Basic digit sets for radix representation
Journal of the ACM (JACM)
Efficient Arithmetic on Koblitz Curves
Designs, Codes and Cryptography - Special issue on towards a quarter-century of public key cryptography
A New Addition Formula for Elliptic Curves over GF(2^n)
IEEE Transactions on Computers
Improved Algorithms for Elliptic Curve Arithmetic in GF(2n)
SAC '98 Proceedings of the Selected Areas in Cryptography
Fast Generation of Pairs (k, [k]P) for Koblitz Elliptic Curves
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Use of Elliptic Curves in Cryptography
CRYPTO '85 Advances in Cryptology
CM-Curves with Good Cryptographic Properties
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Efficient Multiplication on Certain Nonsupersingular Elliptic Curves
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
An Improved Algorithm for Arithmetic on a Family of Elliptic Curves
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Elliptic Scalar Multiplication Using Point Halving
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Alternative Digit Sets for Nonadjacent Representations
SIAM Journal on Discrete Mathematics
Effects of Optimizations for Software Implementations of Small Binary Field Arithmetic
WAIFI '07 Proceedings of the 1st international workshop on Arithmetic of Finite Fields
A note on window τ-NAF algorithm
Information Processing Letters
Delaying and merging operations in scalar multiplication: applications to curve-based cryptosystems
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
On redundant T-adic expansions and non-adjacent digit sets
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Extending scalar multiplication using double bases
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Scalar multiplication on koblitz curves using double bases
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Short memory scalar multiplication on koblitz curves
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Advances in alternative non-adjacent form representations
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Faster and lower memory scalar multiplication on supersingular curves in characteristic three
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
| Hi-index | 0.00 |
This paper investigates some properties of τ-adic expansions of scalars. Such expansions are widely used in the design of scalar multiplication algorithms on Koblitz curves, but at the same time they are much less understood than their binary counterparts. Solinas introduced the width-wτ-adic non-adjacent form for use with Koblitz curves. This is an expansion of integers $${z = \sum_{i=0}^\ell z_i \tau^i}$$, where τ is a quadratic integer depending on the curve, such that z i ¿ 0 implies z w+i-1 = . . . = z i+1 = 0, like the sliding window binary recodings of integers. It uses a redundant digit set, i.e., an expansion of an integer using this digit set need not be uniquely determined if the syntactical constraints are not enforced. We show that the digit sets described by Solinas, formed by elements of minimal norm in their residue classes, are uniquely determined. Apart from this digit set of minimal norm representatives, other digit sets can be chosen such that all integers can be represented by a width-w non-adjacent form using those digits. We describe an algorithm recognizing admissible digit sets. Results by Solinas and by Blake, Murty, and Xu are generalized. In particular, we introduce two new useful families of digit sets. The first set is syntactically defined. As a consequence of its adoption we can also present improved and streamlined algorithms to perform the precomputations in τ-adic scalar multiplication methods. The latter use an improvement of the computation of sums and differences of points on elliptic curves with mixed affine and López---Dahab coordinates. The second set is suitable for low-memory applications, generalizing an approach started by Avanzi, Ciet, and Sica. It permits to devise a scalar multiplication algorithm that dispenses with the initial precomputation stage and its associated memory space. A suitable choice of the parameters of the method leads to a scalar multiplication algorithm on Koblitz Curves that achieves sublinear complexity in the number of expensive curve operations.