Subscribe
Issue No.04 - April (2008 vol.57)
pp: 481-489
ABSTRACT
This paper presents a scalar multiplication method for Koblitz curves. Koblitz curves are elliptic curves where the scalar multiplication can be computed in a much faster way than other curves, allowing designs and implementations without arithmetic coprocessor. The new method is as fast as the fastest known techniques on Koblitz curves, but requires much less memory, therefore, it is of particular interest for environments with low resources. Our technique is well-suited for both of hardware and software implementations. In hardware, we show that a normal basis implementation reduces memory consumption by 85% compared to conventional methods, but still has exactly the same computational cost. In software, thanks to a mixed normal-polynomial bases approach, our technique allows memory savings up to 70%, and depending on the instruction set of the CPU, can be as fast as the fastest known scalar multiplication methods, or even beat them largely. Therefore, in software and in hardware, our scalar multiplication technique offers high performance without sacrifice in view of memory.
INDEX TERMS
Public key cryptosystems, Smartcards, Efficiency, Koblitz Curves
CITATION
Camille Vuillaume, Katsuyuki Okeya, Tsuyoshi Takagi, "Short-Memory Scalar Multiplication for Koblitz Curves", IEEE Transactions on Computers, vol.57, no. 4, pp. 481-489, April 2008, doi:10.1109/TC.2007.70824
REFERENCES
 [1] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Computation, vol. 48, no. 177, pp. 203-209, 1987. [2] V.S. Miller, “Use of Elliptic Curves in Cryptography,” Advances in Cryptology—Proc. Fifth Ann. Int'l Cryptology Conf., pp. 417-426, 1986. [3] N. Koblitz, “CM-Curves with Good Cryptographic Properties,” Advances in Cryptology—Proc. 11th Ann. Int'l Cryptology Conf., pp.279-287, 1992. [4] J. Solinas, “Efficient Arithmetic on Koblitz Curves,” Designs, Codes, and Cryptography, vol. 19, nos. 2-3, pp. 195-249, 2000. [5] R.M. Avanzi, M. Ciet, and F. Sica, “Faster Scalar Multiplication on Koblitz Curves Combining Point Halving with the Frobenius Endomorphism,” Proc. Seventh Int'l Workshop Theory and Practice in Public Key Cryptography, pp. 28-40, 2004. [6] R.M. Avanzi, C. Heuberger, and H. Prodinger, “Minimality of the Hamming Weight of the $t\hbox{-}{\rm NAF}$ for Koblitz Curves and Improved Combination with Point Halving,” Proc. 12th Ann. Workshop Selected Areas in Cryptography, pp. 332-344, 2006. [7] J.-S. Coron, D. M'Raïhi, and C. Tymen, “Fast Generation of Pairs $(k, [k]P)$ for Koblitz Elliptic Curves,” Proc. Eighth Ann. Workshop Selected Areas in Cryptography, pp. 151-164, 2001. [8] D. Hankerson, J. López, and A. Menezes, “Software Implementation of Elliptic Curve Cryptography over Binary Fields,” Proc. Second Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 1-24, 2000. [9] R. Dahab, D. Hankerson, F. Hu, M. Long, J. López, and A. Menezes, “Software Multiplication Using Gaussian Normal Bases,” IEEE Trans. Computers, vol. 55, no. 8, pp. 974-984, Aug. 2006. [10] “P1363: Standard Specifications for Public-Key Cryptography,” IEEE, 2000. [11] J. López and R. Dahab, “Improved Algorithms for Elliptic Curve Arithmetic in ${\rm GF}(2^{n})$ ,” Proc. Second Ann. Workshop Selected Areas in Cryptography, pp. 201-212, 1998. [12] D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography. Springer, 2004. [13] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Advances in Cryptology—Proc. 19th Ann. Int'l Cryptology Conf., pp.388-397, 1999. [14] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” Advances in Cryptology—Proc. 17th Ann. Int'l Cryptology Conf., pp. 513-525, 1997. [15] D.J. Park, S.G. Sim, and P.J. Lee, “Fast Scalar Multiplication Method Using Change-of-Basis Matrix to Prevent Power Analysis Attacks on Koblitz Curves,” Proc. Fourth Int'l Workshop Information Security Applications, pp. 474-488, 2003. [16] J. Massey and J.K. Omura, “Computational Method and Apparatus for Finite-Field Arithmetic,” US patent 4587627, Washington, D.C., Patent and Trademark Office, 1986. [17] B.S. Kaliski and Y.L. Yin, “Storage-Efficient Finite-Field Basis Conversion,” Proc. Second Ann. Workshop Selected Areas in Cryptography, pp. 81-93, 1999. [18] E.F. Brickell, D.M. Gordon, K.S. McCurley, and D.B. Wilson, “Fast Exponentiation with Precomputation: Algorithms and Lower Bounds,” Advances in Cryptology—Proc. European Workshop Theory and Application of Cryptographic Techniques, pp. 200-209, 1993. [19] B. Möller, “Improved Techniques for Fast Exponentiation,” Proc. Fifth Int'l Conf. Information Security and Cryptology, pp. 298-312, 2003. [20] K. Okeya, T. Takagi, and C. Vuillaume, “Short Memory Scalar Multiplication on Koblitz Curves,” Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 91-105, 2005. [21] R.M. Avanzi, V. Dimitrov, C. Doche, and F. Sica, “Extending Scalar Multiplication Using Double Bases,” Advances in Cryptology —Proc. 12th Asia Conf. Theory and Applications of Cryptology and Information Security, pp. 130-144, 2006.