Scalar Multiplication on Koblitz Curves Using the Frobenius Endomorphism and Its Combination with Point Halving: Extensions and Mathematical Analysis

2006
Algorithmica
In this paper we prove

In this paper we prove the optimality and other properties of the τ-adic nonadjacent form: this expansion has been introduced in order to efficiently compute scalar multiplications on Koblitz curves. We also refine and extend results about double expansions of scalars introduced by Avanzi, Ciet and Sica in order to further improve scalar multiplications. The present paper deals with properties of integer expansions which are associated to Koblitz curves, as well as with techniques combining point halving and Frobenius expansions introduced in [2].
Minimality of the Hamming Weight of the τ-NAF for Koblitz Curves and Improved Combination with Point Halving
2006
Lecture Notes in Computer Science
At PKC 2004, Avanzi, Ciet,

At PKC 2004, Avanzi, Ciet, and Sica combined Frobenius operations with one point halving to compute scalar multiplications on Koblitz curves using on average 14% less group additions than with the usual methods. In order to efficiently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used.
Fast elliptic scalar multiplication using new double-base chain and point halving

2006
Applied Mathematics and Computation
Based

Based on the double-base chain representation of scalar using powers of 2 and 3, we propose a new representation with powers of ½ and 3 instead. Thus the efficient point halving operation can be incorporated in the new double-base chain to achieve fast scalar multiplication.
Fast Point Multiplication Algorithms for Binary Elliptic Curves with and without Precomputation
2014
Lecture Notes in Computer Science
*Using*a left-to-right double-

*and*-add

*and*a right-to-left

*halve*-

*and*-add Montgomery ladder over a GLS

*curve*, we present some of

*the*fastest timings yet reported in

*the*literature for

*point*

*multiplication*... In addition, we

*combine*these two procedures to compute a multi-core protected

*scalar*

*multiplication*. Furthermore, we designed a novel regular τ -adic

*scalar*expansion for

*Koblitz*

*curves*. ...

*The*new variant presented in this work does not require

*point*doublings, but instead,

*it*

*uses*

*the*efficient

*point*

*halving*operation available

*on*binary elliptic

*curves*. ...

Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields

2009
*
IEEE transactions on computers
*

*The*

*analysis*differs from

*the*q prime case because of several factors, including

*the*availability of

*the*

*point*

*halving*strategy for elliptic

*curves*over binary fields. ...

*point*

*multiplication*method for these

*curves*is significantly faster than

*point*

*multiplication*for general elliptic

*curves*over prime fields. ...

*The*GLV

*and*

*point*

*halving*techniques can be

*combined*,

*with*

*scalar*recoding performed as follows. Assume r ≈ 2 2ℓ

*and*let k ′ = 2 ℓ k mod r. ...

Efficient implementation of elliptic curve cryptography in wireless sensors

2010
*
Advances in Mathematics of Communications
*

Our implementation of field

Our implementation of field multiplication and modular reduction algorithms focuses on the reduction of memory accesses and appears as the fastest result for this platform. Finite field arithmetic was implemented in C and Assembly and elliptic curve arithmetic was implemented in Koblitz and generic binary curves.
A Survey on Hardware Implementations of Elliptic Curve Cryptosystems
2017
*
arXiv
We first discuss different elliptic

We first discuss different elliptic curves, point multiplication algorithms and underling finite field operations over binary fields F2m and prime fields Fp which are used in the literature for hardware implementations. Therefore, in these categories to have a better presentation and comparison, the implementations are presented and distinguished based on type of finite fields. In Koblitz curves, PD operation can be replaced efficiently by Frobenius endomorphism.
Recent progress on the elliptic curve discrete logarithm problem

2015
*
Designs, Codes and Cryptography
*

*The*elliptic

*curve*discrete logarithm problem (ECDLP) is

*the*following computational problem: Given

*points*P, Q ∈ E(Fq) to find an integer a, if

*it*exists, such that Q = aP . ... We survey recent work

*on*

*the*elliptic

*curve*discrete logarithm problem. In particular we review index calculus algorithms

*using*summation polynomials,

*and*claims about their complexity. ...

*The*second author also thanks Maike Massierer, Pierre-Jean Spaenlehauer

*and*Vanessa Vitse for various discussions

*on*

*the*topic. ...

Twenty Female Mathematicians
2021
*
arXiv
*The*work may be

*useful*as a historical resource, but there is very little biography or history,

*and*

*the*primary focus is

*on*

*the*

*mathematics*. ... In fact,

*the*main

*use*will probably be for a student who is coming to a new area of

*mathematics*for

*the*first time

*and*needs an overview of some of

*the*key results

*and*references viewed through

*the*work ...

*It*is an interesting exercise to consider how

*one*might take two

*points*

*on*an elliptic

*curve*

*and*obtain a new

*point*. This leads to

*the*group law for elliptic

*curves*. ...

Subgroup Cryptosystems
Encyclopedia of Cryptography and Security
*The*

*Frobenius*

*endomorphism*in

*the*quadratic

*extension*is

*used*for free inversion. ... A similar effect occurs

*with*

*Koblitz*

*curves*or other elliptic

*curves*where

*the*coefficients that define

*the*

*curve*are chosen from a smaller field than

*the*

*points*

*on*

*the*

*curve*(cf. Chapter 5). ...

High-speed cryptography and cryptanalysis
2011

*The*time

*and*effort they spent

*on*teaching, guiding

*and*supporting me is probably best expressed by

*using*

*the*German words for Ph.D. supervisor

*and*saying that they are really a "Doktormutter"

*and*"Doktorvater ... He supervised my Diplomarbeit, taught me a lot about elliptic

*curves*

*and*pairings during our joint time in Aachen

*and*Eindhoven, introduced me to my supervisors Tanja Lange

*and*Daniel J. ... All software described in this thesis is in

*the*public domain.

*It*is available for download at http://cryptojedi.org/users/peter/thesis/. ...

On the Cryptanalysis of Public-Key Cryptography

2011

For instance, for socalled

For instance, for so-called Koblitz curves over binary extension fields (which are not covered by our definition in Section 2.4), the Frobenius automorphism of the finite field can be used to define efficient operations. A common optimization is to halve the search space by identifying a point with its inverse. Elliptic Curve Constant Scalar Multiplication: Most of the addition/subtraction chain based approaches to compute the ECSM used in practice use the w-bit windowing technique, for some parameter w.
Parallel cryptanalysis
2012

Bernstein

Bernstein and Tanja Lange as well as my supervisors in Taiwan, Chen-Mou Cheng and Bo-Yin Yang, for the opportunity to enjoy my PhD studies commuting between the Netherlands and Taiwan. Furthermore, I would like to thank them for their support throughout my studies and the writing of my thesis. The given elliptic curve is the Koblitz curve E: y² + xy = x³ + 1 over the finite field F2^131; the two given points P and Q have order ℓ, where ℓ is a 129-bit prime.