Subscribe
Issue No.11 - November (2008 vol.57)
pp: 1469-1481
Vassil S. Dimitrov , University of Calgary, Calgary
Kimmo U. Järvinen , Helsinki University of Technology , Espoo
Micheal J. Jacobson Jr. , University of Calgary, Calgary
Wai Fong (Andy) Chan , University of Calgary, Calgary
Zhun Huang , University of Calgary, Calgary
ABSTRACT
We describe algorithms for point multiplication on Koblitz curves using multiple-base expansions of the form $k = \sum \pm \tau^a (\tau-1)^b$ and $k= \sum \pm \tau^a (\tau-1)^b (\tau^2 - \tau - 1)^c.$ We prove that the number of terms in the second type is sublinear in the bit length of $k$, which leads to the first provably sublinear point multiplication algorithm on Koblitz curves. For the first type, we conjecture that the number of terms is sublinear and provide numerical evidence demonstrating that the number of terms is significantly less than that of $\tau$-adic non-adjacent form expansions. We present details of an innovative FPGA implementation of our algorithm and performance data demonstrating the efficiency of our method. We also show that implementations with very low computation latency are possible with the proposed method because parallel processing can be exploited efficiently.
INDEX TERMS
Elliptic curve cryptography, Field-programmable gate arrays, Koblitz curves, multiple-base expansions, parallel processing, sublinearity
CITATION
Vassil S. Dimitrov, Kimmo U. Järvinen, Micheal J. Jacobson Jr., Wai Fong (Andy) Chan, Zhun Huang, "Provably Sublinear Point Multiplication on Koblitz Curves and Its Hardware Implementation", IEEE Transactions on Computers, vol.57, no. 11, pp. 1469-1481, November 2008, doi:10.1109/TC.2008.65
REFERENCES
 [1] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Computation, vol. 48, pp. 203-209, 1987. [2] V. Miller, “Use of Elliptic Curves in Cryptography,” Advances in Cryptology—CRYPTO '85, pp. 417-426, 1986. [3] N. Koblitz, “CM-Curves with Good Cryptographic Properties,” Advances in Cryptology—CRYPTO '91, pp.279-287, 1992. [4] Digital Signature Standard (DSS), Fed. Information Processing Standard, FIPS PUB 186-2, Nat'l Inst. of Standards and Technology (NIST) Computer Security FIPS PUB 186-2, Jan. 2000. [5] J. Solinas, “Efficient Arithmetic on Koblitz Curves,” Designs, Codes and Cryptography, vol. 19, pp. 195-249, 2000. [6] R. Avanzi, C. Heuberger, and H. Prodinger, “Minimality of the Hamming Weight of the $\tau\hbox{-}{\rm NAF}$ for Koblitz Curves and Improved Combination with Point Halving,” Selected Areas in Cryptography— SAC '05, pp. 332-344, 2005. [7] V. Dimitrov, G. Jullien, and W. Miller, “An Algorithm for Modular Exponentiation,” Information Processing Letters, vol. 66, no. 3, pp.155-159, 1998. [8] M. Ciet and F. Sica, “An Analysis of Double Base Number Systems and a Sublinear Scalar Multiplication Algorithm,” Progress in Cryptology—Mycrypt '05, pp.171-182, 2005. [9] V. Dimitrov, L. Imbert, and P. Mishra, “Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains,” Advances in Cryptology—ASIACRYPT '05, pp.59-78, 2005. [10] V.S. Dimitrov, K.U. Järvinen, M.J. Jacobson Jr., W.F. Chan, and Z. Huang, “FPGA Implementation of Point Multiplication on Koblitz Curves Using Kleinian Integers,” Cryptographic Hardware and Embedded Systems—CHES '06, pp. 445-459, 2006. [11] R. Avanzi and F. Sica, “Scalar Multiplication on Koblitz Curves Using Double Bases,” Progress in Cryptology—VIETCRYPT '06, pp.131-146, 2006. [12] F. Sica, Scalar Multiplication on Koblitz Curves Using Double Bases. Univ. of Calgary, invited talk, Apr. 2006. [13] J. Conway and D. Smith, On Quaternions and Octonions. AK Peters, 2003. [14] R. Tijdeman, “On Integers with Many Small Prime Factors,” Composition Math., vol. 26, no. 3, pp. 319-330, 1973. [15] A. Baker, “Linear Forms in the Logarithms of Algebraic NumbersIV,” Math., vol. 15, pp. 204-216, 1968. [16] M. Mignotte and M. Waldshmidt, “Linear Forms in Two Logarithms and Schneider's Method III,” Annales de la Faculté des Sciences de Toulouse, pp. 43-75, 1990. [17] R. Tijdeman, personal communication, 