An advanced method for joint scalar multiplications on memory constraint devices

Erik Dahmen, Katsuyuki Okeya, Tsuyoshi Takagi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

One of the most frequent operations in modern cryptosystems is a multi-scalar multiplication with two scalars. Common methods to compute it are the Shamir method and the Interleave method whereas their speed mainly depends on the (joint) Hamming weight of the scalars. To increase the speed, the scalars are usually deployed using some general representation which provides a lower (joint) Hamming weight than the binary representation. However, by using such general representations the precomputation and storing of some points becomes necessary and therefore more memory is required. Probably the most famous method to speed up the Shamir method is the joint sparse form (JSF). The resulting representation has an average joint Hamming weight of 1/2 and it uses the digits 0, ±1. To compute a multi-scalar multiplication with the JSF, the precomputation of two points is required. While for two precomputed points both the Shamir and the Interleave method provide the same efficiency, until now the Interleave method is faster in any case where more points are precomputed. This paper extends the used digits of the JSF in a natural way, namely we use the digits 0, ±1, ±3 which results in the necessity to precompute ten points. We will prove that using the proposed scheme, the average joint Hamming density is reduced to 239/661 ≈ 0.3615. Hence, a multi-scalar multiplication can be computed more than 10% faster, compared to the JSF. Further, our scheme is superior to all known methods using ten precomputed points and is therefore the first method to improve the Shamir method such that it is faster than the Interleave method. Another advantage of the new representation is, that it is generated starting at the most significant bit. More specific, we need to store only up to 5 joint bits of the new representation at a time. Compared to representations which are generated starting at the least significant bit, where we have to store the whole representation, this yields a significant saving of memory.

Original languageEnglish
Title of host publicationSecurity and Privacy in Ad-hoc and Sensor Networks - Second European Workshop, ESAS 2005, Revised Selected Papers
Pages189-204
Number of pages16
DOIs
Publication statusPublished - Dec 1 2005
EventSecond European Workshop on Security and Privacy in Ad-hoc and Sensor Networks, ESAS 2005 - Visegrad, Hungary
Duration: Jul 13 2005Jul 14 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3813 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

OtherSecond European Workshop on Security and Privacy in Ad-hoc and Sensor Networks, ESAS 2005
CountryHungary
CityVisegrad
Period7/13/057/14/05

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Dahmen, E., Okeya, K., & Takagi, T. (2005). An advanced method for joint scalar multiplications on memory constraint devices. In Security and Privacy in Ad-hoc and Sensor Networks - Second European Workshop, ESAS 2005, Revised Selected Papers (pp. 189-204). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3813 LNCS). https://doi.org/10.1007/11601494_16