Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic

Keisuke Hakuta, Hisayoshi Sato, Tsuyoshi Takagi

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, the non-adjacent form (NAF) and its generalizations (e.g., the generalized non-adjacent form (GNAF) and the radix-r nonadjacent form (rNAF)) have been proposed for minimizing the non-zero densities in the representations of the scalars. On the other hand, for subfield elliptic curves, the Frobenius expansions of the scalars can be used for improving efficiency. Unfortunately, there are only a few methods apply the techniques of NAF or its analogue to the Frobenius expansion, namely -adic NAF techniques on Koblitz curves and hyperelliptic Koblitz curves. In this paper, we try to combine these techniques, namely recoding methods for reducing non-zero density and the Frobenius expansion, and propose two new efficient recoding methods of scalars on more general family of subfield elliptic curves in odd characteristic. We also prove that the non-zero densities for the new methods are same as those for the original GNAF and rNAF. We estimate scalar multiplication costs on the above subfield elliptic curves in terms of elliptic curve operations and finite field operations for several previous methods and the proposed methods. In addition, we implement scalar multiplication on an subfield elliptic curve belonging to the above family, for the previous methods and a proposed method. As a result, our estimation and implementation show that the speed of the proposed methods improve between 8% and 50% over that for the Frobenius expansion method.

Original languageEnglish
Pages (from-to)199-238
Number of pages40
JournalJournal of Mathematical Cryptology
Volume4
Issue number3
DOIs
Publication statusPublished - Dec 1 2010

Fingerprint

Subfield
Elliptic Curves
Galois field
Odd
Frobenius
Scalar multiplication
Scalar
Cryptography
Elliptic Curve Cryptosystem
Costs
Curve
Hyperelliptic Curves
Form
Analogue

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Computational Mathematics
  • Applied Mathematics

Cite this

Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic. / Hakuta, Keisuke; Sato, Hisayoshi; Takagi, Tsuyoshi.

In: Journal of Mathematical Cryptology, Vol. 4, No. 3, 01.12.2010, p. 199-238.

Research output: Contribution to journalArticle

Hakuta, Keisuke ; Sato, Hisayoshi ; Takagi, Tsuyoshi. / Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic. In: Journal of Mathematical Cryptology. 2010 ; Vol. 4, No. 3. pp. 199-238.
@article{0e9d8778a0cf4c9db25bfb8b427c4123,
title = "Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic",
abstract = "In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, the non-adjacent form (NAF) and its generalizations (e.g., the generalized non-adjacent form (GNAF) and the radix-r nonadjacent form (rNAF)) have been proposed for minimizing the non-zero densities in the representations of the scalars. On the other hand, for subfield elliptic curves, the Frobenius expansions of the scalars can be used for improving efficiency. Unfortunately, there are only a few methods apply the techniques of NAF or its analogue to the Frobenius expansion, namely -adic NAF techniques on Koblitz curves and hyperelliptic Koblitz curves. In this paper, we try to combine these techniques, namely recoding methods for reducing non-zero density and the Frobenius expansion, and propose two new efficient recoding methods of scalars on more general family of subfield elliptic curves in odd characteristic. We also prove that the non-zero densities for the new methods are same as those for the original GNAF and rNAF. We estimate scalar multiplication costs on the above subfield elliptic curves in terms of elliptic curve operations and finite field operations for several previous methods and the proposed methods. In addition, we implement scalar multiplication on an subfield elliptic curve belonging to the above family, for the previous methods and a proposed method. As a result, our estimation and implementation show that the speed of the proposed methods improve between 8{\%} and 50{\%} over that for the Frobenius expansion method.",
author = "Keisuke Hakuta and Hisayoshi Sato and Tsuyoshi Takagi",
year = "2010",
month = "12",
day = "1",
doi = "10.1515/JMC.2010.009",
language = "English",
volume = "4",
pages = "199--238",
journal = "Journal of Mathematical Cryptology",
issn = "1862-2976",
publisher = "Walter de Gruyter GmbH & Co. KG",
number = "3",

}

TY - JOUR

T1 - Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic

AU - Hakuta, Keisuke

AU - Sato, Hisayoshi

AU - Takagi, Tsuyoshi

PY - 2010/12/1

Y1 - 2010/12/1

N2 - In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, the non-adjacent form (NAF) and its generalizations (e.g., the generalized non-adjacent form (GNAF) and the radix-r nonadjacent form (rNAF)) have been proposed for minimizing the non-zero densities in the representations of the scalars. On the other hand, for subfield elliptic curves, the Frobenius expansions of the scalars can be used for improving efficiency. Unfortunately, there are only a few methods apply the techniques of NAF or its analogue to the Frobenius expansion, namely -adic NAF techniques on Koblitz curves and hyperelliptic Koblitz curves. In this paper, we try to combine these techniques, namely recoding methods for reducing non-zero density and the Frobenius expansion, and propose two new efficient recoding methods of scalars on more general family of subfield elliptic curves in odd characteristic. We also prove that the non-zero densities for the new methods are same as those for the original GNAF and rNAF. We estimate scalar multiplication costs on the above subfield elliptic curves in terms of elliptic curve operations and finite field operations for several previous methods and the proposed methods. In addition, we implement scalar multiplication on an subfield elliptic curve belonging to the above family, for the previous methods and a proposed method. As a result, our estimation and implementation show that the speed of the proposed methods improve between 8% and 50% over that for the Frobenius expansion method.

AB - In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, the non-adjacent form (NAF) and its generalizations (e.g., the generalized non-adjacent form (GNAF) and the radix-r nonadjacent form (rNAF)) have been proposed for minimizing the non-zero densities in the representations of the scalars. On the other hand, for subfield elliptic curves, the Frobenius expansions of the scalars can be used for improving efficiency. Unfortunately, there are only a few methods apply the techniques of NAF or its analogue to the Frobenius expansion, namely -adic NAF techniques on Koblitz curves and hyperelliptic Koblitz curves. In this paper, we try to combine these techniques, namely recoding methods for reducing non-zero density and the Frobenius expansion, and propose two new efficient recoding methods of scalars on more general family of subfield elliptic curves in odd characteristic. We also prove that the non-zero densities for the new methods are same as those for the original GNAF and rNAF. We estimate scalar multiplication costs on the above subfield elliptic curves in terms of elliptic curve operations and finite field operations for several previous methods and the proposed methods. In addition, we implement scalar multiplication on an subfield elliptic curve belonging to the above family, for the previous methods and a proposed method. As a result, our estimation and implementation show that the speed of the proposed methods improve between 8% and 50% over that for the Frobenius expansion method.

UR - http://www.scopus.com/inward/record.url?scp=84858687147&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84858687147&partnerID=8YFLogxK

U2 - 10.1515/JMC.2010.009

DO - 10.1515/JMC.2010.009

M3 - Article

AN - SCOPUS:84858687147

VL - 4

SP - 199

EP - 238

JO - Journal of Mathematical Cryptology

JF - Journal of Mathematical Cryptology

SN - 1862-2976

IS - 3

ER -