Results 1  10
of
13
Scalar Multiplication on Koblitz Curves Using Double Bases
, 2006
"... The paper is an examination of doublebase decompositions of integers n, namely expansions loosely of the form X i,j A for some base B}. This was examined in previous works [3, 4], in the case when A, B lie in N. ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
The paper is an examination of doublebase decompositions of integers n, namely expansions loosely of the form X i,j A for some base B}. This was examined in previous works [3, 4], in the case when A, B lie in N.
Extending scalar multiplication using double bases
 In: proceedings of Asiacrypt 2006. Lecture Notes in Comput. Sci
, 2006
"... Abstract. It has been recently acknowledged [4, 6, 9] that the use of double bases representations of scalars n, that is an expression of the form n = � e,s,t (−1)eA s B t can speed up significantly scalar multiplication on those elliptic curves where multiplication by one base (say B) is fast. This ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
Abstract. It has been recently acknowledged [4, 6, 9] that the use of double bases representations of scalars n, that is an expression of the form n = � e,s,t (−1)eA s B t can speed up significantly scalar multiplication on those elliptic curves where multiplication by one base (say B) is fast. This is the case in particular of Koblitz curves and supersingular curves, where scalar multiplication can now be achieved in o(log n) curve additions. Previous literature dealt basically with supersingular curves (in characteristic 3, although the methods can be easily extended to arbitrary characteristic), where A, B ∈ N. Only [4] attempted to provide a similar method for Koblitz curves, where at least one base must be nonreal, although their method does not seem practical for cryptographic sizes (it is only asymptotic), since the constants involved are too large. We provide here a unifying theory by proposing an alternate recoding algorithm which works in all cases with optimal constants. Furthermore, it
Mathematical Background of Public Key Cryptography
 AGCT 2003), Sémin. Congr
, 2005
"... Abstract. — The two main systems used for public key cryptography are RSA and protocols based on the discrete logarithm problem in some cyclic group. We focus on the latter problem and state cryptographic protocols and mathematical background material. Résumé (Éléments mathématiques de la cryptograp ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Abstract. — The two main systems used for public key cryptography are RSA and protocols based on the discrete logarithm problem in some cyclic group. We focus on the latter problem and state cryptographic protocols and mathematical background material. Résumé (Éléments mathématiques de la cryptographie à clef publique). — Les deux systèmes principaux de cryptographie à clef publique sont RSA et le calcul de logarithmes discrets dans un groupe cyclique. Nous nous intéressons aux logarithmes discrets et présentons les faits mathématiques qu’il faut connaître pour apprendre la cryptographie mathématique. 1. Data Security and Arithmetic Cryptography is, in the true sense of the word, a classic discipline: we find it in Mesopotamia and Caesar used it. Typically, the historical examples involve secret services and military. Information is exchanged amongst a limited community in which each member is to be trusted. Like Caesar’s chiffre these systems were entirely symmetric. Thus, the communicating parties needed to have a common key which is used to de and encrypt. The key exchange posed a problem (and gives a marvellous plot for spynovels) but the number of people involved was rather bounded. This has changed dramatically because of electronic communication in public networks. Since 2000 Mathematics Subject Classification. — 11T71. Key words and phrases. — Elliptic curve cryptography, mathematics of public key cryptography, hyperelliptic curves. The authors would like to thank the organizers of the conference for generous support, an interesting program and last but not least for a very inspiring and pleasant atmosphere. The second author acknowledges financial support by STORK
On Redundant τadic Expansions and NonAdjacent Digit Sets
 in Proceedings of SAC 2006 (Workshop on Selected Areas in Cryptography), Lecture Notes in Computer Science
"... Abstract. This paper studies τadic expansions of scalars, which are important in the design of scalar multiplication algorithms for Koblitz Curves, but are also less understood than their binary counterparts. At Crypto ’97 Solinas introduced the widthw τadic nonadjacent form for use with Koblitz ..."
Abstract

Cited by 6 (6 self)
 Add to MetaCart
Abstract. This paper studies τadic expansions of scalars, which are important in the design of scalar multiplication algorithms for Koblitz Curves, but are also less understood than their binary counterparts. At Crypto ’97 Solinas introduced the widthw τadic nonadjacent form for use with Koblitz curves. It is an expansion of integers z = Pℓ i=0 ziτ i, where τ is a quadratic integer depending on the curve, such that zi � = 0 implies zw+i−1 =... = zi+1 = 0, like the sliding window binary recodings of integers. We show that the digit sets described by Solinas, formed by elements of minimal norm in their residue classes, are uniquely determined. However, unlike for binary representations, syntactic constraints do not necessarily imply minimality of weight. Digit sets that permit recoding of all inputs are characterized, thus extending the line of research begun by Muir and Stinson at SAC 2003 to the Koblitz Curve setting. Two new digit sets are introduced with useful properties; one set makes precomputations easier, the second set is suitable for lowmemory applications, generalising an approach started by Avanzi, Ciet, and Sica at PKC 2004 and continued by several authors since, including Okeya, Takagi and Vuillaume. Results by Solinas, and by Blake, Murty, and Xu are generalized. Termination, optimality, and cryptographic applications are considered. The most important application is the ability to perform arbitrary windowed scalar multiplication on Koblitz curves without storing any precomputations first, thus reducing memory storage to just one point and the scalar itself. 1
Scalar Multiplication on Koblitz Curves Using the Frobenius Endomorphism and its Combination with Point Halving: Extensions and Mathematical Analysis
, 2006
"... In this paper we prove the optimality and other properties of the τadic nonadjacent form: this expansion has been introduced in order to efficiently compute scalar multiplications on Koblitz curves. We also refine and extend results about double expansions of scalars introduced by Avanzi, Ciet an ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
In this paper we prove the optimality and other properties of the τadic nonadjacent form: this expansion has been introduced in order to efficiently compute scalar multiplications on Koblitz curves. We also refine and extend results about double expansions of scalars introduced by Avanzi, Ciet and Sica in order to further improve scalar multiplications. Our double expansions are optimal and their properties are carefully analysed. In particular we provide first and second order terms for the expected weight, determine the variance and prove a central limit theorem. Transducers for all the involved expansions are provided, as well as automata accepting all expansions of minimal weight.
