Endomorphisms for faster elliptic curve cryptography on a large class of curves

Journal of Cryptology

Volumn 24, Issue 3, 2011, Pages 446-469

  Galbraith, Steven D ^a   Lin, Xibin ^b   Scott, Michael ^c  

^a UNIVERSITY OF AUCKLAND   (New Zealand)

^b SUN YAT SEN UNIVERSITY   (China)

^c DUBLIN CITY UNIVERSITY   (Ireland)

Author keywords

Elliptic curves; GLV method; Isogenies; Multiexponentiation; Point multiplication

Indexed keywords

ELLIPTIC CURVE; GLV METHOD; ISOGENIES; MULTIEXPONENTIATION; POINT MULTIPLICATION;

GEOMETRY;

CURVE FITTING;

EID: 79959983469     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-010-9065-y     Document Type: Article

References (50)

1. A. Antipa, D.R.L. Brown, R.P. Gallant, R.J. Lambert, R. Struik, S.A. Vanstone, Accelerated verification of ecdsa signatures, in SAC 2005, ed. by B. Preneel, S.E. Tavares. LNCS, vol. 3879 (Springer, Berlin, 2006), pp. 307-318 (Pubitemid 43986802)
2. R. Avanzi, Aspects of hyperelliptic curves over large prime fields in software implementations, in CHES 2004, ed. by M. Joye, J.-J. Quisquater. LNCS, vol. 3156 (Springer, Berlin, 2004), pp. 148-162
3. R. Avanzi, H. Cohen, C. Doche, G. Frey, T. Lange, K. Nguyen, F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography (Chapman and Hall/CRC, London, Boca Raton, 2006)
4. D.J. Bernstein, Curve25519: new Diffie-Hellman speed records, in PKC 2006, ed. by M. Yung et al. LNCS, vol. 3958 (Springer, Berlin, 2006), pp. 207-228 (Pubitemid 44055063)
5. D.J. Bernstein, Differential addition chains, preprint (2006). http://cr.yp.to/papers.html#diffchain
6. D.J. Bernstein, Elliptic vs. hyperelliptic, part 1 ECC 2006, Toronto, Canada. http://www.cacr.math. uwaterloo.ca/conferences/2006/ecc2006/slides.html
7. D.J. Bernstein, T. Lange, Faster addition and doubling on elliptic curves, in Asiacrypt 2007, ed. by K. Kurosawa. LNCS, vol. 4833 (Springer, Berlin, 2007), pp. 29-50
8. D.J. Bernstein, T. Lange, Inverted Edwards coordinates, in AAECC 2007, ed. by S. Boztas, H.-F. Lu. LNCS, vol. 4851 (Springer, Berlin, 2007), pp. 20-27
9. D.J. Bernstein, T. Lange, Analysis and optimization of elliptic-curve single-scalar multiplication, in Finite Fields and Applications: Proceedings of Fq8. Contemporary Mathematics, vol. 461 (Am. Math. Soc., Providence, 2008), pp. 1-18
10. D.J. Bernstein, P. Birkner, M. Joye, T. Lange, C. Peters, Twisted Edwards curves, in Africacrypt 2008, ed. by S. Vaudenay. LNCS, vol. 5023 (Springer, Berlin, 2008), pp. 389-405
11. I. Blake, G. Seroussi, N.P. Smart (eds.), Elliptic Curves in Cryptography (Cambridge University Press, Cambridge, 1999)
12. eBATS: ECRYPT benchmarking of asymmetric systems, http://www.ecrypt.eu. org/ebats/
13. D.J. Bernstein, T. Lange (eds.), eBACS: ECRYPT benchmarking of cryptographic systems, http://bench. cr.yp.to/, accessed 9 January 2009
14. D.R.L. Brown,Multi-dimensionalMontgomery ladders for elliptic curves, eprint 2006/220. http://www. eprint.iacr.org/2006/220
15. E. Dahmen, K. Okeya, D. Schepers, Affine precomputation with sole inversion in elliptic curve cryptography, in ACISP 2007, ed. by J. Pieprzyk, H. Ghodosi, E. Dawson. LNCS, vol. 4586 (Springer, Berlin, 2007), pp. 245-258
16. I.M. Duursma, P. Gaudry, F. Morain, Speeding up the discrete log computation on curves with automorphisms, in ASIACRYPT 1999, ed. by K.-Y. Lam, E. Okamoto, C. Xing. LNCS, vol. 1716 (Springer, Berlin, 1999), pp. 103-121
17. H.M. Edwards, A normal form for elliptic curves. Bull. Am. Math. Soc. 44, 393-422 (2007)
18. S.D. Galbraith, M. Scott, Exponentiation in pairing-friendly groups using homomorphisms, in Pairing 2008, ed. by S.D. Galbraith, K.G. Paterson. LNCS, vol. 5209 (Springer, Berlin, 2008), pp. 211-224
19. S.D. Galbraith, X. Lin, M. Scott, Endomorphisms for faster elliptic curve cryptography on a large class of curves, in EUROCRYPT 2009, ed. by A. Joux. LNCS, vol. 5479 (Springer, Berlin, 2009), pp. 518-535
20. R.P. Gallant, R.J. Lambert, S.A. Vanstone, Improving the parallelized Pollard lambda search on anomalous binary curves. Math. Comput. 69, 1699-1705 (2000)
21. R.P. Gallant, R.J. Lambert, S.A. Vanstone, Faster point multiplication on elliptic curves with efficient endomorphisms, in CRYPTO 2001, ed. by J. Kilian. LNCS, vol. 2139 (Springer, Berlin, 2001), pp. 190-200 (Pubitemid 33317915)
22. P. Gaudry, Index calculus for Abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690-1702 (2009)
23. P. Gaudry, E. Thomé, The mpFq library and implementing curve-based key exchanges, SPEED workshop presentation, Amsterdam, June 2007. www.hyperelliptic.org/SPEED/record.pdf
