Two is the fastest prime: lambda coordinates for binary elliptic curves

In this work, we present new arithmetic formulas for a projective version of the affine point representation $$(x,x+y/x),$$(x,x+y/x), for $$x\ne 0,$$x≠0, which leads to an efficient computation of the scalar multiplication operation over binary elliptic curves. A software implementation of our formulas applied to a binary Galbraith–Lin–Scott elliptic curve defined over the field $$\mathbb {F}_{2^{254}}$$F2254 allows us to achieve speed records for protected/unprotected single/multi-core random-point elliptic curve scalar multiplication at the 127-bit security level. When executed on a Sandy Bridge 3.4 GHz Intel Xeon processor, our software is able to compute a single/multi-core unprotected scalar multiplication in 69,500 and 47,900 clock cycles, respectively, and a protected single-core scalar multiplication in 114,800 cycles. These numbers are improved by around 2 and 46 % on the newer Ivy Bridge and Haswell platforms, respectively, achieving in the latter a protected random-point scalar multiplication in 60,000 clock cycles.

[1]  Julio César López-Hernández,et al.  Efficient Software Implementation of Binary Field Arithmetic Using Vector Instruction Sets , 2010, LATINCRYPT.

[2]  Alfred Menezes,et al.  Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields , 2009, IEEE Transactions on Computers.

[3]  M. Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2011, Journal of Cryptology.

[4]  Francisco Rodríguez-Henríquez,et al.  Faster Implementation of Scalar Multiplication on Koblitz Curves , 2012, LATINCRYPT.

[5]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[6]  Tanja Lange,et al.  A note on López-Dahab coordinates , 2004, IACR Cryptol. ePrint Arch..

[7]  Tanja Lange,et al.  Binary Edwards Curves , 2008, CHES.

[8]  Kwang Ho Kim,et al.  A New Method for Speeding Up Arithmetic on Elliptic Curves over Binary Fields , 2007, IACR Cryptol. ePrint Arch..

[9]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[10]  Peter Schwabe,et al.  ECC2K-130 on Cell CPUs , 2010, AFRICACRYPT.

[11]  Brian King,et al.  An Improved Implementation of Elliptic Curves over GF(2) when Using Projective Point Arithmetic , 2001, Selected Areas in Cryptography.

[12]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[13]  Seongan Lim,et al.  Integer Decomposition for Fast Scalar Multiplication on Elliptic Curves , 2002, Selected Areas in Cryptography.

[14]  Ramlan Mahmod,et al.  A New Addition Formula for Elliptic Curves over GF(2n) , 2002, IEEE Trans. Computers.

[15]  Guillermo Morales-Luna,et al.  Low-Complexity Bit-Parallel Square Root Computation over GF(2^{m}) for All Trinomials , 2008, IEEE Transactions on Computers.

[16]  Michael Hamburg,et al.  Fast and compact elliptic-curve cryptography , 2012, IACR Cryptol. ePrint Arch..

[17]  Patrick Longa,et al.  Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and Their Implementation on GLV-GLS Curves , 2014, CT-RSA.

[18]  Donald E. Knuth The Art of Computer Programming 2 / Seminumerical Algorithms , 1971 .

[19]  Craig Costello,et al.  Fast Cryptography in Genus 2 , 2013, Journal of Cryptology.

[20]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[21]  Marc Joye,et al.  Exponent Recoding and Regular Exponentiation Algorithms , 2009, AFRICACRYPT.

[22]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[23]  Francisco Rodríguez-Henríquez,et al.  Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction , 2011, Journal of Cryptographic Engineering.

[24]  Francisco Rodríguez-Henríquez,et al.  Parallel Formulations of Scalar Multiplication on Koblitz Curves , 2008, J. Univers. Comput. Sci..

[25]  Patrick Longa,et al.  Four-Dimensional Gallant–Lambert–Vanstone Scalar Multiplication , 2011, Journal of Cryptology.

[26]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[27]  F. Hess Generalising the GHS attack on the elliptic curve discrete logarithm problem , 2004 .

[28]  Erik Woodward Knudsen,et al.  Elliptic Scalar Multiplication Using Point Halving , 1999, ASIACRYPT.

[29]  Sanjit Chatterjee,et al.  A New Protocol for the Nearby Friend Problem , 2009, IMACC.

[30]  Jongin Lim,et al.  An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves , 2002, Public Key Cryptography.

[31]  Gordon B. Agnew,et al.  An Implementation of Elliptic Curve Cryptosystems Over F2155 , 1993, IEEE J. Sel. Areas Commun..

[32]  Patrick Longa,et al.  Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication (Full version) , 2014 .

[33]  Chae Hoon Lim,et al.  Speeding Up Elliptic Scalar Multiplication with Precomputation , 1999, ICISC.

[34]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[35]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[36]  Kiyomichi Araki,et al.  Overview of Elliptic Curve Cryptography , 1998, Public Key Cryptography.

[37]  Ricardo Dahab,et al.  New Point Compression Algorithms for Binary Curves , 2006, 2006 IEEE Information Theory Workshop - ITW '06 Punta del Este.

[38]  Alfred Menezes,et al.  Field inversion and point halving revisited , 2004, IEEE Transactions on Computers.

[39]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[40]  Roberto Maria Avanzi,et al.  Faster Scalar Multiplication on Koblitz Curves Combining Point Halving with the Frobenius Endomorphism , 2004, Public Key Cryptography.