On Modular Decomposition of Integers

Authors:
Billy Bob Brumley;Kaisa Nyberg
Affiliations:
Department of Information and Computer Science, Helsinki University of Technology, TKK, Finland FI-02015;Department of Information and Computer Science, Helsinki University of Technology, TKK, Finland FI-02015 and Nokia Research Center, Finland
Venue:
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Year:
2009

Citing 8
Cited 0

On Lova´sz' lattice reduction and the nearest lattice point problem

Combinatorica
Integer Decomposition for Fast Scalar Multiplication on Elliptic Curves

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Analysis of the Gallant-Lambert-Vanstone Method Based on Efficient Endomorphisms: Elliptic and Hyperelliptic Curves

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves

PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Distribution results for low-weight binary representations for pairs of integers

Theoretical Computer Science - Combinatorics of the discrete plane and tilings
Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Accelerated verification of ECDSA signatures

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

Quantified Score

Hi-index	0.01

Visualization

Abstract

At Crypto 2001, Gallant et al. showed how to exploit fast endomorphisms on some specific classes of elliptic curves to obtain fast scalar multiplication. The GLV method works by decomposing scalars into two small portions using multiplications, divisions, and rounding operations in the rationals. We present a new simple method based on the extended Euclidean algorithm that uses notably different operations than that of traditional decomposition. We obtain strict bounds on each component. Additionally, we examine the use of random decompositions, useful for key generation or cryptosystems requiring ephemeral keys. Specifically, we provide a complete description of the probability distribution of random decompositions and give bounds for each component in such a way that ensures a concrete level of entropy. This is the first analysis on distribution of random decompositions in GLV allowing the derivation of the entropy and thus an answer to the question first posed by Gallant in 1999.