Abstract
This paper sets new software speed records for high-security Diffie-Hellman computations, specifically 251-bit elliptic-curve variable-base-point scalar multiplication. In one second of computation on a $200 Core 2 Quad Q6600 CPU, this paper’s software performs 30000 251-bit scalar multiplications on the binary Edwards curve d(x + x2 + y + y2) = (x + x2)(y + y2) over the field \({\bf F}_2[t]/(t^{251}+t^7+t^4+t^2+1)\) where d = t57 + t54 + t44 + 1. The paper’s field-arithmetic techniques can be applied in much more generality but have a particularly efficient interaction with the completeness of addition formulas for binary Edwards curves.
Keywords
References
Digital signature standard (DSS). Federal Information Processing Standard 186-2. National Institute of Standards and Technology (2000), http://csrc.nist.gov/publications/fips/ , Citations in this document: § 3
Standard specifications for public key cryptography. IEEE, Los Alamitos (2000); Citations in this document: §3
Information theory workshop, ITW 2006, Chengdu. IEEE, Los Alamitos (2006), See [67]
SPEED: software performance enhancement for encryption and decryption (2007), http://www.hyperelliptic.org/SPEED , See [35]
Design, automation & test in Europe conference & exhibition, 2007. In: DATE 2007. IEEE, Los Alamitos (2007), See [57]
Fifth international conference on information technology: new generations (ITNG 2008), Las Vegas, Nevada, USA, April 7-8, 2008. IEEE, Los Alamitos (2008), See [37]
Fifth workshop on fault diagnosis and tolerance in cryptography (FDTC 2008). IEEE, Los Alamitos (2008), See [31]
Aoki, K., Hoshino, F., Kobayashi, T.: A cyclic window algorithm for ECC defined over extension fields. In: [58], pp. 62–73 (2001); Citations in this document: §1
Aoki, K., Hoshino, F., Kobayashi, T., Oguro, H.: Elliptic curve arithmetic using SIMD. In: [27], pp. 235–247 (2001), Citations in this document: §1, §1
Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14, 153–176 (2001); ISSN 0933-2790, Citations in this document: §1
Bernstein, D.J.: Fast multiplication (2000), http://cr.yp.to/talks.html#2000.08.14 , Citations in this document: §2
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: [69], pp. 207–228 (2006), http://cr.yp.to/papers.html#curve25519 , Citations in this document: §1, §1, §1, §3, §3
Bernstein, D.J.: Can we avoid tests for zero in fast elliptic-curve arithmetic (2006), http://cr.yp.to/papers.html#curvezero , Citations in this document: §1
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: [49], pp. 29–50 (2007), http://cr.yp.to/papers.html#newelliptic , Citations in this document: §1
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2009), http://bench.cr.yp.to (accessed June 3, 2009); Citations in this document: §1
Bernstein, D.J., Lange, T., Farashahi, R. R.: Binary Edwards curves. In: [55], pp. 244–265 (2008), http://cr.yp.to/papers.html#edwards2 , Citations in this document: §1, §1, §1, §3, §3, §3, §3, §3, §3, §3, §3
Biham, E. (ed.): FSE 1997. LNCS, vol. 1267. Springer, Heidelberg (1997); ISBN 3-540-63247-6, See [18]
Biham, E.: A fast new DES implementation in software. In: [17], pp. 260–272 (1997); Citations in this document: §1
Bodrato, M.: Towards optimal Toom-Cook multiplication for univariate and multivariate polynomials in characteristic 2 and 0. In: [23], pp. 116–133 (2007), http://bodrato.it/papers/#WAIFI2007 , Citations in this document: §2
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. Journal of Symbolic Computation 24, 235–265 (1997); Citations in this document: §3
Boyd, C., Montague, P., Nguyen, K.: Elliptic curve based password authenticated key exchange protocols. In: [66], pp. 487–501 (2001), http://sky.fit.qut.edu.au/~boydc/papers/ , Citations in this document: §3
Brent, R.P., Gaudry, P., Thomé, E., Zimmermann, P.: Faster multiplication in GF(2)[x]. In: [65], pp. 153–166, http://wwwmaths.anu.edu.au/~brent/pub/pub232.html , Citations in this document: §1, §2
Carlet, C., Sunar, B. (eds.): WAIFI 2007. LNCS, vol. 4547. Springer, Heidelberg (2007); ISBN 978-3-540-73073-6, See [19]
