Delaying and Merging Operations in Scalar Multiplication: Applications to Curve-Based Cryptosystems

  • Roberto Maria Avanzi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)


In this paper we introduce scalar multiplication algorithms for several classes of elliptic and hyperelliptic curves. The methods are variations on Yao’s scalar multiplication algorithm where independent group operations are shown in an explicit way. We can thus merge several group operations and reduce the number of field operations by means of Montgomery’s trick. The results are that scalar multiplication on elliptic curves in even characteristic based on point halving can be improved by at least 10% and the performance of Koblitz curves by 25% to 32%.


Elliptic Curf Scalar Multiplication Hyperelliptic Curve Accumulation Step Operation Count 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Avanzi, R.M.: Aspects of hyperelliptic curves over large prime fields in software implementations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 148–162. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Avanzi, R.M.: A Note on the Signed Sliding Window Integer Recoding and its Left-to-Right Analogue. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 130–143. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Avanzi, R.M., Ciet, M., Sica, F.: Faster Scalar Multiplication on Koblitz Curves combining Point Halving with the Frobenius Endomorphism. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 28–40. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    SAvanzi, R.M., Heuberger, C., Prodinger, H.: On Redundant τ-adic Expansions and Non-Adjacent Digit Sets. LNCS. vol. 4356, pp. 285–301, Springer, Heidelberg (this volume)Google Scholar
  5. 5.
    Avanzi, R.M., Thériault, N., Wang, Z.: Rethinking Low Genus Hyperelliptic Jacobian Arithmetic over Binary Fields: Interplay of Field Arithmetic and Explicit Formulae. CACR report 2006-07, Available at
  6. 6.
    Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Ciet, M., Joye, M., Lauter, K., Montgomery, P.L.: Trading Inversions for Multiplications in Elliptic Curve Cryptography. Designs Codes and Cryptography 39(2), 189–206 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Clark, W.E., Liang, J.J.: On arithmetic weight for a general radix representation of integers. IEEE Transactions on Information Theory IT-19, 823–826 (1973)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Cohen, H.: A course in computational algebraic number theory. Graduate Texts in Math. 138, Springer, Heidleberg, 1993, Third corrected printing (1996)Google Scholar
  10. 10.
    Cohen, H., Frey, G. (eds.): The Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)Google Scholar
  11. 11.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 282–290. Springer, Heidelberg (1997)Google Scholar
  12. 12.
    Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Duursma, I., Lee, H.-S: Tate Pairing Implementation for Hyperelliptic Curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)Google Scholar
  14. 14.
    Fong, K., Hankerson, D., López, J., Menezes, A.: Field Inversion and Point Halving Revisited. IEEE Trans. Computers 53(8), 1047–1059 (2004)CrossRefGoogle Scholar
  15. 15.
    Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Algorithmic Number Theory. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Koblitz, N.: Hyperelliptic cryptosystems. J. Cryptology 1, 139–150 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Kolchin, V.F., Sevast’yanov, B.A., Chistyakov, V.P.: Random Allocations. V.H. Winston and Sons, Washington DC (1978)Google Scholar
  18. 18.
    Knudsen, E.W.: Elliptic Scalar Multiplication Using Point Halving. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 135–149. Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  20. 20.
    Lange, T.: Formulae for arithmetic on genus 2 hyperelliptic curves. Appl. Algebra Engrg. Comm. Comput. 15(5), 295–328 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Lange, T., Stevens, M.: Efficient doubling for genus two curves over binary fields. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 170–181. Springer, Berlin (2004)Google Scholar
  22. 22.
    Mishra, P.K., Sarkar, P.: Application of Montgomery’s Trick to Scalar Multiplication for Elliptic and Hyperelliptic Curves Using a Fixed Base Point. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 41–54. Springer, Heidelberg (2004)Google Scholar
  23. 23.
    Möller, B.: Algorithms for Multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 165–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Reitwiesner, G.W.: Binary arithmetic. Advances in Computers 1, 231–308 (1960)MathSciNetGoogle Scholar
  25. 25.
    Schroeppel, R.: Elliptic curve point ambiguity resolution apparatus and method. International Application Number PCT/US00/31014, filed (November 9, 2000)Google Scholar
  26. 26.
    Solinas, J.A.: An improved algorithm for arithmetic on a family of elliptic curves. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 357–371. Springer, Heidelberg (1997)Google Scholar
  27. 27.
    Solinas, J.A.: Efficient Arithmetic on Koblitz Curves. Codes and Cryptography 19(2/3), 125–179 (2000)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Yao, A.C.: On the evaluation of powers. SIAM J. Comp. 5, 100–103 (1976)zbMATHCrossRefGoogle Scholar
  29. 29.
    National Institute of Standards and Technology. Digital Signature Standard. FIPS Publication 186-2 (February 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Roberto Maria Avanzi
    • 1
  1. 1.Faculty of Mathematics and Horst Görtz Institute for IT Security, Ruhr-University BochumGermany

Personalised recommendations