Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Efficient Arithmetic on Koblitz Curves
Designs, Codes and Cryptography - Special issue on towards a quarter-century of public key cryptography
CM-Curves with Good Cryptographic Properties
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
An Improved Algorithm for Arithmetic on a Family of Elliptic Curves
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Elliptic Scalar Multiplication Using Point Halving
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A note on window τ-NAF algorithm
Information Processing Letters
Delaying and merging operations in scalar multiplication: applications to curve-based cryptosystems
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Extending scalar multiplication using double bases
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A note on the signed sliding window integer recoding and a left-to-right analogue
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Scalar multiplication on koblitz curves using double bases
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Short memory scalar multiplication on koblitz curves
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Delaying and merging operations in scalar multiplication: applications to curve-based cryptosystems
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Another look at square roots (and other less common operations) in fields of even characteristic
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Designs, Codes and Cryptography
Faster and lower memory scalar multiplication on supersingular curves in characteristic three
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
On the distribution of the coefficients of normal forms for Frobenius expansions
Designs, Codes and Cryptography
Extending scalar multiplication using double bases
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Scalar multiplication on koblitz curves using double bases
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
| Hi-index | 0.00 |
This paper studies τ -adic expansions of scalars, which are important in the design of scalar multiplication algorithms on Koblitz Curves, and are less understood than their binary counterparts. At Crypto '97 Solinas introduced the width-w τ-adic nonadjacent form for use with Koblitz curves. It is an expansion of integers z = Σi=0l ziτi, where τ is a quadratic integer depending on the curve, such that zi ≠ 0 implies zw+i-1 = ... = zi+1 = 0, like the sliding window binary recodings of integers. We show that the digit sets described by Solinas, formed by elements of minimal norm in their residue classes, are uniquely determined. However, unlike for binary representations, syntactic constraints do not necessarily imply minimality of weight. Digit sets that permit recoding of all inputs are characterized, thus extending the line of research begun by Muir and Stinson at SAC 2003 to Koblitz Curves. Two new useful digit sets are introduced: one set makes precomputations easier, the second set is suitable for low-memory applications, generalising an approach started by Avanzi, Ciet, and Sica at PKC 2004 and continued by several authors since. Results by Solinas, and by Blake, Murty, and Xu are generalized. Termination, optimality, and cryptographic applications are considered. We show how to perform a "windowed" scalar multiplication on Koblitz curves without doing precomputations first, thus reducing memory storage dependent on the base point to just one point.