Results 11  20
of
91
Signed binary representations revisited
 Proceedings of CRYPTO’04
, 2004
"... Abstract. The most common method for computing exponentiation of random elements in Abelian groups are sliding window schemes, which enhance the efficiency of the binary method at the expense of some precomputation. In groups where inversion is easy (e.g. elliptic curves), signed representations of ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
Abstract. The most common method for computing exponentiation of random elements in Abelian groups are sliding window schemes, which enhance the efficiency of the binary method at the expense of some precomputation. In groups where inversion is easy (e.g. elliptic curves), signed representations of the exponent are meaningful because they decrease the amount of required precomputation. The asymptotic best signed method is wNAF, because it minimizes the precomputation effort whilst the nonzero density is nearly optimal. Unfortunately, wNAF can be computed only from the least significant bit, i.e. righttoleft. However, in connection with memory constraint devices lefttoright recoding schemes are by far more valuable. In this paper we define the MOF (Mutual Opposite Form), a new canonical representation of signed binary strings, which can be computed in any order. Therefore we obtain the first lefttoright signed exponentrecoding scheme for general width w by applying the width w sliding window conversion on MOF lefttoright. Moreover, the analogue righttoleft conversion on MOF yields wNAF, which indicates that the new class is the natural lefttoright analogue to the useful wNAF. Indeed, the new class inherits the outstanding properties of wNAF, namely the required precomputation and the achieved nonzero density are exactly the same.
Faster scalar multiplication on Koblitz curves combining point halving with the Frobenius endomorphism
 in Proceedings of the 7th International Workshop on Theory and Practice in Public Key Cryptography, PKC 2004
"... on occasion of the birth of his daughter Seraina. Abstract. Let E be an elliptic curve defined over F2n. The inverse operation of point doubling, called point halving, can be done up to three times as fast as doubling. Some authors have therefore proposed to perform a scalar multiplication by an “ha ..."
Abstract

Cited by 16 (9 self)
 Add to MetaCart
(Show Context)
on occasion of the birth of his daughter Seraina. Abstract. Let E be an elliptic curve defined over F2n. The inverse operation of point doubling, called point halving, can be done up to three times as fast as doubling. Some authors have therefore proposed to perform a scalar multiplication by an “halveandadd ” algorithm, which is faster than the classical doubleandadd method. If the coefficients of the equation defining the curve lie in a small subfield of F2n, one can use the Frobenius endomorphism τ of the field extension to replace doublings. Since the cost of τ is negligible if normal bases are used, the scalar multiplication is written in “base τ ” and the resulting “τandadd ” algorithm gives very good performance. For elliptic Koblitz curves, this work combines the two ideas for the first time to achieve a novel decomposition of the scalar. This gives a new scalar multiplication algorithm which is up to 14.29 % faster than the Frobenius method, without any additional precomputation.
Scalar Multiplication on Koblitz Curves Using Double Bases
, 2006
"... The paper is an examination of doublebase decompositions of integers n, namely expansions loosely of the form X i,j A for some base B}. This was examined in previous works [3, 4], in the case when A, B lie in N. ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
The paper is an examination of doublebase decompositions of integers n, namely expansions loosely of the form X i,j A for some base B}. This was examined in previous works [3, 4], in the case when A, B lie in N.
Elliptic Curve Cryptography on a Palm OS Device
 The 6th Australasian Conference on Information Security and Privacy
, 2001
"... ..."
