Efficient Arithmetic on Subfield Elliptic Curves over Small Odd Characteristics

In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, non-adjacent form (NAF) and its generalizations (e.g., generalized non-adjacent form (GNAF) and radix-r non-adjacent form (rNAF) [4, 21]) are proposed for minimizing the nonzero densities in the representations of the scalars. On the other hand, for subfield elliptic curves, Frobenius-adic expansions of the scalars can be used for improving efficiency ([18]). Unfortunately, there are only a few methods apply the techniques of NAF or its analogue to Frobeniusadic expansion, namely τ -adic NAF techniques ([11, 20, 2] and [6]) for Koblitz curves and hyperelliptic Koblitz curves. In this paper, we try to combine these techniques, namely recoding methods for reducing nonzero density and Frobenius-adic expansion, and propose two new efficient recoding methods of scalars for more general family of subfield elliptic curves over odd characteristics. We also prove that the non-zero densities for the new methods are same as those for original GNAF and rNAF. As a result, the speed of the proposed schemes improve between 12.5% and 79% over that for previously known schemes.