Fourℚ: Four-Dimensional Decompositions on a ℚ-curve over the Mersenne Prime
نویسندگان
چکیده
We introduce FourQ, a high-security, high-performance elliptic curve that targets the 128 bit security level. At the highest level, cryptographic scalar multiplications on FourQ can use a fourdimensional Gallant-Lambert-Vanstone decomposition to minimize the total number of elliptic curve group operations. At the group arithmetic level, FourQ admits the use of extended twisted Edwards coordinates and can therefore exploit the fastest known elliptic curve addition formulas over large char acteristic fields. Finally, at the finite field level, arithmetic is performed modulo the extremely fast Mersenne prime p = 2 − 1. We show that this powerful combination facilitates scalar multiplications that are significantly faster than all prior works. On Intel’s Ivy Bridge and Sandy Bridge architectures, our software computes a variable-base scalar multiplication in 73,000 cycles and 76,000 cycles, respec tively; and, on the same platforms, our software computes a Diffie-Hellman shared secret in 119,000 cycles and 126,000 cycles, respectively.
منابع مشابه
FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime
We introduce FourQ, a high-security, high-performance elliptic curve that targets the 128bit security level. At the highest arithmetic level, cryptographic scalar multiplications on FourQ can use a four-dimensional Gallant-Lambert-Vanstone decomposition to minimize the total number of elliptic curve group operations. At the group arithmetic level, FourQ admits the use of extended twisted Edward...
متن کاملAn elliptic curve test for Mersenne primes
Let l ≥ 3 be a prime, and let p = 2 − 1 be the corresponding Mersenne number. The Lucas-Lehmer test for the primality of p goes as follows. Define the sequence of integers xk by the recursion x0 = 4, xk = x 2 k−1 − 2. Then p is a prime if and only if each xk is relatively prime to p, for 0 ≤ k ≤ l − 3, and gcd(xl−2, p) > 1. We show, in the first section, that this test is based on the successiv...
متن کاملSimple Power Analysis on Fast Modular Reduction with Generalized Mersenne Prime for Elliptic Curve Cryptosystems
We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes conditional reduct...
متن کاملFour ℚ on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime Characteristic Fields
We present fast and compact implementations of FourQ (ASIACRYPT 2015) on field-programmable gate arrays (FPGAs), and demonstrate, for the first time, the high efficiency of this new elliptic curve on reconfigurable hardware. By adapting FourQ’s algorithms to hardware, we design FPGA-tailored architectures that are significantly faster than any other ECC alternative over large prime characterist...
متن کاملThe HECTOR BAT
We use the hyperelliptic curve C : y + xy = x + tx + x + t over the field F2[t]/(t 113 + t + 1) which was generated by Wouter Castryck, Katholieke Universiteit Leuven, Belgium. The choice of the finite field takes into account three aspects: Firstly, it allows for an order of the divisor class group of appropriate size for the desired security level. Secondly, the extension degree of F2 was cho...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015