Results 1  10
of
14
A note on the signed sliding window integer recoding and a lefttoright analogue
 in “Selected Areas in Cryptography – SAC 2004”, Lecture Notes in Computer Science 3357 (2005), 130– 143
, 2004
"... Abstract. Additionsubtractionchains obtained from signed digit recodings of integers are a common tool for computing multiples of random elements of a group where the computation of inverses is a fast operation. Cohen and Solinas independently described one such recoding, the wNAF. For scalars of ..."
Abstract

Cited by 19 (5 self)
 Add to MetaCart
Abstract. Additionsubtractionchains obtained from signed digit recodings of integers are a common tool for computing multiples of random elements of a group where the computation of inverses is a fast operation. Cohen and Solinas independently described one such recoding, the wNAF. For scalars of the size commonly used in cryptographic applications, it leads to the current scalar multiplication algorithm of choice. However, we could find no formal proof of its optimality in the literature. This recoding is computed righttoleft. We solve two open questions regarding the wNAF. We first prove that the wNAF is a redundant radix2 recoding of smallest weight among all those with integral coefficients smaller in absolute value than 2 w−1. Secondly, we introduce a lefttoright recoding with the same digit set as the wNAF, generalizing previous results. We also prove that the two recodings have the same (optimal) weight. Finally, we sketch how to prove similar results for other recodings.
Fractional windows revisited: improved signeddigit representations for efficient exponentiation
 in “Information Security and Cryptology – ICISC 2004”, Lecture Notes in Computer Science 3506
, 2004
"... Abstract. This paper extends results concerning efficient exponentiation in groups where inversion is easy (e.g. in elliptic curve cryptography). It examines the righttoleft and lefttoright signed fractional window (RLSFW and LRSFW) techniques and shows that both RLSFW and LRSFW representati ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. This paper extends results concerning efficient exponentiation in groups where inversion is easy (e.g. in elliptic curve cryptography). It examines the righttoleft and lefttoright signed fractional window (RLSFW and LRSFW) techniques and shows that both RLSFW and LRSFW representations have minimal weight among all signeddigit representations with digit set {±1, ±3,..., ±m, 0}. (Fractional windows generalize earlier slidingwindow techniques, providing more flexibility for exponentiation algorithms in order to make best use of the memory that is available for storing intermediate results.) Then it considers the length of representations: LRSFW representations are an improvement over RLSFW representations in that they tend to be shorter; further length improvements are possible by postprocessing the representations.
The alternating greedy expansion and applications to lefttoright algorithms
 in Cryptography Theoret. Comput. Sci IEICE TRANS. FUNDAMENTALS, VOL.E90–A, NO.5 MAY 2007 341 (2005
, 2004
"... Abstract. In [4], we introduced the alternating greedy expansion of integers, which turned out to be useful in several lefttoright algorihms in cryptography. In this paper, we collect known results about this alternating greedy expansion and complement it with other useful properties and algorithm ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
Abstract. In [4], we introduced the alternating greedy expansion of integers, which turned out to be useful in several lefttoright algorihms in cryptography. In this paper, we collect known results about this alternating greedy expansion and complement it with other useful properties and algorithms. In the second part, we apply it to give an algorithm for computing a joint expansion of d integers of minimal joint Hamming weight from left to right, i.e., from the column with the most significant bits towards the column with the least significant bits. Furthermore, we can also compute an expansion equivalent to the socalled wNAF from left to right using the alternating greedy expansion. 1.
Minimal weight and colexicographically minimal integer representations – online resources. http://www.opt.math.tugraz.ac.at/˜cheub/ publications/colexi
"... Redundant number systems (e.g., signed binary representations) have been utilized to efficiently implement algebraic operations required by publickey cryptosystems, especially those based on elliptic curves. Several families of integer representations have been proposed that have a minimal number o ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Redundant number systems (e.g., signed binary representations) have been utilized to efficiently implement algebraic operations required by publickey cryptosystems, especially those based on elliptic curves. Several families of integer representations have been proposed that have a minimal number of nonzero digits (socalled minimal weight representations). We observe that many of the constructions for minimal weight representations actually work by building representations which are minimal in another sense. For a given set of digits, these constructions build colexicographically minimal representations; that is, they build representations where each nonzero digit is positioned as far left (toward the most significant digit) as possible. We utilize this strategy in a new algorithm which constructs a very general family of minimal weight dimensiond joint representations for any d ≥ 1. The digits we use are from the set {a ∈ Z: ℓ ≤ a ≤ u} where ℓ ≤ 0 and u ≥ 1 are integers. By selecting particular values of ℓ and u, it is easily seen that our algorithm generalizes many of the minimal weight representations previously described in the literature. From our algorithm, we obtain a syntactical description of a particular family of dimensiond joint representations; any representation which obeys this syntax must be both colexicographically minimal and have minimal weight; moreover, every vector of integers has exactly one representation that satisfies this syntax. We utilize this syntax in a combinatorial analysis of the weight of the representations.
A New Upper Bound for the Minimal Density of Joint Representations in Elliptic Curve Cryptosystems
, 2007
"... SUMMARY The most time consuming operation to verify a ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
SUMMARY The most time consuming operation to verify a
On the SignedBinary Window Method
"... We propose a lefttoright (i.e., from the most significant column to the least significant column) algorithm for computing a signedbinary (SB) representation of pairs of integers with minimum joint weight as well as maximum average length of zerocolumn runs. The proposed method speeds up the sc ..."
Abstract
 Add to MetaCart
We propose a lefttoright (i.e., from the most significant column to the least significant column) algorithm for computing a signedbinary (SB) representation of pairs of integers with minimum joint weight as well as maximum average length of zerocolumn runs. The proposed method speeds up the scalar multiplication of elliptic curve cryptosystems (ECC) by all known strategies, while at the same time reduces the hardware overhead. Furthermore, we present the necessary and sufficient condition that an SB representation of n integers has minimum joint weight.
Hamming weight of the . . .
, 2007
"... The Hamming weight of the nonadjacent form is studied in relation to the Hamming weight of the standard binary expansion. In particular, we investigate the expected Hamming weight of the NAF of a ndigit binary expansion with k ones where k is either fixed or proportional to n. The expected Hammin ..."
Abstract
 Add to MetaCart
The Hamming weight of the nonadjacent form is studied in relation to the Hamming weight of the standard binary expansion. In particular, we investigate the expected Hamming weight of the NAF of a ndigit binary expansion with k ones where k is either fixed or proportional to n. The expected Hamming weight of NAFs of binary expansions with large ( ≥ n/2) Hamming weight is studied. Finally, the covariance of the Hamming weights of the binary expansion and the NAF is computed. Asymptotically, these Hamming weights become independent and normally distributed.
COMPLEMENTS AND SIGNED DIGIT REPRESENTATIONS: ANALYSIS OF A MULTIEXPONENTIATIONALGORITHM OF WU,
, 804
"... Abstract. Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out t ..."
Abstract
 Add to MetaCart
Abstract. Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the complement operation does not have significant influence on the performance of the algorithm and can therefore be omitted. 1.
Complements and Signed . . . a MultiExponentiationAlgorithm of Wu, Lou, Lai and Chang
, 2008
"... Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the co ..."
Abstract
 Add to MetaCart
Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the complement operation does not have significant influence on the performance of the algorithm and can therefore be omitted.