Abstract
In this paper we present a new multiplication algorithm for residues modulo the Mersenne prime \(2^{521} - 1\). Using this approach, on an Intel Haswell Core i7-4770, constant-time variable-base scalar multiplication on NIST’s (and SECG’s) curve P-521 requires 1,108,000 cycles, while on the recently proposed Edwards curve E-521 it requires just 943,000 cycles. As a comparison, on the same architecture openSSL’s ECDH speed test for curve P-521 requires 1,319,000 cycles. Furthermore, our code was written entirely in C and so is robust across different platforms. The basic observation behind these speedups is that the form of the modulus allows one to multiply residues with as few word-by-word multiplications as is needed for squaring, while incurring very little overhead from extra additions, in contrast to the usual Karatsuba methods.
Keywords
Download to read the full chapter text
Chapter PDF
References
Aranha, D.F., Barreto, P.S.L.M., Pereira, G.C.C.F., Ricardini, J.: A note on high-security general-purpose elliptic curves (2013). http://eprint.iacr.org/2013/647
Bernstein, D.J.: Curve25519: new diffie-hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)
Bernstein, D.J., Chuengsatiansup, C., Lange, T.: Curve41417: Karatsuba revisited. Cryptology ePrint Archive, Report 2014/526 (2014). http://eprint.iacr.org/
Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS2013, pp. 967–980. Berlin, Germany, 4–8 November 2013
Bernstein, D.J., Lange, T.: Safecurves: choosing safe curves for elliptic-curve cryptography (2014). http://safecurves.cr.yp.to. Accessed 11 September 2014
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. Journal of Cryptographic Engineering 2(2), 77–89 (2012)
Bos, J.W.: Constant time modular inversion. Journal of Cryptographic Engineering, 1–7 (2014)
Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Selecting elliptic curves for cryptography: an efficiency and security analysis. Cryptology ePrint Archive, Report 2014/130 (2014). http://eprint.iacr.org/
Bos, J.W., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Efficient simd arithmetic modulo a mersenne number. In: Proceedings of the 2011 IEEE 20th Symposium on Computer Arithmetic, ARITH 2011, pp. 213–221. IEEE Computer Society, Washington, DC, USA (2011)
Chung, J., Hasan, A.: More generalized mersenne numbers. In: Matsui, M., Zuccherato, R.J. (eds.) SAC. LNCS, vol. 3006, pp. 335–347. Springer, Heidelberg (2004)
Chung, J., Hasan, M.A.: Montgomery reduction algorithm for modular multiplication using low-weight polynomial form integers. In: ARITH 18, pp. 230–239 (2007)
Chung, J., Hasan, M.A.: Low-weight polynomial form integers for efficient modular multiplication. IEEE Transactions on Computers 56(1), 44–57 (Jan 2007)
Crandall, R., Pomerance, C.B.: Prime Numbers: A Computational Perspective. Lecture notes in statistics. Springer, Heidelberg (2006)
Crandall, R.E.: Method and apparatus for public key exchange in a cryptographic system. US Patent 5,159,632, 27 October 1992
Crandall, R.E.: Topics in Advanced Scientific Computation. Electronic Library of Science. Springer-Telos, Heidelberg (1996)
Crandall, R., Fagin, B.: Discrete weighted transforms and large-integer arithmetic. Math. Comput. 62(205), 305–324 (1994)
US Department of Commerce/N.I.S.T. 2000. Federal Information Processing Standards Publication 186–2. Fips 186–2. digital signature standard
Standards for Efficient Cryptography Group. Recommended elliptic curve domain parameters (2000). www.secg.org/collateral/sec2.pdf
Granger, R., Moss, A.: Generalised Mersenne numbers revisited. Math. Comp. 82(284), 2389–2420 (2013)
Hamburg, M.: Twisting edwards curves with isogenies. http://eprint.iacr.org/2014/027
Karatsuba, A., Ofman, Y.: Multiplication of Multidigit Numbers on Automata. Soviet Physics Doklady 7, 595–596 (January 1963)
Käsper, E.: Fast elliptic curve cryptography in openSSL. In: Danezis, G., Dietrich, S., Sako, K. (eds.) FC 2011 Workshops 2011. LNCS, vol. 7126, pp. 27–39. Springer, Heidelberg (2012)
Khachatrian, G.H., Kuregian, M.K., Ispiryan, K.R., Massey, J.L.: Fast multiplication of integers for public-key applications. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, p. 245. Springer, Heidelberg (2001)
Öztürk, E., Sunar, B., Savaş, E.: Low-power elliptic curve cryptography using scaled modular arithmetic. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 92–106. Springer, Heidelberg (2004)
Walter, C.D.: Faster modular multiplication by operand scaling. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 313–323. Springer, Heidelberg (1992)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 International Association for Cryptologic Research
About this paper
Cite this paper
Granger, R., Scott, M. (2015). Faster ECC over \(\mathbb {F}_{2^{521}-1}\) . In: Katz, J. (eds) Public-Key Cryptography -- PKC 2015. PKC 2015. Lecture Notes in Computer Science(), vol 9020. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46447-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-662-46447-2_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46446-5
Online ISBN: 978-3-662-46447-2
eBook Packages: Computer ScienceComputer Science (R0)