Chang, N.S., Kim, C.H., Park, Y.-H., Lim, J.: A non-redundant and efficient architecture for Karatsuba-Ofman algorithm. In: [70], pp. 288–299 (2005); Citations in this document: §2
Chevassut, O., Fouque, P.-A., Gaudry, P., Pointcheval, D.: The Twist-AUgmented technique for key exchange. In: [69], pp. 410–426 (2006), http://www.loria.fr/~gaudry/papers.en.html , Citations in this document: §3
Chudnovsky, D.V., Chudnovsky, G.V.: Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Advances in Applied Mathematics 7, 385–434 (1986); MR 88h:11094, Citations in this document: §3
Davida, G.I., Frankel, Y. (eds.): ISC 2001. LNCS, vol. 2200. Springer, Heidelberg (2001); ISBN 978-3-540-42662-2, See [9]
Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007), http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html , Citations in this document: §3
Fan, H., Sun, J., Gu, M., Lam., K.-Y.: Overlap-free Karatsuba-Ofman polynomial multiplication algorithms for hardware implementations (October 7, 2008), http://eprint.iacr.org/2007/393 , Citations in this document: §2
Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited. IEEE Transactions on Computers 53, 1047–1059 (2004), http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html , ISSN 0018–9340, Citations in this document: §1
Fouque, P.-A., Lercier, R., Réal, D., Valette, F.: Fault attack on elliptic curve with Montgomery ladder implementation. In: [7], pp. 92–98 (2008), http://www.di.ens.fr/~fouque/index-pub.html , Citations in this document: §3
Fürer, M.: Faster integer multiplication. In: [42], pp. 57–66 (2007), http://www.cse.psu.edu/~furer/ , Citations in this document: §2
Galbraith, S., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: [43], pp. 518–535 (2009), http://eprint.iacr.org/2008/194 , Citations in this document: §1, §3
Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [46], pp. 190–200 (2001), MR 2003h:14043, Citations in this document: §3
Gaudry, P., Thomé, E.: The mpFq library and implementing curve-based key exchanges. In: [4], pp. 49–64 (2007), http://www.loria.fr/~gaudry/papers.en.html , Citations in this document: §1, §1, §1
Güneysu, T., Paar, C.: Ultra high performance ECC over NIST primes on commercial FPGAs. In: [55], pp. 62–78 (2008); Citations in this document: §1, §1
Gueron, S., Kounavis, M.E.: A technique for accelerating characteristic 2 elliptic curve cryptography. In: [6], pp. 265–272 (2008); Citations in this document: §1
Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: [48], pp. 1–24 (2000), http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps , Citations in this document: §1, §1
Hankerson, D., Karabina, K., Menezes., A.: Analyzing the Galbraith–Lin–Scott point multiplication method for elliptic curves over binary fields (2008), http://eprint.iacr.org/2008/334 , Citations in this document: §1, §3
Intel Corporation, Carry-less multiplication and its usage for computing the GCM mode (2008), http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode , Citations in this document: §1
Intel Corporation, Intel Advanced Vector Extensions programming reference (2008), http://softwarecommunity.intel.com/isn/downloads/intelavx/Intel-AVX-Programming-Reference-31943302.pdf , Citations in this document: §1
Johnson, D.S., Feige, U. (eds.): Proceedings of the 39th annual ACM symposium on theory of computing, San Diego, California, USA, June 11–13. Association for Computing Machinery, New York (2007); ISBN 978–1–59593–631–8, See [32]
Joux, A. (ed.): EUROCRYPT 2009. LNCS, vol. 5479. Springer, Heidelberg (2009); ISBN 978-3-642-01000-2, See [33]
Kaliski Jr., B.S.: One-way permutations on elliptic curves. Journal of Cryptology 3, 187–199 (1991), Citations in this document: §3
Karatsuba, A.A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics Doklady 7, 595–596 (1963), http://cr.yp.to/bib/entries.html#1963/karatsuba , ISSN 0038–5689, Citations in this document: §2, §2
Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001); ISBN 3-540-42456-3. MR 2003d:94002, See [34]
