Point compression for Koblitz elliptic curves
نویسندگان
چکیده
Elliptic curves over finite fields have applications in public key cryptography. A Koblitz curve is an elliptic curve E over F2; the group E(F2n ) has convenient features for efficient implementation of elliptic curve cryptography. Wiener and Zuccherato and Gallant, Lambert and Vanstone showed that one can accelerate the Pollard rho algorithm for the discrete logarithm problem on Koblitz curves. This implies that when using Koblitz curves, one has a lower security per bit than when using general elliptic curves defined over the same field. Hence for a fixed security level, systems using Koblitz curves require slightly more bandwidth. We present a method to reduce this bandwidth when a normal basis representation for F2n is used. Our method is appropriate for applications such as Diffie-Hellman key exchange or Elgamal encryption. We show that, with a low probability of failure, our method gives the expected bandwidth for a given security level.
منابع مشابه
Fast point multiplication on Koblitz curves: Parallelization method and implementations
Point multiplication is required in every elliptic curve cryptosystem and its efficient implementation is essential. Koblitz curves are a family of curves defined over F2m allowing notably faster computation. We discuss implementation of point multiplication on Koblitz curves with parallel field multipliers. We present a novel parallelization method utilizing point operation interleaving. FPGA ...
متن کاملLightweight Coprocessor for Koblitz Curves: 283-Bit ECC Including Scalar Conversion with only 4300 Gates
We propose a lightweight coprocessor for 16-bit microcontrollers that implements high security elliptic curve cryptography. It uses a 283-bit Koblitz curve and offers 140-bit security. Koblitz curves offer fast point multiplications if the scalars are given as specific τ -adic expansions, which results in a need for conversions between integers and τ -adic expansions. We propose the first light...
متن کاملSublinear Scalar Multiplication on Hyperelliptic Koblitz Curves
Recently, Dimitrov et. al. [4] proposed a novel algorithm for scalar multiplication of points on elliptic Koblitz curves that requires a provably sublinear number of point additions in the size of the scalar. Following some ideas used by this article, most notably double-base expansions for integers, we generalize their methods to hyperelliptic Koblitz curves of arbitrary genus over any nite el...
متن کاملEfficient Arithmetic on Koblitz Curves
It has become increasingly common to implement discrete-logarithm based public-key protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast...
متن کاملHow to Use Koblitz Curves on Small Devices?
Koblitz curves allow very efficient scalar multiplications because point doublings can be traded for cheap Frobenius endomorphisms by representing the scalar as a τ -adic expansion. Typically elliptic curve cryptosystems, such as ECDSA, also require the scalar as an integer. This results in a need for conversions between integers and the τ -adic domain, which are costly and prevent from using K...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009