Faster Scalar Multiplication on Koblitz Curves Combining Point Halving with the Frobenius Endomorphism
نویسندگان
چکیده
Let E be an elliptic curve defined over F2n . The inverse operation of point doubling, called point halving, can be done up to three times as fast as doubling. Some authors have therefore proposed to perform a scalar multiplication by an “halve-and-add” algorithm, which is faster than the classical double-and-add method. If the coefficients of the equation defining the curve lie in a small subfield of F2n , one can use the Frobenius endomorphism τ of the field extension to replace doublings. Since the cost of τ is negligible if normal bases are used, the scalar multiplication is written in “base τ” and the resulting “τ -and-add” algorithm gives very good performance. For elliptic Koblitz curves, this work combines the two ideas for the first time to achieve a novel decomposition of the scalar. This gives a new scalar multiplication algorithm which is up to 14.29% faster than the Frobenius method, without any additional precomputation.
منابع مشابه
Minimality of the Hamming Weight of the τ -NAF for Koblitz Curves and Improved Combination with Point Halving
In order to efficiently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used. One such expansion is the τ -adic NAF, introduced by Solinas. Some properties of this expansion, such as the average weight, are well known, but in the literature there is no proof of its optimality, i.e. that...
متن کاملMinimality of the Hamming Weight of the T-NAF for Koblitz Curves and Improved Combination with Point Halving
In order to efficiently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used. One such expansion is the τ -adic NAF, introduced by Solinas. Some properties of this expansion, such as the average weight, are well known, but in the literature there is no proof of its optimality, i.e. that...
متن کاملScalar Multiplication on Pairing Friendly Elliptic Curves
Efficient computation of elliptic curve scalar multiplication has been a significant problem since Koblitz [13] and Miller [14] independently proposed elliptic curve cryptography, and several efficient methods of scalar multiplication have been proposed (e.g., [8], [9], [12]). A standard approach for computing scalar multiplication is to use the Frobenius endomorphism. If we compute the s-multi...
متن کاملArithmetic of Supersingular Koblitz Curves in Characteristic Three
We consider digital expansions of scalars for supersingular Koblitz curves in characteristic three. These are positional representations of integers to the base of τ , where τ is a zero of the characteristic polynomial T 2 ± 3T + 3 of a Frobenius endomorphism. They are then applied to the improvement of scalar multiplication on the Koblitz curves. A simple connection between τ -adic expansions ...
متن کاملFaster Implementation of Scalar Multiplication on Koblitz Curves
We design a state-of-the-art software implementation of field and elliptic curve arithmetic in standard Koblitz curves at the 128-bit security level. Field arithmetic is carefully crafted by using the best formulae and implementation strategies available, and the increasingly common native support to binary field arithmetic in modern desktop computing platforms. The i-th power of the Frobenius ...
متن کامل