Koblitz, A.H., Koblitz, N., Menezes, A.: Elliptic curve cryptography: the serpentine course of a paradigm shift (2008), http://eprint.iacr.org/2008/390 , Citations in this document: §3
Koç, Ç.K., Paar, C. (eds.): CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000); ISBN 3-540-42521-7, See [38]
Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007); ISBN 978-3-540-76899-9, See [14]
Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: [56], pp. 121–134 (2007), Citations in this document: §1
Menezes, A., Qu, M.: Analysis of the Weil descent attack of Gaudry, Hess and Smart. In: [54], pp. 308–318 (2001), Citations in this document: §3
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987), http://links.jstor.org/sici?sici=0025-571819870148:177243:STPAEC2.0.CO;2-3 ; ISSN 0025-5718. MR 88e:11130, Citations in this document: §1, §3, §3, §3, §3
Montgomery, P.L.: Five, six, and seven-term Karatsuba-like formulae. IEEE Transactions on Computers 54, 362–369 (2005); Citations in this document: §2
Naccache, D. (ed.): CT-RSA 2008. LNCS, vol. 4964. Springer, Heidelberg (2008); ISBN 3-540-41898-9. MR 2003a:94039, See [51]
Oswald, E., Rohatgi, P. (eds.): CHES 2008. LNCS, vol. 5154. Springer, Heidelberg (2008); ISBN 978-3-540-85052-6, See [16], [36]
Paillier, P., Verbauwhede, I. (eds.): CHES 2007. LNCS, vol. 4727. Springer, Heidelberg (2007); ISBN 978-3-540-74734-5, See [50]
Peter, S., Langendörfer, P.: An efficient polynomial multiplier in GF(2m) and its application to ECC designs. In: [5] (2007), http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?isnumber=4211749&arnumber=4211979&count=305&index=229 , Citations in this document: §2
Qing, S., Okamoto, T., Zhou, J. (eds.): ICICS 2001. LNCS, vol. 2229. Springer, Heidelberg (2001); ISBN 3-540-42880-1, See [8]
Rodríguez-Henríquez, F., Koç, Ç.K.: On fully parallel Karatsuba multipliers for GF(2m). In: [60], pp. 405–410 (2003); Citations in this document: §2, §2
Sahni, S. (ed.): Proceedings of the international conference on computer science and technology. Acta Press (2003); See [59]
Schönhage, A.: Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Informatica 7, 395–398 (1977), http://cr.yp.to/bib/entries.html#1977/schoenhage , ISSN 0001–5903. MR 55:9604, Citations in this document: §2
Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971), http://cr.yp.to/bib/entries.html#1971/schoenhage-mult , ISSN 0010–485X. MR 45:1431. Citations in this document: §2
Stein, W. (ed.): Sage Mathematics Software (Version 3.2.3) The Sage Group (2009), http://www.sagemath.org , Citations in this document: §1
Toom, A.L.: The complexity of a scheme of functional elements realizing the multiplication of integers. Soviet Mathematics Doklady 3, 714–716 (1963); ISSN 0197–6788. Citations in this document: §2
van der Poorten, A.J., Stein, A. (eds.): ANTS-VIII 2008. LNCS, vol. 5011. Springer, Heidelberg (2008); ISBN 978-3-540-79455-4, See [22]
Varadharajan, V., Mu, Y. (eds.): ACISP 2001. LNCS, vol. 2119. Springer, Heidelberg (2001); ISBN 978-3-540-42300-3, See [21]
von zur Gathen, J., Shokrollahi, J.: Fast arithmetic for polynomials over \(\mathord{\text{\bf F}}_2\) in hardware. In: [3], pp. 107–111 (2006); Citations in this document: §2, §2, §2
Weimerskirch, A., Paar, C.: Generalizations of the Karatsuba algorithm for efficient implementations (2006), http://eprint.iacr.org/2006/224 , Citations in this document: §2
Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): PKC 2006. LNCS, vol. 3958. Springer, Heidelberg (2006); ISBN 978-3-540-33851-2, See [12], [25]
Zhou, J., López, J., Deng, R.H., Bao, F. (eds.): ISC 2005. LNCS, vol. 3650. Springer, Heidelberg (2005); ISBN 3-540-29001-X, See [24]
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernstein, D.J. (2009). Batch Binary Edwards. In: Halevi, S. (eds) Advances in Cryptology - CRYPTO 2009. CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03356-8_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-03356-8_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03355-1
Online ISBN: 978-3-642-03356-8
eBook Packages: Computer ScienceComputer Science (R0)