Subscribe

Issue No.11 - November (2008 vol.57)

pp: 1469-1481

Kimmo U. Järvinen , Helsinki University of Technology , Espoo

Micheal J. Jacobson Jr. , University of Calgary, Calgary

Vassil S. Dimitrov , University of Calgary, Calgary

Zhun Huang , University of Calgary, Calgary

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2008.65

ABSTRACT

We describe algorithms for point multiplication on Koblitz curves using multiple-base expansions of the form $k = \sum \pm \tau^a (\tau-1)^b$ and $k= \sum \pm \tau^a (\tau-1)^b (\tau^2 - \tau - 1)^c.$ We prove that the number of terms in the second type is sublinear in the bit length of $k$, which leads to the first provably sublinear point multiplication algorithm on Koblitz curves. For the first type, we conjecture that the number of terms is sublinear and provide numerical evidence demonstrating that the number of terms is significantly less than that of $\tau$-adic non-adjacent form expansions. We present details of an innovative FPGA implementation of our algorithm and performance data demonstrating the efficiency of our method. We also show that implementations with very low computation latency are possible with the proposed method because parallel processing can be exploited efficiently.

INDEX TERMS

Elliptic curve cryptography, Field-programmable gate arrays, Koblitz curves, multiple-base expansions, parallel processing, sublinearity

CITATION

Kimmo U. Järvinen, Micheal J. Jacobson Jr., Vassil S. Dimitrov, Zhun Huang, "Provably Sublinear Point Multiplication on Koblitz Curves and Its Hardware Implementation",

*IEEE Transactions on Computers*, vol.57, no. 11, pp. 1469-1481, November 2008, doi:10.1109/TC.2008.65REFERENCES

- [2] V. Miller, “Use of Elliptic Curves in Cryptography,”
Advances in Cryptology—CRYPTO '85, pp. 417-426, 1986.- [3] N. Koblitz, “CM-Curves with Good Cryptographic Properties,”
Advances in Cryptology—CRYPTO '91, pp.279-287, 1992.- [4]
Digital Signature Standard (DSS), Fed. Information Processing Standard, FIPS PUB 186-2, Nat'l Inst. of Standards and Technology (NIST) Computer Security FIPS PUB 186-2, Jan. 2000.- [5] J. Solinas, “Efficient Arithmetic on Koblitz Curves,”
Designs, Codes and Cryptography, vol. 19, pp. 195-249, 2000.- [6] R. Avanzi, C. Heuberger, and H. Prodinger, “Minimality of the Hamming Weight of the $\tau\hbox{-}{\rm NAF}$ for Koblitz Curves and Improved Combination with Point Halving,”
Selected Areas in Cryptography— SAC '05, pp. 332-344, 2005.- [8] M. Ciet and F. Sica, “An Analysis of Double Base Number Systems and a Sublinear Scalar Multiplication Algorithm,”
Progress in Cryptology—Mycrypt '05, pp.171-182, 2005.- [9] V. Dimitrov, L. Imbert, and P. Mishra, “Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains,”
Advances in Cryptology—ASIACRYPT '05, pp.59-78, 2005.- [11] R. Avanzi and F. Sica, “Scalar Multiplication on Koblitz Curves Using Double Bases,”
Progress in Cryptology—VIETCRYPT '06, pp.131-146, 2006.- [12] F. Sica,
Scalar Multiplication on Koblitz Curves Using Double Bases. Univ. of Calgary, invited talk, Apr. 2006.- [13] J. Conway and D. Smith,
On Quaternions and Octonions. AK Peters, 2003.- [14] R. Tijdeman, “On Integers with Many Small Prime Factors,”
Composition Math., vol. 26, no. 3, pp. 319-330, 1973.- [15] A. Baker, “Linear Forms in the Logarithms of Algebraic NumbersIV,”
Math., vol. 15, pp. 204-216, 1968.- [16] M. Mignotte and M. Waldshmidt, “Linear Forms in Two Logarithms and Schneider's Method III,”
Annales de la Faculté des Sciences de Toulouse, pp. 43-75, 1990.- [17] R. Tijdeman, personal communication, 2006.
- [18] J. López and R. Dahab, “Improved Algorithms for Elliptic Curve Arithmetic in $GF(2^{n})$ ,”
Selected Areas in Cryptography—SAC '98, pp. 201-212, 1998.- [19] C. Doche and T. Lange, “Arithmetic of Elliptic Curves,”
Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman and Hall/CRC, H. Cohen and G.Frey, eds., chapter 13, pp. 267-302, 2006.- [23]
Stratix II Device Handbook, Altera, http://www.altera.com/literature/hb/stx2 stratix2_handbook.pdf, May 2007.- [24]
Stratix II EP2S180 DSP Development Board—Reference Manual, Altera, http://www.altera.com/literature/manualmnl_SII_ DSP_RM_11Aug06.pdf , Aug. 2006.- [25] C. Wang, T. Troung, H. Shao, L. Deutsch, J. Omura, and I. Reed, “VLSI Architectures for Computing Multiplications and Inverses in $GF(2^{m})$ ,”
IEEE Trans. Computers, vol. 34, no. 8, pp. 709-717, Aug. 1985.- [26] B. Ansari and M.A. Hasan, “High Performance Architecture of Elliptic Curve Scalar Multiplication,” Technical Report CACR 2006-1, Univ. of Waterloo, 2006.
- [27] S. Bajracharya, C. Shu, K. Gaj, and T. El-Ghazawi, “Implementation of Elliptic Curve Cryptosystems over $GF(2^{n})$ in Optimal Normal Basis on a Reconfigurable Computer,”
Proc. Int'l Conf. Field Programmable Logic and Application (FPL '04), pp.1098-1100, 2004.- [31] H. Eberle, N. Gura, S. Shantz, and V. Gupta, “A Cryptographic Processor for Arbitrary Elliptic Curves over $GF(2^{m})$ ,” Technical Report SMLI TR-2003-123, Sun Microsystems, May 2003.
- [35] S. Okada, N. Torii, K. Itoh, and M. Takenaka, “Implementation of Elliptic Curve Cryptographic Coprocessor over $GF(2^{m})$ on an FPGA,”
Cryptographic Hardware and Embedded Systems—CHES '00, pp. 25-40, 2000.- [36] G. Orlando and C. Paar, “A High-Performance Reconfigurable Elliptic Curve Processor for $GF(2^{m})$ ,”
Cryptographic Hardware and Embedded Systems—CHES '00, pp. 41-56, 2000. |