Fast and compact elliptic-curve cryptography

Elliptic curve cryptosystems have improved greatly in speed over the past few years. In this paper we outline a new elliptic curve signature and key agreement implementation. We achieve record speeds for signatures while remaining relatively compact. For example, on Intel Sandy Bridge, a curve with about 2250 points produces a signature in just under 60k clock cycles, verifies in under 169k clock cycles, and computes a Diffie-Hellman shared secret in under 153k clock cycles. Our implementation has a small footprint: the library is under 55kB. We also post competitive timings on ARM processors, verifying a signature in under 618k Tegra-2 cycles. We introduce faster field arithmetic, a new point compression algorithm, an improved fixed-base scalar multiplication algorithm and a new way to verify signatures without inversions or coordinate recovery. Some of these improvements should be applicable to other systems.

[1]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[2]  Michael Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2009, Journal of Cryptology.

[3]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[4]  H. Hisil Elliptic curves, group law, and efficient computation , 2010 .

[5]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[6]  J. Milne Elliptic Curves , 2020 .

[7]  Shipeng Li,et al.  Signed MSB-Set Comb Method for Elliptic Curve Point Multiplication , 2006, ISPEC.

[8]  Ed Dawson,et al.  Twisted Edwards Curves Revisited , 2008, IACR Cryptol. ePrint Arch..

[9]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[10]  Amos Fiat,et al.  Batch RSA , 1989, Journal of Cryptology.

[11]  H. Edwards A normal form for elliptic curves , 2007 .

[12]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[13]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[14]  Bo-Yin Yang,et al.  A More Secure and Efficacious TTS Signature Scheme , 2003, ICISC.

[15]  Ludovic Perret,et al.  The Digital Signature Scheme MQQ-SIG , 2010, IACR Cryptol. ePrint Arch..

[16]  Nicholas Pippenger,et al.  On the evaluation of powers and related problems , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[17]  Peter Schwabe,et al.  NEON Crypto , 2012, CHES.

[18]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[19]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[20]  Patrick Longa,et al.  Four-Dimensional Gallant–Lambert–Vanstone Scalar Multiplication , 2011, Journal of Cryptology.

[21]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.