) Arithmetic , 2007, IACR Cryptol. ePrint Arch..

[2]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[3]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[4]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[5]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[6]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[7]  M. Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2011, Journal of Cryptology.

[8]  Pierrick Gaudry,et al.  The mpFq library and implementing curve-based key exchanges , 2007 .

[9]  Peter Schwabe,et al.  ECC2K-130 on Cell CPUs , 2010, AFRICACRYPT.

[10]  Patrick Longa,et al.  Efficient Techniques for High-Speed Elliptic Curve Cryptography , 2010, CHES.

[11]  Kwang Ho Kim,et al.  A New Method for Speeding Up Arithmetic on Elliptic Curves over Binary Fields , 2007, IACR Cryptol. ePrint Arch..

[12]  Guillermo Morales-Luna,et al.  Parallel Itoh–Tsujii multiplicative inversion algorithm for a special class of trinomials , 2007, Des. Codes Cryptogr..

[13]  Francisco Rodríguez-Henríquez,et al.  Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction , 2011, Journal of Cryptographic Engineering.

[14]  Ramlan Mahmod,et al.  A New Addition Formula for Elliptic Curves over GF(2n) , 2002, IEEE Trans. Computers.

[15]  Chen Su,et al.  Impact of Intel's new instruction sets on software implementation of GF(2)[x] multiplication , 2012, Inf. Process. Lett..

[16]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[17]  Damian Weber,et al.  The Solution of McCurley's Discrete Log Challenge , 1998, CRYPTO.

[18]  Ricardo Dahaby Improved Algorithms for Elliptic Curve Arithmetic in Gf(2 N ) Improved Algorithms for Elliptic Curve Arithmetic in Gf (2 N ) , 1998 .

[19]  ItohToshiya,et al.  A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases , 1988 .

[20]  Francisco Rodríguez-Henríquez,et al.  Parallel Formulations of Scalar Multiplication on Koblitz Curves , 2008, J. Univers. Comput. Sci..

[21]  Patrick Longa,et al.  Four-Dimensional Gallant–Lambert–Vanstone Scalar Multiplication , 2011, Journal of Cryptology.

[22]  Christof Paar,et al.  Itoh-Tsujii Inversion in Standard Basis and Its Application in Cryptography and Codes , 2002, Des. Codes Cryptogr..

[23]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[24]  Murat Cenk,et al.  Improved Polynomial Multiplication Formulas over $IF₂$ Using Chinese Remainder Theorem , 2009, IEEE Transactions on Computers.

[25]  Julio César López-Hernández,et al.  Efficient Software Implementation of Binary Field Arithmetic Using Vector Instruction Sets , 2010, LATINCRYPT.

[26]  Peter L. Montgomery,et al.  Five, six, and seven-term Karatsuba-like formulae , 2005, IEEE Transactions on Computers.

[27]  Michael Hamburg,et al.  Fast and compact elliptic-curve cryptography , 2012, IACR Cryptol. ePrint Arch..

[28]  Alfred Menezes,et al.  Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[29]  Francisco Rodríguez-Henríquez,et al.  Software implementation of binary elliptic curves: impact of the carry-less multiplier on scalar multiplication , 2011, IACR Cryptol. ePrint Arch..