Abstract
This paper sets new software speed records for high-security Diffie-Hellman computations, specifically 251-bit elliptic-curve variable-base-point scalar multiplication. In one second of computation on a $200 Core 2 Quad Q6600 CPU, this paper’s software performs 30000 251-bit scalar multiplications on the binary Edwards curve d(x + x2 + y + y2) = (x + x2)(y + y2) over the field \({\bf F}_2[t]/(t^{251}+t^7+t^4+t^2+1)\) where d = t57 + t54 + t44 + 1. The paper’s field-arithmetic techniques can be applied in much more generality but have a particularly efficient interaction with the completeness of addition formulas for binary Edwards curves.
Chapter PDF
Similar content being viewed by others
Keywords
References
Digital signature standard (DSS). Federal Information Processing Standard 186-2. National Institute of Standards and Technology (2000), http://csrc.nist.gov/publications/fips/ , Citations in this document: § 3
Standard specifications for public key cryptography. IEEE, Los Alamitos (2000); Citations in this document: §3
Information theory workshop, ITW 2006, Chengdu. IEEE, Los Alamitos (2006), See [67]
SPEED: software performance enhancement for encryption and decryption (2007), http://www.hyperelliptic.org/SPEED , See [35]
Design, automation & test in Europe conference & exhibition, 2007. In: DATE 2007. IEEE, Los Alamitos (2007), See [57]
Fifth international conference on information technology: new generations (ITNG 2008), Las Vegas, Nevada, USA, April 7-8, 2008. IEEE, Los Alamitos (2008), See [37]
Fifth workshop on fault diagnosis and tolerance in cryptography (FDTC 2008). IEEE, Los Alamitos (2008), See [31]
Aoki, K., Hoshino, F., Kobayashi, T.: A cyclic window algorithm for ECC defined over extension fields. In: [58], pp. 62–73 (2001); Citations in this document: §1
Aoki, K., Hoshino, F., Kobayashi, T., Oguro, H.: Elliptic curve arithmetic using SIMD. In: [27], pp. 235–247 (2001), Citations in this document: §1, §1
Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14, 153–176 (2001); ISSN 0933-2790, Citations in this document: §1
Bernstein, D.J.: Fast multiplication (2000), http://cr.yp.to/talks.html#2000.08.14 , Citations in this document: §2
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: [69], pp. 207–228 (2006), http://cr.yp.to/papers.html#curve25519 , Citations in this document: §1, §1, §1, §3, §3
Bernstein, D.J.: Can we avoid tests for zero in fast elliptic-curve arithmetic (2006), http://cr.yp.to/papers.html#curvezero , Citations in this document: §1
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: [49], pp. 29–50 (2007), http://cr.yp.to/papers.html#newelliptic , Citations in this document: §1
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2009), http://bench.cr.yp.to (accessed June 3, 2009); Citations in this document: §1
Bernstein, D.J., Lange, T., Farashahi, R. R.: Binary Edwards curves. In: [55], pp. 244–265 (2008), http://cr.yp.to/papers.html#edwards2 , Citations in this document: §1, §1, §1, §3, §3, §3, §3, §3, §3, §3, §3
Biham, E. (ed.): FSE 1997. LNCS, vol. 1267. Springer, Heidelberg (1997); ISBN 3-540-63247-6, See [18]
Biham, E.: A fast new DES implementation in software. In: [17], pp. 260–272 (1997); Citations in this document: §1
Bodrato, M.: Towards optimal Toom-Cook multiplication for univariate and multivariate polynomials in characteristic 2 and 0. In: [23], pp. 116–133 (2007), http://bodrato.it/papers/#WAIFI2007 , Citations in this document: §2
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. Journal of Symbolic Computation 24, 235–265 (1997); Citations in this document: §3
Boyd, C., Montague, P., Nguyen, K.: Elliptic curve based password authenticated key exchange protocols. In: [66], pp. 487–501 (2001), http://sky.fit.qut.edu.au/~boydc/papers/ , Citations in this document: §3
Brent, R.P., Gaudry, P., Thomé, E., Zimmermann, P.: Faster multiplication in GF(2)[x]. In: [65], pp. 153–166, http://wwwmaths.anu.edu.au/~brent/pub/pub232.html , Citations in this document: §1, §2
Carlet, C., Sunar, B. (eds.): WAIFI 2007. LNCS, vol. 4547. Springer, Heidelberg (2007); ISBN 978-3-540-73073-6, See [19]