2006. [18] J. López and R. Dahab, “Improved Algorithms for Elliptic Curve Arithmetic in $GF(2^{n})$ ,” Selected Areas in Cryptography—SAC '98, pp. 201-212, 1998. [19] C. Doche and T. Lange, “Arithmetic of Elliptic Curves,” Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman and Hall/CRC, H. Cohen and G.Frey, eds., chapter 13, pp. 267-302, 2006. [20] A. Higuchi and N. Takagi, “A Fast Addition Algorithm for Elliptic Curve Arithmetic in $GF(2^{n})$ Using Projective Coordinates,” Information Processing Letters, vol. 76, no. 3, pp. 101-103, 2000. [21] E. Al-Daoud, R. Mahmod, M. Rushdan, and A. Kilicman, “A New Addition Formula for Elliptic Curves over $GF(2^{n})$ ,” IEEE Trans. Computers, vol. 51, no. 8, pp. 972-975, Aug. 2002. [22] T. Itoh and S. Tsujii, “A Fast Algorithm for Computing Multiplicative Inverses in $GF(2^{m})$ Using Normal Bases,” Information and Computation, vol. 78, no. 3, pp. 171-177, Sept. 1988. [23] Stratix II Device Handbook, Altera, http://www.altera.com/literature/hb/stx2 stratix2_handbook.pdf, May 2007. [24] Stratix II EP2S180 DSP Development Board—Reference Manual, Altera, http://www.altera.com/literature/manualmnl_SII_ DSP_RM_11Aug06.pdf , Aug. 2006. [25] C. Wang, T. Troung, H. Shao, L. Deutsch, J. Omura, and I. Reed, “VLSI Architectures for Computing Multiplications and Inverses in $GF(2^{m})$ ,” IEEE Trans. Computers, vol. 34, no. 8, pp. 709-717, Aug. 1985. [26] B. Ansari and M.A. Hasan, “High Performance Architecture of Elliptic Curve Scalar Multiplication,” Technical Report CACR 2006-1, Univ. of Waterloo, 2006. [27] S. Bajracharya, C. Shu, K. Gaj, and T. El-Ghazawi, “Implementation of Elliptic Curve Cryptosystems over $GF(2^{n})$ in Optimal Normal Basis on a Reconfigurable Computer,” Proc. Int'l Conf. Field Programmable Logic and Application (FPL '04), pp.1098-1100, 2004. [28] M. Bednara, M. Daldrup, J. von zur Gathen, J. Shokrollahi, and J. Teich, “Reconfigurable Implementation of Elliptic Curve Crypto Algorithms,” Proc. Reconfigurable Architectures Workshop, Int'l Parallel and Distributed Processing Symp. (IPDPS '02), pp.157-164, Apr. 2002. [29] M. Benaissa and W. Lim, “Design of Flexible $GF(2^{m})$ Elliptic Curve Cryptography Processors,” IEEE Trans. Very Large Scale Integration Systems, vol. 14, no. 6, pp. 659-662, June 2006. [30] R. Cheung, N. Telle, W. Luk, and P. Cheung, “Customizable Elliptic Curve Cryptosystem,” IEEE Trans. Very Large Scale Integration Systems, vol. 13, pp. 1048-1059, Sept. 2005. [31] H. Eberle, N. Gura, S. Shantz, and V. Gupta, “A Cryptographic Processor for Arbitrary Elliptic Curves over $GF(2^{m})$ ,” Technical Report SMLI TR-2003-123, Sun Microsystems, May 2003. [32] K. Järvinen, J. Forsten, and J. Skyttä, “FPGA Design of Self-Certified Signature Verification on Koblitz Curves,” Cryptographic Hardware and Embedded Systems—CHES '07, pp. 256-271, 2007. [33] P. Leong and K. Leung, “A Microcoded Elliptic Curve Processor Using FPGA Technology,” IEEE Trans. Very Large Scale Integration Systems, vol. 10, no. 5, pp. 550-559, Oct. 2002. [34] J. Lutz and A. Hasan, “High Performance FPGA Based Elliptic Curve Cryptographic Co-Processor,” Proc. Int'l Conf. Information Technology: Coding and Computing (ITCC '04), vol. 2, pp. 486-492, Apr. 2004. [35] S. Okada, N. Torii, K. Itoh, and M. Takenaka, “Implementation of Elliptic Curve Cryptographic Coprocessor over $GF(2^{m})$ on an FPGA,” Cryptographic Hardware and Embedded Systems—CHES '00, pp. 25-40, 2000. [36] G. Orlando and C. Paar, “A High-Performance Reconfigurable Elliptic Curve Processor for $GF(2^{m})$ ,” Cryptographic Hardware and Embedded Systems—CHES '00, pp. 41-56, 2000. [37] F. Rodríguez-Henríquez, N. Saqib, and A. Díaz-Pérez, “A Fast Parallel Implementation of Elliptic Curve Point Multiplication over $GF(2^{m})$ ,” Microprocessors and Microsystems, vol. 28, nos. 5-6, pp. 329-339, Aug. 2004. [38] C. Shu, K. Gaj, and T. El-Ghazawi, “Low Latency Elliptic Curve Cryptography Accelerators for NIST Curves over Binary Fields,” Proc. IEEE Int'l Conf. Field-Programmable Technology (FPT '05), pp.309-310, Dec. 2005.