Abstract
Cryptographic commitment schemes are used in many contexts, whereby the size of the secret data and the security requirements depend on the target application. Using a software library that has been designed for other purposes (e.g., key-exchange or digital signatures) to compute commitments can be complicated or inefficient. We present in this paper a flexible implementation of Pedersen commitments based on elliptic curves in twisted Edwards form. The implementation supports a set of five curves of varying cryptographic strength, which are defined over 127, 159, 191, 223, and 255-bit pseudo-Mersenne prime fields. One can dynamically (i.e., at runtime) choose one of the curves according to the required level of security, and it is also possible to adapt to the size of the data to be committed by varying the number of base points. The point arithmetic is performed with optimized formulas using extended coordinates and dynamically pre-computed tables are utilized to speed up the scalar multiplication. Our implementation is written in ANSI C (with optional x86 assembler optimizations for the field arithmetic) and was compiled and tested successfully with Visual C on Windows, gcc on Linux, and clang on macOS. We present detailed benchmarking results for the field and point arithmetic on all five curves. When using an Intel Core i7 processor clocked at 2.7 GHz as test platform, we can compute more than 38,000 commitments per second on a twisted Edwards curve over a 127-bit field.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Atkin, A.O.: Probabilistic primality testing (summary by F. Morain). In: INRIA Research Report 1779, pp. 159–163 (1992.) http://algo.inria.fr/seminars/sem91-92/atkin.pdf
Bernstein, D.J.: Curve25519: new diffie-hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). doi:10.1007/11745853_14
Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68164-9_26
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 1–13 (2012)
Brands, S.: Rapid demonstration of linear relations connected by boolean operators. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 318–333. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_22
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993). doi:10.1007/3-540-47555-9_18
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)
Chu, D., Großschädl, J., Liu, Z., Müller, V., Zhang, Y.: Twisted Edwards-form elliptic curve cryptography for 8-bit AVR-based sensor nodes. In: Xu, S., Zhao, Y. (eds.) Proceedings of the 1st ACM Workshop on Asia Public-Key Cryptography (AsiaPKC 2013), pp. 39–44. ACM Press (2013)
Damgård, I.: Commitment schemes and zero-knowledge protocols. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, pp. 63–86. Springer, Heidelberg (1999). doi:10.1007/3-540-48969-X_3
Demirel, D., Lancrenon, J.: How to securely prolong the computational bindingness of pedersen commitments. IACR Cryptology ePrint Archive 2015:584 (2015)
Edwards, H.M.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44(3), 393–422 (2007)
Franck, C., Sorger, U.K.: Untraceable voip communication based on dc-nets. CoRR, abs/1610.06549 (2016)
Franck, C., van de Graaf, J.: Dining cryptographers are practical (preliminary version). CoRR, abs/1402.2269 (2014)
Ghatpande, S., Großschädl, J., Liu, Z.: A family of lightweight twisted Edwards curves for the Internet of things. Preprint, submitted for publication (2017)
Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, New York (2004)
Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted edwards curves revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89255-7_20
Intel Corporation: How to Benchmark Code Execution Times on Intel® IA-32 and IA-64 Instruction Set Architectures (2010). White paper http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdf
Intel Corporation: Intel® Quark™ SoC X1000 (2015). Product specification http://ark.intel.com/products/79084/Intel-Quark-SoC-X1000-16K-Cache-400-MHz
Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994). doi:10.1007/3-540-48658-5_11
Liu, Z., Großschädl, J., Li, L., Xu, Q.: Energy-efficient elliptic curve cryptography for msp430-based wireless sensor nodes. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 94–112. Springer, Cham (2016). doi:10.1007/978-3-319-40253-6_6
National Institute of Standards and Technology (NIST): Digital Signature Standard (DSS), July 2013. FIPS Publication 186–4, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_9
Pippenger, N.: On the evaluation of powers and related problems. In: Proceedings of the 17th Annual Symposium on Foundations of Computer Science, pp. 258–263. IEEE Computer Society (1976)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Algorithms for Point Arithmetic
Algorithms for Point Arithmetic
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Franck, C., Großschädl, J. (2017). Efficient Implementation of Pedersen Commitments Using Twisted Edwards Curves. In: Bouzefrane, S., Banerjee, S., Sailhan, F., Boumerdassi, S., Renault, E. (eds) Mobile, Secure, and Programmable Networking. MSPN 2017. Lecture Notes in Computer Science(), vol 10566. Springer, Cham. https://doi.org/10.1007/978-3-319-67807-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-67807-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67806-1
Online ISBN: 978-3-319-67807-8
eBook Packages: Computer ScienceComputer Science (R0)