Results 11  20
of
61
Faster scalar multiplication on Koblitz curves combining point halving with the Frobenius endomorphism
 in Proceedings of the 7th International Workshop on Theory and Practice in Public Key Cryptography, PKC 2004
"... on occasion of the birth of his daughter Seraina. Abstract. Let E be an elliptic curve defined over F2n. The inverse operation of point doubling, called point halving, can be done up to three times as fast as doubling. Some authors have therefore proposed to perform a scalar multiplication by an “ha ..."
Abstract

Cited by 16 (9 self)
 Add to MetaCart
on occasion of the birth of his daughter Seraina. Abstract. Let E be an elliptic curve defined over F2n. The inverse operation of point doubling, called point halving, can be done up to three times as fast as doubling. Some authors have therefore proposed to perform a scalar multiplication by an “halveandadd ” algorithm, which is faster than the classical doubleandadd method. If the coefficients of the equation defining the curve lie in a small subfield of F2n, one can use the Frobenius endomorphism τ of the field extension to replace doublings. Since the cost of τ is negligible if normal bases are used, the scalar multiplication is written in “base τ ” and the resulting “τandadd ” algorithm gives very good performance. For elliptic Koblitz curves, this work combines the two ideas for the first time to achieve a novel decomposition of the scalar. This gives a new scalar multiplication algorithm which is up to 14.29 % faster than the Frobenius method, without any additional precomputation.
Elliptic Curve Cryptography on a Palm OS Device
 The 6th Australasian Conference on Information Security and Privacy — ACISP 2001, volume LNCS 2119
, 2001
"... Abstract. The market for Personal Digital Assistants (PDA) is growing rapidly and PDAs are becoming increasingly interesting for commercial transactions. One requirement for further growing of eCommerce with mobile devices is the provision of security. We implemented elliptic curves over binary fiel ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
Abstract. The market for Personal Digital Assistants (PDA) is growing rapidly and PDAs are becoming increasingly interesting for commercial transactions. One requirement for further growing of eCommerce with mobile devices is the provision of security. We implemented elliptic curves over binary fields on a Palm OS device. We chose the NIST recommended random and Koblitz curves over GF(2 163) that are providing a sufficient level of security for most commercial applications. Using Koblitz curves a typical security protocol like DiffieHellman key exchange or ECDSA signature verification requires less than 2.4 seconds, while ECDSA signature generation can be done in less than 0.9 seconds. This should be tolerated by most users.
Scalar Multiplication on Koblitz Curves Using Double Bases
, 2006
"... The paper is an examination of doublebase decompositions of integers n, namely expansions loosely of the form X i,j A for some base B}. This was examined in previous works [3, 4], in the case when A, B lie in N. ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
The paper is an examination of doublebase decompositions of integers n, namely expansions loosely of the form X i,j A for some base B}. This was examined in previous works [3, 4], in the case when A, B lie in N.
Signed binary representations revisited
 Proceedings of CRYPTO’04
, 2004
"... Abstract. The most common method for computing exponentiation of random elements in Abelian groups are sliding window schemes, which enhance the efficiency of the binary method at the expense of some precomputation. In groups where inversion is easy (e.g. elliptic curves), signed representations of ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Abstract. The most common method for computing exponentiation of random elements in Abelian groups are sliding window schemes, which enhance the efficiency of the binary method at the expense of some precomputation. In groups where inversion is easy (e.g. elliptic curves), signed representations of the exponent are meaningful because they decrease the amount of required precomputation. The asymptotic best signed method is wNAF, because it minimizes the precomputation effort whilst the nonzero density is nearly optimal. Unfortunately, wNAF can be computed only from the least significant bit, i.e. righttoleft. However, in connection with memory constraint devices lefttoright recoding schemes are by far more valuable. In this paper we define the MOF (Mutual Opposite Form), a new canonical representation of signed binary strings, which can be computed in any order. Therefore we obtain the first lefttoright signed exponentrecoding scheme for general width w by applying the width w sliding window conversion on MOF lefttoright. Moreover, the analogue righttoleft conversion on MOF yields wNAF, which indicates that the new class is the natural lefttoright analogue to the useful wNAF. Indeed, the new class inherits the outstanding properties of wNAF, namely the required precomputation and the achieved nonzero density are exactly the same.
