A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases
Information and Computation
Efficient Arithmetic on Koblitz Curves
Designs, Codes and Cryptography - Special issue on towards a quarter-century of public key cryptography
Itoh-Tsujii Inversion in Standard Basis and Its Application in Cryptography and Codes
Designs, Codes and Cryptography
A New Addition Formula for Elliptic Curves over GF(2^n)
IEEE Transactions on Computers
Software Implementation of the NIST Elliptic Curves Over Prime Fields
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Improved Algorithms for Elliptic Curve Arithmetic in GF(2n)
SAC '98 Proceedings of the Selected Areas in Cryptography
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CM-Curves with Good Cryptographic Properties
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
The Solution of McCurley's Discrete Log Challenge
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Guide to Elliptic Curve Cryptography
Guide to Elliptic Curve Cryptography
Five, Six, and Seven-Term Karatsuba-Like Formulae
IEEE Transactions on Computers
Parallel Itoh---Tsujii multiplicative inversion algorithm for a special class of trinomials
Designs, Codes and Cryptography
Improved Polynomial Multiplication Formulas over $IF₂$ Using Chinese Remainder Theorem
IEEE Transactions on Computers
Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Efficient techniques for high-speed elliptic curve cryptography
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Efficient software implementation of binary field arithmetic using vector instruction sets
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
High-speed high-security signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Impact of Intel's new instruction sets on software implementation of GF(2)[x] multiplication
Information Processing Letters
Four-Dimensional gallant-lambert-vanstone scalar multiplication
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Lambda coordinates for binary elliptic curves
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
We design a state-of-the-art software implementation of field and elliptic curve arithmetic in standard Koblitz curves at the 128-bit security level. Field arithmetic is carefully crafted by using the best formulae and implementation strategies available, and the increasingly common native support to binary field arithmetic in modern desktop computing platforms. The i-th power of the Frobenius automorphism on Koblitz curves is exploited to obtain new and faster interleaved versions of the well-known τNAF scalar multiplication algorithm. The usage of the $\tau^{\lfloor m/3 \rfloor}$ and $\tau^{\lfloor m/4 \rfloor}$ maps are employed to create analogues of the 3-and 4-dimensional GLV decompositions and in general, the $\lfloor m/s \rfloor$-th power of the Frobenius automorphism is applied as an analogue of an s-dimensional GLV decomposition. The effectiveness of these techniques is illustrated by timing the scalar multiplication operation for fixed, random and multiple points. In particular, our library is able to compute a random point scalar multiplication in just below 105 clock cycles, which sets a new speed record across all curves with or without endomorphisms defined over binary or prime fields. The results of our optimized implementation suggest a trade-off between speed, compliance with the published standards and side-channel protection. Finally, we estimate the performance of curve-based cryptographic protocols instantiated using the proposed techniques and compare our results to related work.