Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Discrete Applied Mathematics
An introduction to the analysis of algorithms
An introduction to the analysis of algorithms
Efficient Arithmetic on Koblitz Curves
Designs, Codes and Cryptography - Special issue on towards a quarter-century of public key cryptography
CM-Curves with Good Cryptographic Properties
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
An Improved Algorithm for Arithmetic on a Family of Elliptic Curves
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Elliptic Scalar Multiplication Using Point Halving
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Software Implementation of Elliptic Curve Cryptography over Binary Fields
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Field inversion and point halving revisited
IEEE Transactions on Computers
On redundant T-adic expansions and non-adjacent digit sets
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Designs, Codes and Cryptography
On the distribution of the coefficients of normal forms for Frobenius expansions
Designs, Codes and Cryptography
Extending scalar multiplication using double bases
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Scalar multiplication on koblitz curves using double bases
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
FPGA implementation of point multiplication on koblitz curves using kleinian integers
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
In order to efficiently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used. One such expansion is the τ-adic NAF, introduced by Solinas. Some properties of this expansion, such as the average weight, are well known, but in the literature there is no proof of its optimality, i.e. that it always has minimal weight. In this paper we provide the first proof of this fact. Point halving, being faster than doubling, is also used to perform fast scalar multiplications on generic elliptic curves over binary fields. Since its computation is more expensive than that of the Frobenius, halving was thought to be uninteresting for Koblitz curves. At PKC 2004, Avanzi, Ciet, and Sica combined Frobenius operations with one point halving to compute scalar multiplications on Koblitz curves using on average 14% less group additions than with the usual τ-and-add method without increasing memory usage. The second result of this paper is an improvement over their expansion. The new representation, called the wide-double-NAF, is not only simpler to compute, but it is also optimal in a suitable sense. In fact, it has minimal Hamming weight among all τ-adic expansions with digits {0,±1} that allow one halving to be inserted in the corresponding scalar multiplication algorithm. The resulting scalar multiplication requires on average 25% less group operations than the Frobenius method, and is thus 12.5% faster than the previously known combination.