Random small hamming weight products with applications to cryptography
 Issue 1  special issue on the 2000 com2MaC workshop on cryptography
, 2003
"... Abstract. There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field �2 n, ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Abstract. There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field �2 n,
Improved algorithms for efficient arithmetic on elliptic curves using fast endomorphisms
 Advances in Cryptology  Proceedings of Eurocrypt 2003
, 2003
"... Abstract. In most algorithms involving elliptic curves, the most expensive part consists in computing multiples of points. This paper investigates how to extend the τadic expansion from Koblitz curves to a larger class of curves defined over a prime field having an efficientlycomputable endomorphi ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. In most algorithms involving elliptic curves, the most expensive part consists in computing multiples of points. This paper investigates how to extend the τadic expansion from Koblitz curves to a larger class of curves defined over a prime field having an efficientlycomputable endomorphism φ in order to perform an efficient point multiplication with efficiency similar to Solinas ’ approach presented at CRYPTO ’97. Furthermore, many elliptic curve cryptosystems require the computation of k0P + k1Q. Following the work of Solinas on the Joint Sparse Form, we introduce the notion of φJoint Sparse Form which combines the advantages of a φexpansion with the additional speedup of the Joint Sparse Form. We also present an efficient algorithm to obtain the φJoint Sparse Form. Then, the double exponentiation can be done using the φ endomorphism instead of doubling, resulting in an average of l applications of φ and l/2 additions, where l is the size of the ki’s. This results in an important speedup when the computation of φ is particularly effective, as in the case of Koblitz curves. Keywords. Elliptic curves, fast endomorphisms, Joint Sparse Form. 1
Generic GF(2) arithmetic in software and its application to ECC
 In ACISP (2003
, 2003
"... Abstract. This work discusses generic arithmetic for arbitrary binary fields in the context of elliptic curve cryptography (ECC). ECC is an attractive publickey cryptosystem recently endorsed by the US government for mobile/wireless environments which are limited in terms of their CPU, power, and n ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. This work discusses generic arithmetic for arbitrary binary fields in the context of elliptic curve cryptography (ECC). ECC is an attractive publickey cryptosystem recently endorsed by the US government for mobile/wireless environments which are limited in terms of their CPU, power, and network connectivity. Its efficiency enables constrained, mobile devices to establish secure endtoend connections. Hence the server side has to be enabled to perform ECC operations for a vast number of mobile devices that use variable parameters in an efficient way to reduce cost. We present algorithms that are especially suited to highperformance devices like largescaled server computers. We show how to perform an efficient field multiplication for operands of arbitrary size, and how to achieve efficient field reduction for dense polynomials. We also give running times of our implementation for both general elliptic curves and Koblitz curves on various platforms, and analyze the results. Our new algorithms are the fastest algorithms for arbitrary binary fields in literature.
Elliptic curve cryptography: The serpentine course of a paradigm shift
 J. NUMBER THEORY
, 2008
"... Over a period of sixteen years elliptic curve cryptography went from being an approach that many people mistrusted or misunderstood to being a public key technology that enjoys almost unquestioned acceptance. We describe the sometimes surprising twists and turns in this paradigm shift, and compare ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Over a period of sixteen years elliptic curve cryptography went from being an approach that many people mistrusted or misunderstood to being a public key technology that enjoys almost unquestioned acceptance. We describe the sometimes surprising twists and turns in this paradigm shift, and compare this story with the commonly accepted Ideal Model of how research and development function in cryptography. We also discuss to what extent the ideas in the literature on “social construction of technology” can contribute to a better understanding of this history.
Weak Fields for ECC
, 2003
"... We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We discuss the implications of our observations to elliptic curve cryptography, and list some open problems.
On MultiExponentiation In Cryptography
, 2002
"... We describe and analyze new combinations of multiexponentiation algorithms with representations of the exponents. We deal mainly but not exclusively with the case where the inversion of group elements is fast: This is true for example for elliptic curves, groups of rational divisor classes of hy ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We describe and analyze new combinations of multiexponentiation algorithms with representations of the exponents. We deal mainly but not exclusively with the case where the inversion of group elements is fast: This is true for example for elliptic curves, groups of rational divisor classes of hyperelliptic curves, trace zero varieties and XTR.