Koblitz Curves and Integer Equivalents of Frobenius Expansions
نویسندگان
چکیده
Scalar multiplication on Koblitz curves can be very efficient due to the elimination of point doublings. Modular reduction of scalars is commonly performed to reduce the length of expansions, and τ -adic NonAdjacent Form (NAF) can be used to reduce the density. However, such modular reduction can be costly. An alternative to this approach is to use a random τ -adic NAF, but some cryptosystems (e.g. ECDSA) require both the integer and the scalar multiple. This paper presents an efficient method for computing integer equivalents of random τ -adic expansions. The hardware implications are explored, and an efficient hardware implementation is presented. The results suggest significant computational efficiency gains over previously documented methods.
منابع مشابه
Arithmetic of Supersingular Koblitz Curves in Characteristic Three
We consider digital expansions of scalars for supersingular Koblitz curves in characteristic three. These are positional representations of integers to the base of τ , where τ is a zero of the characteristic polynomial T 2 ± 3T + 3 of a Frobenius endomorphism. They are then applied to the improvement of scalar multiplication on the Koblitz curves. A simple connection between τ -adic expansions ...
متن کاملHow to Use Koblitz Curves on Small Devices?
Koblitz curves allow very efficient scalar multiplications because point doublings can be traded for cheap Frobenius endomorphisms by representing the scalar as a τ -adic expansion. Typically elliptic curve cryptosystems, such as ECDSA, also require the scalar as an integer. This results in a need for conversions between integers and the τ -adic domain, which are costly and prevent from using K...
متن کاملOptimality of Digital Expansions to the Base of the Frobenius Endomorphism on Koblitz Curves in Characteristic Three
2 τ-adic Expansions 3 2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Properties of τ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 Digit Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.4 Optimality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.5 Exam...
متن کاملEfficient Arithmetic on Subfield Elliptic Curves over Small Odd Characteristics
In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, non-adjacent form (NAF) and its generalizations (e.g., generalized non-adjacent form (...
متن کاملMinimality of the Hamming Weight of the T-NAF for Koblitz Curves and Improved Combination with Point Halving
In order to efficiently perform scalar multiplications on elliptic Koblitz curves, expansions of the scalar to a complex base associated with the Frobenius endomorphism are commonly used. One such expansion is the τ -adic NAF, introduced by Solinas. Some properties of this expansion, such as the average weight, are well known, but in the literature there is no proof of its optimality, i.e. that...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007