Fast Elliptic Curve Cryptography Using Minimal Weight Conversion of d Integers

In this paper, we reduce computation time of elliptic curve signature verification scheme by proposing the minimal joint Hamming weight conversion for any binary expansions of d integers. The computation time of multi-scalar multiplication, the bottleneck operation of the scheme, strongly depends on the joint Hamming weight. As we represent the scalars using redundant representations, we may represent a number by many expansions. The minimal joint Hamming weight conversion is the algorithm to select the expansion which has the least joint Hamming weight. Many existing works introduce the conversions for some specific representations, and it is not trivial to generalize their algorithms to other representations. On the other hand, our conversion, based on the dynamic programming scheme, is applicable to find the optimal expansions on any binary representations. We also propose the algorithm to generate the Markov chain used for exploring the minimal average Hamming density automatically from our conversion algorithm. In general, the sets of states in our Markov chains are infinite. Then, we introduce a technique to reduce the number of Markov chain states to a finite set. With the technique, we find the average joint Hamming weight of many representations that have never been found. One of the most significant results is that, for the expansion of integer pairs when the digit set is {0,±1,±3} often used in multi-scalar multiplication, we show that the minimal average joint Hamming density is 0.3575, which improves the upper bound value.