Chang, N.S., Kim, C.H., Park, Y.-H., Lim, J.: A non-redundant and efficient architecture for Karatsuba-Ofman algorithm. In: [70], pp. 288–299 (2005); Citations in this document: §2
Chevassut, O., Fouque, P.-A., Gaudry, P., Pointcheval, D.: The Twist-AUgmented technique for key exchange. In: [69], pp. 410–426 (2006), http://www.loria.fr/~gaudry/papers.en.html , Citations in this document: §3
Chudnovsky, D.V., Chudnovsky, G.V.: Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Advances in Applied Mathematics 7, 385–434 (1986); MR 88h:11094, Citations in this document: §3
Davida, G.I., Frankel, Y. (eds.): ISC 2001. LNCS, vol. 2200. Springer, Heidelberg (2001); ISBN 978-3-540-42662-2, See [9]
Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007), http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html , Citations in this document: §3
Fan, H., Sun, J., Gu, M., Lam., K.-Y.: Overlap-free Karatsuba-Ofman polynomial multiplication algorithms for hardware implementations (October 7, 2008), http://eprint.iacr.org/2007/393 , Citations in this document: §2
Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited. IEEE Transactions on Computers 53, 1047–1059 (2004), http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html , ISSN 0018–9340, Citations in this document: §1
Fouque, P.-A., Lercier, R., Réal, D., Valette, F.: Fault attack on elliptic curve with Montgomery ladder implementation. In: [7], pp. 92–98 (2008), http://www.di.ens.fr/~fouque/index-pub.html , Citations in this document: §3
Fürer, M.: Faster integer multiplication. In: [42], pp. 57–66 (2007), http://www.cse.psu.edu/~furer/ , Citations in this document: §2
Galbraith, S., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: [43], pp. 518–535 (2009), http://eprint.iacr.org/2008/194 , Citations in this document: §1, §3
Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [46], pp. 190–200 (2001), MR 2003h:14043, Citations in this document: §3
Gaudry, P., Thomé, E.: The mpFq library and implementing curve-based key exchanges. In: [4], pp. 49–64 (2007), http://www.loria.fr/~gaudry/papers.en.html , Citations in this document: §1, §1, §1
Güneysu, T., Paar, C.: Ultra high performance ECC over NIST primes on commercial FPGAs. In: [55], pp. 62–78 (2008); Citations in this document: §1, §1
Gueron, S., Kounavis, M.E.: A technique for accelerating characteristic 2 elliptic curve cryptography. In: [6], pp. 265–272 (2008); Citations in this document: §1
Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: [48], pp. 1–24 (2000), http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps , Citations in this document: §1, §1
Hankerson, D., Karabina, K., Menezes., A.: Analyzing the Galbraith–Lin–Scott point multiplication method for elliptic curves over binary fields (2008), http://eprint.iacr.org/2008/334 , Citations in this document: §1, §3
Intel Corporation, Carry-less multiplication and its usage for computing the GCM mode (2008), http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode , Citations in this document: §1
Intel Corporation, Intel Advanced Vector Extensions programming reference (2008), http://softwarecommunity.intel.com/isn/downloads/intelavx/Intel-AVX-Programming-Reference-31943302.pdf , Citations in this document: §1
Johnson, D.S., Feige, U. (eds.): Proceedings of the 39th annual ACM symposium on theory of computing, San Diego, California, USA, June 11–13. Association for Computing Machinery, New York (2007); ISBN 978–1–59593–631–8, See [32]
Joux, A. (ed.): EUROCRYPT 2009. LNCS, vol. 5479. Springer, Heidelberg (2009); ISBN 978-3-642-01000-2, See [33]
Kaliski Jr., B.S.: One-way permutations on elliptic curves. Journal of Cryptology 3, 187–199 (1991), Citations in this document: §3
Karatsuba, A.A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics Doklady 7, 595–596 (1963), http://cr.yp.to/bib/entries.html#1963/karatsuba , ISSN 0038–5689, Citations in this document: §2, §2
Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001); ISBN 3-540-42456-3. MR 2003d:94002, See [34]