(Show Context)
Random small hamming weight products with applications to cryptography
 Issue 1  special issue on the 2000 com2MaC workshop on cryptography
, 2003
"... Abstract. There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field �2 n, ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
Abstract. There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field �2 n,
Alternative digit sets for nonadjacent representations, Selected areas in cryptography
 Lecture Notes in Comput. Sci
, 2004
"... Abstract. It is known that every positive integer n can be represented as a finite sum of the form n = P ai2 i, where ai ∈ {0, 1, −1} for all i, and no two consecutive ai’s are nonzero. Such sums are called nonadjacent representations. Nonadjacent representations are useful in efficiently implement ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
(Show Context)
Abstract. It is known that every positive integer n can be represented as a finite sum of the form n = P ai2 i, where ai ∈ {0, 1, −1} for all i, and no two consecutive ai’s are nonzero. Such sums are called nonadjacent representations. Nonadjacent representations are useful in efficiently implementing elliptic curve arithmetic for cryptographic applications. In this paper, we investigate if other digit sets of the form {0, 1, x}, where x is an integer, provide each positive integer with a nonadjacent representation. If a digit set has this property we call it a nonadjacent digit set (NADS). We present an algorithm to determine if {0, 1, x} is a NADS; and if it is, we present an algorithm to efficiently determine the nonadjacent representation of any positive integer. We also present some necessary and sufficient conditions for {0, 1, x} to be a NADS. These conditions are used to exhibit infinite families of integers x such that {0, 1, x} is a NADS, as well as infinite families of x such that {0, 1, x} is not a NADS. 1
Improved algorithms for efficient arithmetic on elliptic curves using fast endomorphisms
 Advances in Cryptology  Proceedings of Eurocrypt 2003
, 2003
"... Abstract. In most algorithms involving elliptic curves, the most expensive part consists in computing multiples of points. This paper investigates how to extend the τadic expansion from Koblitz curves to a larger class of curves defined over a prime field having an efficientlycomputable endomorphi ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In most algorithms involving elliptic curves, the most expensive part consists in computing multiples of points. This paper investigates how to extend the τadic expansion from Koblitz curves to a larger class of curves defined over a prime field having an efficientlycomputable endomorphism φ in order to perform an efficient point multiplication with efficiency similar to Solinas ’ approach presented at CRYPTO ’97. Furthermore, many elliptic curve cryptosystems require the computation of k0P + k1Q. Following the work of Solinas on the Joint Sparse Form, we introduce the notion of φJoint Sparse Form which combines the advantages of a φexpansion with the additional speedup of the Joint Sparse Form. We also present an efficient algorithm to obtain the φJoint Sparse Form. Then, the double exponentiation can be done using the φ endomorphism instead of doubling, resulting in an average of l applications of φ and l/2 additions, where l is the size of the ki’s. This results in an important speedup when the computation of φ is particularly effective, as in the case of Koblitz curves. Keywords. Elliptic curves, fast endomorphisms, Joint Sparse Form. 1
Generic GF(2) arithmetic in software and its application to ECC
 In ACISP (2003
, 2003
"... Abstract. This work discusses generic arithmetic for arbitrary binary fields in the context of elliptic curve cryptography (ECC). ECC is an attractive publickey cryptosystem recently endorsed by the US government for mobile/wireless environments which are limited in terms of their CPU, power, and n ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This work discusses generic arithmetic for arbitrary binary fields in the context of elliptic curve cryptography (ECC). ECC is an attractive publickey cryptosystem recently endorsed by the US government for mobile/wireless environments which are limited in terms of their CPU, power, and network connectivity. Its efficiency enables constrained, mobile devices to establish secure endtoend connections. Hence the server side has to be enabled to perform ECC operations for a vast number of mobile devices that use variable parameters in an efficient way to reduce cost. We present algorithms that are especially suited to highperformance devices like largescaled server computers. We show how to perform an efficient field multiplication for operands of arbitrary size, and how to achieve efficient field reduction for dense polynomials. We also give running times of our implementation for both general elliptic curves and Koblitz curves on various platforms, and analyze the results. Our new algorithms are the fastest algorithms for arbitrary binary fields in literature.
D.: Efficient software implementation of binary field arithmetic using vector instruction sets
 Progress in Cryptology–LATINCRYPT 2010. Lecture Notes in Computer Science
, 2010
"... Abstract. In this paper we describe an efficient software implementation of characteristic 2 fields making extensive use of vector instruction sets commonly found in desktop processors. Field elements are represented in a split form so performancecritical field operations can be formulated in te ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we describe an efficient software implementation of characteristic 2 fields making extensive use of vector instruction sets commonly found in desktop processors. Field elements are represented in a split form so performancecritical field operations can be formulated in terms of simple operations over 4bit sets. In particular, we detail techniques for implementing field multiplication, squaring, square root extraction and present a constantmemory lookupbased multiplication strategy. Our representation makes extensive use of the parallel table lookup (PTLU) instruction recently introduced in popular desktop platforms and follows the trend of accelerating implementations of cryptography through PTLUstyle instructions. We present timings for several binary fields commonly employed for curvebased cryptography and illustrate the presented techniques with executions of the ECDH and ECDSA protocols over binary curves at the 128bit and 256bit security levels standardized by NIST. Our implementation results are compared with publicly available benchmarking data. 1
Weak Fields for ECC
, 2003
"... We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho meth ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We discuss the implications of our observations to elliptic curve cryptography, and list some open problems.