13 Hits in 8.9 sec

Scalar Multiplication on Koblitz Curves Using the Frobenius Endomorphism and Its Combination with Point Halving: Extensions and Mathematical Analysis

Roberto M. Avanzi, Clemens Heuberger, Helmut Prodinger
2006 Algorithmica  
In this paper we prove the optimality and other properties of the τ -adic nonadjacent form: this expansion has been introduced in order to efficiently compute scalar multiplications on Koblitz curves.  ...  We also refine and extend results about double expansions of scalars introduced by Avanzi, Ciet and Sica in order to further improve scalar multiplications.  ...  The present paper deals with properties of integer expansions which are associated to Koblitz curves, as well as with techniques combining point halving and Frobenius expansions introduced in [2] .  ... 
doi:10.1007/s00453-006-0105-9 fatcat:lnqnthkklnggbns5stz4wgyjay

Minimality of the Hamming Weight of the τ-NAF for Koblitz Curves and Improved Combination with Point Halving [chapter]

Roberto Maria Avanzi, Clemens Heuberger, Helmut Prodinger
2006 Lecture Notes in Computer Science  
At PKC 2004, Avanzi, Ciet, and Sica combined Frobenius operations with one point halving to compute scalar multiplications on Koblitz curves using on average 14% less group additions than with the usual  ...  In order to efficiently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used.  ...  The authors wish to express their gratitude to the anonymous reviewers for their remarks and suggestions.  ... 
doi:10.1007/11693383_23 fatcat:qwbemakqyfhxbl7i5sfm4n37ay

Fast elliptic scalar multiplication using new double-base chain and point halving

K.W. Wong, Edward C.W. Lee, L.M. Cheng, Xiaofeng Liao
2006 Applied Mathematics and Computation  
Based on the double-base chain representation of scalar using powers of 2 and 3, we propose a new representation with powers of ½ and 3 instead.  ...  Thus the efficient point halving operation can be incorporated in the new double-base chain to achieve fast scalar multiplication.  ...  Acknowledgement The work presented in this paper was fully supported by a grant from the Research Grants  ... 
doi:10.1016/j.amc.2006.05.111 fatcat:dh33u772jbgghdrbyd3ssuweii

Fast Point Multiplication Algorithms for Binary Elliptic Curves with and without Precomputation [chapter]

Thomaz Oliveira, Diego F. Aranha, Julio López, Francisco Rodríguez-Henríquez
2014 Lecture Notes in Computer Science  
Using a left-to-right double-and-add and a right-to-left halve-and-add Montgomery ladder over a GLS curve, we present some of the fastest timings yet reported in the literature for point multiplication  ...  In addition, we combine these two procedures to compute a multi-core protected scalar multiplication. Furthermore, we designed a novel regular τ -adic scalar expansion for Koblitz curves.  ...  The new variant presented in this work does not require point doublings, but instead, it uses the efficient point halving operation available on binary elliptic curves.  ... 
doi:10.1007/978-3-319-13051-4_20 fatcat:fha5m43lenduxfs554h3sqy2ca

Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields

Darrel Hankerson, Koray Karabina, Alfred Menezes
2009 IEEE transactions on computers  
The analysis differs from the q prime case because of several factors, including the availability of the point halving strategy for elliptic curves over binary fields.  ...  point multiplication method for these curves is significantly faster than point multiplication for general elliptic curves over prime fields.  ...  The GLV and point halving techniques can be combined, with scalar recoding performed as follows. Assume r ≈ 2 2ℓ and let k ′ = 2 ℓ k mod r.  ... 
doi:10.1109/tc.2009.61 fatcat:ychmhogh3nha7eka6ceujcu3he

Efficient implementation of elliptic curve cryptography in wireless sensors

Diego Aranha, Ricardo Dahab, Julio López, Leonardo Oliveira
2010 Advances in Mathematics of Communications  
Our implementation of field multiplication and modular reduction algorithms focuses on the reduction of memory accesses and appears as the fastest result for this platform.  ...  Finite field arithmetic was implemented in C and Assembly and elliptic curve arithmetic was implemented in Koblitz and generic binary curves.  ...  Acknowledgements We would like to thank the referees for their valuable comments and suggestions. Diego F. Aranha is supported by FAPESP, grant no. 2007/06950-0.  ... 
doi:10.3934/amc.2010.4.169 fatcat:6wdwdw6uujgtlh4t6ksj2oitmm

A Survey on Hardware Implementations of Elliptic Curve Cryptosystems [article]

