Non-minimality of the width-w non-adjacent form in conjunction with trace one 휏-adic digit expansions and Koblitz curves in characteristic two

This article deals with redundant digit expansions with an imaginary quadratic algebraic integer with trace $\pm 1$ as base and a minimal norm representatives digit set. For $w\geq 2$ it is shown that the width-$w$ non-adjacent form is not an optimal expansion, meaning that it does not minimize the (Hamming-)weight among all possible expansions with the same digit set. One main part of the proof uses tools from Diophantine analysis, namely the theory of linear forms in logarithms and the Baker--Davenport reduction method.

[1]  Roberto Maria Avanzi,et al.  Redundant τ-adic expansions I: non-adjacent digit sets and their applications to scalar multiplication , 2008, Des. Codes Cryptogr..

[2]  Willi Meier,et al.  Efficient Multiplication on Certain Nonsupersingular Elliptic Curves , 1992, CRYPTO.

[3]  C. Heuberger,et al.  Optimality of the Width-$w$ Non-adjacent Form: General Characterisation and the Case of Imaginary Quadratic Bases , 2011, 1110.0966.

[4]  Braden Phillips,et al.  Minimal weight digit set conversions , 2004, IEEE Transactions on Computers.

[5]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[6]  H. Davenport,et al.  THE EQUATIONS 3x2−2 = y2 AND 8x2−7 = z2 , 1969 .

[7]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[8]  Roberto Maria Avanzi,et al.  Scalar Multiplication on Koblitz Curves Using the Frobenius Endomorphism and Its Combination with Point Halving: Extensions and Mathematical Analysis , 2006, Algorithmica.

[9]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[10]  Jerome A. Solinas An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[11]  E. Matveev,et al.  An explicit lower bound for a homogeneous rational linear form in logarithms of algebraic numbers , 1998 .

[12]  A. Pethö,et al.  Products of prime powers in binary recurrence sequences, Part I: the hyperbolic case, with an application to the generalized Ramanujan-Nagell equation , 1986 .

[13]  P. Ribenboim Classical Theory Of Algebraic Numbers , 2001 .

[14]  W. Neville Holmes,et al.  Binary Arithmetic , 2007, Computer.

[15]  C. A. Rogers,et al.  An Introduction to the Geometry of Numbers , 1959 .

[16]  C. Heuberger,et al.  Analysis of Width-$w$ Non-Adjacent Forms to Imaginary Quadratic Bases , 2010, 1009.0488.

[17]  Roberto Maria Avanzi,et al.  Minimality of the Hamming Weight of the \tau-NAF for Koblitz Curves and Improved Combination with Point Halving , 2005, IACR Cryptol. ePrint Arch..

[18]  Atsuko Miyaji,et al.  Efficient elliptic curve exponentiation , 1997, ICICS.

[19]  C. Mitchell,et al.  Minimum weight modified signed-digit representations and fast exponentiation , 1989 .

[20]  Neal Koblitz,et al.  An Elliptic Curve Implementation of the Finite Field Digital Signature Algorithm , 1998, CRYPTO.

[21]  Roberto Maria Avanzi A Note on the Signed Sliding Window Integer Recoding and a Left-to-Right Analogue , 2004, Selected Areas in Cryptography.

[22]  Clemens Heuberger Redundant τ-Adic Expansions II: Non-Optimality and Chaotic Behaviour , 2010, Math. Comput. Sci..

[23]  Douglas R. Stinson,et al.  Minimality and other properties of the width-w nonadjacent form , 2005, Math. Comput..

[24]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[25]  C. Heuberger,et al.  Existence and optimality of w-non-adjacent forms with an algebraic integer base , 2012, 1205.4414.