Results 1 
8 of
8
Kummer strikes back: new DH speed records
 In Cryptology ePrint Archive, Report 2014/134
, 2014
"... Abstract. This paper introduces highsecurity constanttime variablebasepoint Diffie–Hellman soft ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces highsecurity constanttime variablebasepoint Diffie–Hellman soft
Curve41417: Karatsuba revisited
"... Abstract. This paper introduces constanttime ARM CortexA8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2200 using a prime above 2400. For comparison, this OpenSSL ECDH option is not constanttime and has a se ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces constanttime ARM CortexA8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2200 using a prime above 2400. For comparison, this OpenSSL ECDH option is not constanttime and has a security level of only 280. The new speeds are achieved in a quite different way from typical primefield ECC software: they rely on a synergy between Karatsuba’s method and choices of radix smaller than the CPU word size.
Twisted Hessian curves
, 2015
"... This paper presents new speed records for arithmetic on a large family of elliptic curves with cofactor 3: specifically, 8.77M per bit for 256bit variablebase singlescalar multiplication when curve parameters are chosen properly. This is faster than the best results known for cofactor 1, showi ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
This paper presents new speed records for arithmetic on a large family of elliptic curves with cofactor 3: specifically, 8.77M per bit for 256bit variablebase singlescalar multiplication when curve parameters are chosen properly. This is faster than the best results known for cofactor 1, showing for the first time that points of order 3 are useful for performance and narrowing the gap to the speeds of curves with cofactor 4.
The Qcurve Construction for EndomorphismAccelerated Elliptic Curves
"... Abstract. We give a detailed account of the use of Qcurve reductions to construct elliptic curves over Fp2 with efficiently computable endomorphisms, which can be used to accelerate elliptic curvebased cryptosystems in the same way as Gallant–Lambert–Vanstone (GLV) and Galbraith–Lin–Scott (GLS) ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We give a detailed account of the use of Qcurve reductions to construct elliptic curves over Fp2 with efficiently computable endomorphisms, which can be used to accelerate elliptic curvebased cryptosystems in the same way as Gallant–Lambert–Vanstone (GLV) and Galbraith–Lin–Scott (GLS) endomorphisms. Like GLS (which is a degenerate case of our construction), we offer the advantage over GLV of selecting from a much wider range of curves, and thus finding secure group orders when p is fixed for efficient implementation. Unlike GLS, we also offer the possibility of constructing twistsecure curves. We construct several oneparameter families of elliptic curves over Fp2 equipped with efficient endomorphisms for every p> 3, and exhibit examples of twistsecure curves over Fp2 for the efficient Mersenne prime p = 2127−1.
Sandy2x: New Curve25519 Speed Records
"... Abstract. This paper sets speed records on wellknown Intel chips for the Curve25519 ellipticcurve DiffieHellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a DiffieHellman shared ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper sets speed records on wellknown Intel chips for the Curve25519 ellipticcurve DiffieHellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a DiffieHellman shared
FourQ: fourdimensional decompositions on a Qcurve over the Mersenne prime
"... Abstract. We introduce FourQ, a highsecurity, highperformance elliptic curve that targets the 128bit security level. At the highest arithmetic level, cryptographic scalar multiplications on FourQ can use a fourdimensional GallantLambertVanstone decomposition to minimize the total number of ell ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We introduce FourQ, a highsecurity, highperformance elliptic curve that targets the 128bit security level. At the highest arithmetic level, cryptographic scalar multiplications on FourQ can use a fourdimensional GallantLambertVanstone decomposition to minimize the total number of elliptic curve group operations. At the group arithmetic level, FourQ admits the use of extended twisted Edwards coordinates and can therefore exploit the fastest known elliptic curve addition formulas over large prime characteristic fields. Finally, at the finite field level, arithmetic is performed modulo the extremely fast Mersenne prime p = 2127 − 1. We show that this powerful combination facilitates scalar multiplications that are significantly faster than all prior works. On Intel’s Haswell, Ivy Bridge and Sandy Bridge architectures, our software computes a variablebase scalar multiplication in 59,000, 71,000 cycles and 74,000 cycles, respectively; and, on the same platforms, our software computes a DiffieHellman shared secret in 92,000, 110,000 cycles and 116,000 cycles, respectively. These results show that, in practice, FourQ is around four to five times faster than the original NIST P256 curve and between two and three times faster than curves that are currently under consideration as NIST alternatives, such as Curve25519. 1