Abstract
Computing elliptic-curve scalar multiplication is the most time consuming operation in any elliptic-curve cryptosystem. In the last decades, it has been shown that pre-computations of elliptic-curve points improve the performance of scalar multiplication especially in cases where the elliptic-curve point P is fixed. In this paper, we present an improved fixed-base comb method for scalar multiplication. In contrast to existing comb methods such as proposed by Lim and Lee or Tsaur and Chou, we make use of a width-ω non-adjacent form representation and restrict the number of rows of the comb to be greater or equal ω. The proposed method shows a significant reduction in the number of required elliptic-curve point addition operation. The computational complexity is reduced by 33 to 38,% compared to Tsaur and Chou method even for devices that have limited resources. Furthermore, we propose a constant-time variation of the method to thwart simple-power analysis attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Booth, A.D.: A signed binary multiplication technique. Q. J. Mech. Applied Math., 236–240 (1951)
Bosma, W.: Signed bits and fast exponentiation. Jornal de Théorie des Nombers de Bordeaux 13, 27–41 (2001)
Brauer, A.: On addition chains. Bull. Amer. Math. Soc. 45, 736–739 (1939)
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast Exponentiation with Precomputation (Extended Abstract). In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)
Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of elliptic and hyperelliptic curve cryptography. Taylor and Francis Group, LLC (2006)
Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Feng, M., Zhu, B.B., Xu, M., Li, S.: Efficient comb elliptic curve multiplication methods resistant to power analysis. IACR Cryptology ePrint Archive, 2005:222 (2005)
Gordan, D.M.: A survey of fast exponentiation methods. Journal of Algorithms 27, 129–146 (1998)
Hankerson, D., Menezes, A., Vanstone, S.: Guide to elliptic curve cryptography. Springer, New York (2004)
Hedabou, M., Pinel, P., Bénéteau, L.: A comb method to render ecc resistant against side channel attacks. Paper submitted only to the Cryptology ePrint Archive. hedabou@insa-toulouse.fr 12754 (received, December 2, 2004)
Hedabou, M., Pinel, P., Bénéteau, L.: Countermeasures for Preventing Comb Method Against SCA Attacks. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 85–96. Springer, Heidelberg (2005)
Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–220 (1987)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lim, C.H., Lee, P.J.: More Flexible Exponentiation with Precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)
Joye, M., Tunstall, M.: Exponent Recoding and Regular Exponentiation Algorithms. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 334–349. Springer, Heidelberg (2009)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer (2007) ISBN 978-0-387-30857-9
Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)
Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. Theor. Inform. Appli. 24, 531–543 (1989)
Reitwiesner, G.W.: Binary arithmetic. Advances in Computers 1, 231–308 (1960)
Sakai, Y., Sakurai, K.: Speeding up elliptic scalar multiplication using multidoubling. IEICE Transactions Fundamentals E85-A(5), 1075–1083 (2002)
Sakai, Y., Sakurai, K.: A New Attack with Side Channel Leakage During Exponent Recoding Computations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 298–311. Springer, Heidelberg (2004)
Silverman, J.H.: The arithmetic of elliptic curves, vol. 106. Springer, Berlin (1986)
Solinas, J.A.: Effiecient arithmetic on koblitz curves. Designs, Codes and Cryptography 19, 195–249 (2000)
Thurber, E.G.: On addition chains l(mn) ≤ l(n) − b and lower bounds for c(r). Duke Mathematical Journal 40, 907–913 (1973)
Tsaur, W.-J., Chou, C.-H.: Efficient algorithm for speeding up the computations of elliptic curve cryptosystem. Applied Mathematics and Computation 168, 1045–1064 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mohamed, N.A.F., Hashim, M.H.A., Hutter, M. (2012). Improved Fixed-Base Comb Method for Fast Scalar Multiplication. In: Mitrokotsa, A., Vaudenay, S. (eds) Progress in Cryptology - AFRICACRYPT 2012. AFRICACRYPT 2012. Lecture Notes in Computer Science, vol 7374. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31410-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-31410-0_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31409-4
Online ISBN: 978-3-642-31410-0
eBook Packages: Computer ScienceComputer Science (R0)