24. P. Gaudry, E. Thomé, N. Thériault, C. Diem, A double large prime variation for small genus hyperelliptic index calculus. Math. Comput. 76(257), 475-492 (2007)
25. P. Gaudry, E. Schost, Hyperelliptic curve point counting record: 254 bit Jacobian, post to NMBRTHRY list, 22 Jun 2008. http://www.loria.fr/gaudry/ record127/
26. R. Granger, On the static Diffie-Hellman problem on elliptic curves over extension fields, eprint 2010/177
27. D. Hankerson, A.J. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptography (Springer, Berlin, 2004)
28. D. Hankerson, K. Karabina, A.J. Menezes, Analyzing the Galbraith-Lin-Scott point multiplication method for elliptic curves over binary fields. IEEE Trans. Comput. 58(10), 1411-1420 (2009)
29. F. Hess, N. Smart, F. Vercauteren, The eta-pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595-4602 (2006)
30. T. Iijima, K. Matsuo, J. Chao, S. Tsujii, Construction of Frobenius maps of twist elliptic curves and its application to elliptic scalar multiplication, in SCIS 2002, IEICE Japan, January 2002, pp. 699-702
31. D. Kim, S. Lim, Integer decomposition for fast scalar multiplication on elliptic curves, in SAC 2002, ed. by K. Nyberg, H. Heys. LNCS, vol. 2595 (Springer, Berlin, 2003), pp. 13-20
32. S. Kozaki, K. Matsuo, Y. Shimbara, Skew-Frobenius maps on hyperelliptic curves. IEICE Trans. E91-A(7), 1839-1843 (2008)
33. P. Longa, A. Miri, New composite operations and precomputation scheme for elliptic curve cryptosystems over prime fields, in PKC 2008, ed. by R. Cramer. LNCS, vol. 4939 (Springer, Berlin, 2008), pp. 229-247
34. B. Möller, Algorithms for multi-exponentiation, in SAC 2001, ed. by S. Vaudenay, A.M. Youssef. LNCS, vol. 2259 (Springer, Berlin, 2001), pp. 165-180
35. B. Möller, Improved techniques for fast exponentiation, in ICISC 2002, ed. by P. Lee, C. Lim. LNCS, vol. 2587 (Springer, Berlin, 2003), pp. 298-312 (Pubitemid 137629185)
36. B. Möller, Fractional windows revisited: improved signed-digit representations for efficient exponentiation, in ICISC 2004, ed. by C. Park, S. Chee. LNCS, vol. 3506 (Springer, Berlin, 2005), pp. 137-153 (Pubitemid 41322353)
37. B. Möller, A. Rupp, Faster multi-exponentiation through caching: accelerating (EC)DSA signature verification, in SCN 2008, ed. by R. Ostrovsky, R. De Prisco, I. Visconti. LNCS, vol. 5229 (Springer, Berlin, 2008), pp. 39-56
38. P.L. Montgomery, Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 47, 243-264 (1987)
39. Y. Nogami, Y.Morikawa, Fast generation of elliptic curves with prime order over extension field of even extension degree, in Proceedings 2003 IEEE International Symposium on Information Theory (2003), p. 18
40. p2c. Workshop on Coding and Cryptography (WCC2003) (2003), pp. 347-356
41. Y.-H. Park, S. Jeong, C.H. Kim, J. Lim, An alternate decomposition of an integer for faster point multiplication on certain elliptic curves, in PKC 2002, ed. by D. Naccache, P. Paillier. LNCS, vol. 2274 (Springer, Berlin, 2002), pp. 323-334
42. A.G. Rostovtsev, E.B. Markovenko, Elliptic curve point multiplication, in MMM-ACNS 2003, ed. by V. Gorodetsky. LNCS, vol. 2776 (Springer, Berlin, 2003), pp. 328-336
43. K. Schmidt-Samoa, O. Semay, T. Takagi, analysis of fractional window recoding methods and their application to elliptic curve cryptosystems. IEEE Trans. Comput. 55(1), 48-57 (2006) (Pubitemid 46488996)
44. M. Scott, MIRACL-multiprecision integer and rational arithmetic C/C++ library, http://ftp.computing. dcu.ie/pub/crypto/miracl.zip (2008)
45. M. Scott, P. Szczechowiak, Optimizing multiprecision multiplication for public key cryptography, eprint 2007/299. http://eprint.iacr.org/2007/299
46. F. Sica, M. Ciet, J.-J. Quisquater, Analysis of the Gallant-Lambert- Vanstone method based on efficient endomorphisms: elliptic and hyperelliptic curves, in SAC 2002, ed. by K. Nyberg, H.M. Heys. LNCS, vol. 2595 (Springer, Berlin, 2003), pp. 21-36
47. J.H. Silverman, The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106 (Springer, Berlin, 1986)
48. J.A. Solinas, Efficient arithmetic on Koblitz curves. Designs Codes and Cryptogr. 19(2-3), 195-249 (2000)
49. J.A. Solinas, Low-weight binary representations for pairs of integers. Technical Report CORR 2001-41, CACR (2001)
50. M.J. Wiener, R.J. Zuccherato, Faster attacks on elliptic curve cryptosystems, in SAC 1998, ed. by S. Tavares, H. Meijer. LNCS, vol. 1556 (Springer, Berlin, 1999), pp. 190-200