Short Memory Scalar Multiplication on Koblitz Curves
 In Proceedings of CHES 2005, Lecture Notes in Computer Science 3659
, 2005
"... Abstract. We present a new method for computing the scalar multiplication on Koblitz curves. Our method is as fast as the fastest known technique but requires much less memory. We propose two settings for our method. In the first setting, wellsuited for hardware implementations, memory requirements ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We present a new method for computing the scalar multiplication on Koblitz curves. Our method is as fast as the fastest known technique but requires much less memory. We propose two settings for our method. In the first setting, wellsuited for hardware implementations, memory requirements are reduced by 85%. In the second setting, wellsuited for software implementations, our technique reduces the memory consumption by 70%. Thus, with much smaller memory usage, the proposed method yields the same efficiency as the fastest scalar multiplication schemes on Koblitz curves.
Another Look at Square Roots and Traces (and Quadratic Equations) in Fields of Even Characteristic
"... Abstract. We discuss irreducible polynomials that can be used to speed up square root extraction in fields of characteristic two. The obvious applications are to point halving methods for elliptic curves and divisor halving methods for hyperelliptic curves. Irreducible polynomials P(X) such that the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We discuss irreducible polynomials that can be used to speed up square root extraction in fields of characteristic two. The obvious applications are to point halving methods for elliptic curves and divisor halving methods for hyperelliptic curves. Irreducible polynomials P(X) such that the square root ζ of a zero x of P(X) is a sparse polynomial are considered and those for which ζ has minimal degree are characterized. We reveal a surprising connection between the minimality of this degree and the extremality of the the number of trace one elements in the polynomial base associated to P(X). We also show how to improve the speed of solving quadratic equations and that the increase in the time required to perform modular reduction is marginal and does not affect performance adversely. Experimental results confirm that the new polynomials mantain their promises; These results generalize work by Fong et al. to polynomials other than trinomials. Point halving gets a speedup of 20 % and the performance of scalar multiplication based on point halving is improved by at least 11%.
Fast scalar multiplication in ECC using the multi base number system
 International Journal of Computer Science Issues
, 2011
"... As a generalization of double base chains, multibase number system is very suitable for efficient computation of scalar multiplication of a point of elliptic curve because of shorter representation length and hamming weight. In this paper combined with the given formulas for computing the 7 Fold of ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
As a generalization of double base chains, multibase number system is very suitable for efficient computation of scalar multiplication of a point of elliptic curve because of shorter representation length and hamming weight. In this paper combined with the given formulas for computing the 7 Fold of an elliptic curve point P an efficient scalar multiplication algorithm of elliptic curve is proposed using 2, 3 and 7 as basis of the multi based number system. The algorithms cost less compared with Shamirs trick and interleaving with NAFs method. Key words: scalar multiplication, elliptic curve, double base number system, multibase number system, double chain, septupling. 1
DEVELOPMENT OF CURVE BASED CRYPTOGRAPHY
"... The last years have witnessed tremendous developments in the field of curve based cryptography. First proposed in 1985 by Koblitz and Miller, elliptic curve cryptography (ECC) slowly proved itself to be a valid alternative to RSA. Later, also hyperelliptic curves have been added to the arsenal of cr ..."
Abstract
 Add to MetaCart
The last years have witnessed tremendous developments in the field of curve based cryptography. First proposed in 1985 by Koblitz and Miller, elliptic curve cryptography (ECC) slowly proved itself to be a valid alternative to RSA. Later, also hyperelliptic curves have been added to the arsenal of cryptographic primitives. Today curve based cryptography is a well established technology. In this survey we shall first very broadly review its development, and we shall then move to a survey of recent results dealing specifically with Koblitz curves.
Minimality of the Hamming Weight of the τNAF for Koblitz Curves and Improved Combination with Point Halving
 In: SAC 2005. Volume 3897 of LNCS. (2005) 332–344
, 2005
"... In order to e#ciently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used. One such expansion is the #adic NAF, introduced by Solinas. Some properties of this expansion, such as the averag ..."
Abstract
 Add to MetaCart
In order to e#ciently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used. One such expansion is the #adic NAF, introduced by Solinas. Some properties of this expansion, such as the average weight, are well known, but in the literature there is no proof of its optimality, i.e. that it always has minimal weight. In this paper we provide the first proof of this fact.