Bahram Rashidi
2017 arXiv   pre-print
We first discuss different elliptic curves, point multiplication algorithms and underling finite field operations over binary fields F2m and prime fields Fp which are used in the literature for hardware  ...  Therefore, in these categories to have a better presentation and comparison, the implementations are presented and distinguished based on type of finite fields.  ...  In Koblitz curves, PD operation can be replaced efficiently by Frobenius endomorphism [11] .  ... 
arXiv:1710.08336v1 fatcat:g3gpz5lzgvc27fboa5tv4kdhze

Recent progress on the elliptic curve discrete logarithm problem

Steven D. Galbraith, Pierrick Gaudry
2015 Designs, Codes and Cryptography  
The elliptic curve discrete logarithm problem (ECDLP) is the following computational problem: Given points P, Q ∈ E(Fq) to find an integer a, if it exists, such that Q = aP .  ...  We survey recent work on the elliptic curve discrete logarithm problem. In particular we review index calculus algorithms using summation polynomials, and claims about their complexity.  ...  The second author also thanks Maike Massierer, Pierre-Jean Spaenlehauer and Vanessa Vitse for various discussions on the topic.  ... 
doi:10.1007/s10623-015-0146-7 fatcat:sh5w53c3hnbhzilz7jrht6fzmy

Twenty Female Mathematicians [article]

Hollis Williams
2021 arXiv   pre-print
The work may be useful as a historical resource, but there is very little biography or history, and the primary focus is on the mathematics.  ...  In fact, the main use will probably be for a student who is coming to a new area of mathematics for the first time and needs an overview of some of the key results and references viewed through the work  ...  It is an interesting exercise to consider how one might take two points on an elliptic curve and obtain a new point. This leads to the group law for elliptic curves.  ... 
arXiv:1910.01730v3 fatcat:2ftlzg73mncvtau6xlgu2ly264

Subgroup Cryptosystems [chapter]

Arjen K. Lenstra
Encyclopedia of Cryptography and Security  
The Frobenius endomorphism in the quadratic extension is used for free inversion.  ...  A similar effect occurs with Koblitz curves or other elliptic curves where the coefficients that define the curve are chosen from a smaller field than the points on the curve (cf. Chapter 5).  ... 
doi:10.1007/0-387-23483-7_418 fatcat:gg3uycmc65a6thhy4gtslscxae

High-speed cryptography and cryptanalysis [article]

Schwabe, P (Peter), Lange, T (Tanja), Bernstein, DJ (Daniel)
The time and effort they spent on teaching, guiding and supporting me is probably best expressed by using the German words for Ph.D. supervisor and saying that they are really a "Doktormutter" and "Doktorvater  ...  He supervised my Diplomarbeit, taught me a lot about elliptic curves and pairings during our joint time in Aachen and Eindhoven, introduced me to my supervisors Tanja Lange and Daniel J.  ...  All software described in this thesis is in the public domain. It is available for download at  ... 
doi:10.6100/ir693478 fatcat:2pkag6c6lrfrhghfbp6ui5uxji

On the Cryptanalysis of Public-Key Cryptography

Joppe Willem Bos
For instance, for socalled Koblitz curves [125] over binary extension fields (which are not covered by our definition in Section 2.4), the Frobenius automorphism of the finite field can be used to define  ...  A common optimization is to halve the search space by identifying a point with its inverse [73, 86, 204] .  ...  B1 GMP-ECM [ Elliptic Curve Constant Scalar Multiplication Most of the addition/subtraction chain based approaches to compute the ECSM used in practice use the w-bit windowing technique, for some  ... 
doi:10.5075/epfl-thesis-5291 fatcat:5uxpphg2r5h2fmszp6xtaq6hqe

Parallel cryptanalysis [article]

Niederhagen, RF (Ruben), Lange, T (Tanja), Bernstein, DJ (Daniel), Cheng, CM (Chen-Mou)
Bernstein and Tanja Lange as well as my supervisors in Taiwan, Chen-Mou Cheng and Bo -YinYang, for the opportunity to enjoy my PhD studies commuting between the Netherlands and Taiwan.  ...  Furthermore, I would like to thank them for their support throughout my studies and the writing of my thesis.  ...  The given elliptic curve is the Koblitz curve E : y 2 + xy = x 3 + 1 over the finite field F 2 131 ; the two given points P and Q have order , where is a 129-bit prime.  ... 
doi:10.6100/ir731259 fatcat:vl52gfmjrbfr3myv5xcq4aiu6q