Koblitz, A.H., Koblitz, N., Menezes, A.: Elliptic curve cryptography: the serpentine course of a paradigm shift (2008), http://eprint.iacr.org/2008/390 , Citations in this document: §3
Koç, Ç.K., Paar, C. (eds.): CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000); ISBN 3-540-42521-7, See [38]
Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007); ISBN 978-3-540-76899-9, See [14]
Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: [56], pp. 121–134 (2007), Citations in this document: §1
Menezes, A., Qu, M.: Analysis of the Weil descent attack of Gaudry, Hess and Smart. In: [54], pp. 308–318 (2001), Citations in this document: §3
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987), http://links.jstor.org/sici?sici=0025-571819870148:177243:STPAEC2.0.CO;2-3 ; ISSN 0025-5718. MR 88e:11130, Citations in this document: §1, §3, §3, §3, §3
Montgomery, P.L.: Five, six, and seven-term Karatsuba-like formulae. IEEE Transactions on Computers 54, 362–369 (2005); Citations in this document: §2
Naccache, D. (ed.): CT-RSA 2008. LNCS, vol. 4964. Springer, Heidelberg (2008); ISBN 3-540-41898-9. MR 2003a:94039, See [51]
Oswald, E., Rohatgi, P. (eds.): CHES 2008. LNCS, vol. 5154. Springer, Heidelberg (2008); ISBN 978-3-540-85052-6, See [16], [36]
Paillier, P., Verbauwhede, I. (eds.): CHES 2007. LNCS, vol. 4727. Springer, Heidelberg (2007); ISBN 978-3-540-74734-5, See [50]
Peter, S., Langendörfer, P.: An efficient polynomial multiplier in GF(2m) and its application to ECC designs. In: [5] (2007), http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?isnumber=4211749&arnumber=4211979&count=305&index=229 , Citations in this document: §2
Qing, S., Okamoto, T., Zhou, J. (eds.): ICICS 2001. LNCS, vol. 2229. Springer, Heidelberg (2001); ISBN 3-540-42880-1, See [8]
Rodríguez-Henríquez, F., Koç, Ç.K.: On fully parallel Karatsuba multipliers for GF(2m). In: [60], pp. 405–410 (2003); Citations in this document: §2, §2
Sahni, S. (ed.): Proceedings of the international conference on computer science and technology. Acta Press (2003); See [59]
Schönhage, A.: Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Informatica 7, 395–398 (1977), http://cr.yp.to/bib/entries.html#1977/schoenhage , ISSN 0001–5903. MR 55:9604, Citations in this document: §2
Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971), http://cr.yp.to/bib/entries.html#1971/schoenhage-mult , ISSN 0010–485X. MR 45:1431. Citations in this document: §2
Stein, W. (ed.): Sage Mathematics Software (Version 3.2.3) The Sage Group (2009), http://www.sagemath.org , Citations in this document: §1
Toom, A.L.: The complexity of a scheme of functional elements realizing the multiplication of integers. Soviet Mathematics Doklady 3, 714–716 (1963); ISSN 0197–6788. Citations in this document: §2
van der Poorten, A.J., Stein, A. (eds.): ANTS-VIII 2008. LNCS, vol. 5011. Springer, Heidelberg (2008); ISBN 978-3-540-79455-4, See [22]
Varadharajan, V., Mu, Y. (eds.): ACISP 2001. LNCS, vol. 2119. Springer, Heidelberg (2001); ISBN 978-3-540-42300-3, See [21]
von zur Gathen, J., Shokrollahi, J.: Fast arithmetic for polynomials over \(\mathord{\text{\bf F}}_2\) in hardware. In: [3], pp. 107–111 (2006); Citations in this document: §2, §2, §2
Weimerskirch, A., Paar, C.: Generalizations of the Karatsuba algorithm for efficient implementations (2006), http://eprint.iacr.org/2006/224 , Citations in this document: §2
Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): PKC 2006. LNCS, vol. 3958. Springer, Heidelberg (2006); ISBN 978-3-540-33851-2, See [12], [25]
Zhou, J., López, J., Deng, R.H., Bao, F. (eds.): ISC 2005. LNCS, vol. 3650. Springer, Heidelberg (2005); ISBN 3-540-29001-X, See [24]
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernstein, D.J. (2009). Batch Binary Edwards. In: Halevi, S. (eds) Advances in Cryptology - CRYPTO 2009. CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03356-8_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-03356-8_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03355-1
Online ISBN: 978-3-642-03356-8
eBook Packages: Computer ScienceComputer Science (R0)