Results 1  10
of
19
A Survey of Fast Exponentiation Methods
 JOURNAL OF ALGORITHMS
, 1998
"... Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation de ..."
Abstract

Cited by 157 (0 self)
 Add to MetaCart
Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation depends strongly on the group being used, the hardware the system is implemented on, and whether one element is being raised repeatedly to different powers, different elements are raised to a fixed power, or both powers and group elements vary. This problem has received much attention, but the results are scattered through the literature. In this paper we survey the known methods for fast exponentiation, examining their relative strengths and weaknesses.
The Elliptic Curve Digital Signature Algorithm (ECDSA)
, 1999
"... The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideratio ..."
Abstract

Cited by 107 (5 self)
 Add to MetaCart
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponentialtime algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strengthperkeybit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues. Keywords: Signature schemes, elliptic curve cryptography, DSA, ECDSA.
Efficient arithmetic on Koblitz curves
 Designs, Codes, and Cryptography
, 2000
"... Abstract. It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the ..."
Abstract

Cited by 81 (0 self)
 Add to MetaCart
Abstract. It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast elliptic scalar multiplication. His algorithm was later modified by Meier and Staffelbach. We give an improved version of the algorithm which runs 50 % faster than any previous version. It is based on a new kind of representation of an integer, analogous to certain kinds of binary expansions. We also outline further speedups using precomputation and storage.
Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two
 Journal of Cryptology
, 1997
"... We discuss new algorithms for multiplying points on elliptic curves over small finite fields of characteristic two. This algorithm is an extension of previous results by Koblitz, Meier and Staffelbach. Practical timings show that the new methods can give a running time improvement of up to 50% compa ..."
Abstract

Cited by 33 (0 self)
 Add to MetaCart
We discuss new algorithms for multiplying points on elliptic curves over small finite fields of characteristic two. This algorithm is an extension of previous results by Koblitz, Meier and Staffelbach. Practical timings show that the new methods can give a running time improvement of up to 50% compared to the ordinary binary algorithm for multiplication. Finally, we present a table of elliptic curves, which are well suited for elliptic curve public key cryptosystems, and for which the new algorithm can be used. 1 Introduction Elliptic curves over finite fields have gained a lot of attention in public key cryptography in recent years ([4], [10]). For practical reasons, elliptic curves over fields of characteristic two are of special interest. DiffieHellman type cryptosystems using elliptic curves over IF 2 155 were implemented and compared to RSA (see [12]). The most time consuming operation of these cryptosystems is multiplication of a point on the elliptic curve with an integer, wh...
Compact Encoding of NonAdjacent Forms with Applications to Elliptic Curve Cryptography
 CHES 2001, LNCS
, 2001
"... Techniques for fast exponentiation (multiplication) in various groups have been extensively studied for use in cryptographic primitives. Specifically, ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Techniques for fast exponentiation (multiplication) in various groups have been extensively studied for use in cryptographic primitives. Specifically,
Improved Algorithms for Arithmetic on Anomalous Binary Curves
 In Advances in Cryptography, Crypto '97
, 1997
"... . It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
. It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast elliptic scalar multiplication. His algorithm was later modified by Meier and Staffelbach. We give an improved version of the algorithm which runs 50% faster than any previous version. It is based on a new kind of representation of an integer, analogous to certain kinds of binary expansions. We also outline further speedups using precomputation and storage. Keywords: elliptic curves, exponentiation, publickey cryptography. 1 Introduction It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. More precisely, one work...
Fast Generation of Pairs (k, [k]P) for Koblitz Elliptic Curves
, 2001
"... We propose a method for increasing the speed of scalar multiplication on binary anomalous (Koblitz) elliptic curves. By introducing a generator which produces random pairs (k, [k]P ) of special shape, we exhibit a specific setting where the number of elliptic curve operations is reduced by 25% t ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We propose a method for increasing the speed of scalar multiplication on binary anomalous (Koblitz) elliptic curves. By introducing a generator which produces random pairs (k, [k]P ) of special shape, we exhibit a specific setting where the number of elliptic curve operations is reduced by 25% to 50% compared with the general case when k is chosen uniformly. This generator can be used when an ephemeral pair (k, [k]P ) is needed by a cryptographic algorithm, and especially for Elliptic Curve Di#eHellman key exchange, ECDSA signature and ElGamal encryption.
Trace Zero Subvariety for Cryptosystems
, 2003
"... We present a kind of group suitable for cryptographic applications: the trace zero subvariety. The construction is based on Weil descent from curves of genus two over extension fields F p n , n = 3. ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We present a kind of group suitable for cryptographic applications: the trace zero subvariety. The construction is based on Weil descent from curves of genus two over extension fields F p n , n = 3.
Speeding up Elliptic Scalar Multiplication with Precomputation
 In Internation Conference on Information Security and Cryptography  ICISC 2000, LNCS 1787
, 2000
"... It is often required in many elliptic curve cryptosystems to compute kG for a xed point G and a random integer k. In this paper we present improved algorithms for such elliptic scalar multiplication. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
It is often required in many elliptic curve cryptosystems to compute kG for a xed point G and a random integer k. In this paper we present improved algorithms for such elliptic scalar multiplication.
Trace Zero Subvarieties of Genus 2 Curves for Cryptosystems
, 2004
"... In this paper we present a kind of group suitable for cryptographic applications: the trace zero subvariety. We describe in detail the case of trace zero varieties constructed from genus 2 curves over prime fields. The curve is considered over an extension field of degree 3 and one performs Weil des ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper we present a kind of group suitable for cryptographic applications: the trace zero subvariety. We describe in detail the case of trace zero varieties constructed from genus 2 curves over prime fields. The curve is considered over an extension field of degree 3 and one performs Weil descent from its Jacobian to the prime field leading to a variety of dimension 6. The trace zero variety is a subvariety thereof. As a group it is isomorphic to a subgroup of the Jacobian of the original curve. For appropriately chosen parameters it is as secure as Jacobians of curves of genus g ≤ 3. Its main advantage is that the complexity of computing scalar multiplication is lower than on other curve based groups. This is achieved by making use of the Frobenius endomorphism. Thus the trace zero subvariety can be used efficiently in protocols based on the discrete logarithm problem.