Use of montgomery trick in precomputation of multi-scalar multiplication in elliptic curve cryptosystems

Katsuyuki Okeya, Kouichi Sakurai

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

We develop efficient precomputation methods of multi-scalar multiplication on ECC. We should recall that multi-scalar multiplication is required in some elliptic curve cryptosystems including the signature verification of ECDSA signature scheme. One of the known fast computation methods of multi-scalar multiplication is a simultaneous method. A simultaneous method consists of two stages; precomputation stage and evaluation stage. Precomputation stage computes points of precomputation, which are used at evaluation stage. Evaluation stage computes multi-scalar multiplication using precomputed points. In the evaluation stage of simultaneous methods, we can compute the multi-scalar multiplied point quickly because the number of additions is small. However, if we take a large window width, we have to compute an enormous number of points in precomputation stage. Hence, we have to compute an abundance of inversions, which have large computational amount. As a result, precomputation stage requires much time, as well known. Our proposed method reduces from O(22w) inversions to O(w) inversions for a window width w, using Montgomery trick. In addition, our proposed method computes uP and vQ first, then compute uP + vQ, where P, Q are elliptic points. This procedure enables us to remove unused points of precomputation. Compared with the method without Montgomery trick, our proposed method is 3.6 times faster in the case of the precomputation stage for simultaneous sliding window NAF method with window width w = 3 and 160-bit scalars under the assumption that I/M = 30, S/M = 0.8, where I, M, S respectively denote computational amounts of inversion, multiplication and squaring on a finite field.

Original languageEnglish
Pages (from-to)98-112
Number of pages15
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE86-A
Issue number1
Publication statusPublished - Jan 1 2003

Fingerprint

Elliptic Curve Cryptosystem
Scalar multiplication
Cryptography
Simultaneous Methods
Inversion
Evaluation
Scalar
Signature Verification
Sliding Window
Signature Scheme
Galois field
Multiplication
Denote

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics

Cite this

@article{95f729d6d39a431b8ed6f44d77f315d3,
title = "Use of montgomery trick in precomputation of multi-scalar multiplication in elliptic curve cryptosystems",
abstract = "We develop efficient precomputation methods of multi-scalar multiplication on ECC. We should recall that multi-scalar multiplication is required in some elliptic curve cryptosystems including the signature verification of ECDSA signature scheme. One of the known fast computation methods of multi-scalar multiplication is a simultaneous method. A simultaneous method consists of two stages; precomputation stage and evaluation stage. Precomputation stage computes points of precomputation, which are used at evaluation stage. Evaluation stage computes multi-scalar multiplication using precomputed points. In the evaluation stage of simultaneous methods, we can compute the multi-scalar multiplied point quickly because the number of additions is small. However, if we take a large window width, we have to compute an enormous number of points in precomputation stage. Hence, we have to compute an abundance of inversions, which have large computational amount. As a result, precomputation stage requires much time, as well known. Our proposed method reduces from O(22w) inversions to O(w) inversions for a window width w, using Montgomery trick. In addition, our proposed method computes uP and vQ first, then compute uP + vQ, where P, Q are elliptic points. This procedure enables us to remove unused points of precomputation. Compared with the method without Montgomery trick, our proposed method is 3.6 times faster in the case of the precomputation stage for simultaneous sliding window NAF method with window width w = 3 and 160-bit scalars under the assumption that I/M = 30, S/M = 0.8, where I, M, S respectively denote computational amounts of inversion, multiplication and squaring on a finite field.",
author = "Katsuyuki Okeya and Kouichi Sakurai",
year = "2003",
month = "1",
day = "1",
language = "English",
volume = "E86-A",
pages = "98--112",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "1",

}

TY - JOUR

T1 - Use of montgomery trick in precomputation of multi-scalar multiplication in elliptic curve cryptosystems

AU - Okeya, Katsuyuki

AU - Sakurai, Kouichi

PY - 2003/1/1

Y1 - 2003/1/1

N2 - We develop efficient precomputation methods of multi-scalar multiplication on ECC. We should recall that multi-scalar multiplication is required in some elliptic curve cryptosystems including the signature verification of ECDSA signature scheme. One of the known fast computation methods of multi-scalar multiplication is a simultaneous method. A simultaneous method consists of two stages; precomputation stage and evaluation stage. Precomputation stage computes points of precomputation, which are used at evaluation stage. Evaluation stage computes multi-scalar multiplication using precomputed points. In the evaluation stage of simultaneous methods, we can compute the multi-scalar multiplied point quickly because the number of additions is small. However, if we take a large window width, we have to compute an enormous number of points in precomputation stage. Hence, we have to compute an abundance of inversions, which have large computational amount. As a result, precomputation stage requires much time, as well known. Our proposed method reduces from O(22w) inversions to O(w) inversions for a window width w, using Montgomery trick. In addition, our proposed method computes uP and vQ first, then compute uP + vQ, where P, Q are elliptic points. This procedure enables us to remove unused points of precomputation. Compared with the method without Montgomery trick, our proposed method is 3.6 times faster in the case of the precomputation stage for simultaneous sliding window NAF method with window width w = 3 and 160-bit scalars under the assumption that I/M = 30, S/M = 0.8, where I, M, S respectively denote computational amounts of inversion, multiplication and squaring on a finite field.

AB - We develop efficient precomputation methods of multi-scalar multiplication on ECC. We should recall that multi-scalar multiplication is required in some elliptic curve cryptosystems including the signature verification of ECDSA signature scheme. One of the known fast computation methods of multi-scalar multiplication is a simultaneous method. A simultaneous method consists of two stages; precomputation stage and evaluation stage. Precomputation stage computes points of precomputation, which are used at evaluation stage. Evaluation stage computes multi-scalar multiplication using precomputed points. In the evaluation stage of simultaneous methods, we can compute the multi-scalar multiplied point quickly because the number of additions is small. However, if we take a large window width, we have to compute an enormous number of points in precomputation stage. Hence, we have to compute an abundance of inversions, which have large computational amount. As a result, precomputation stage requires much time, as well known. Our proposed method reduces from O(22w) inversions to O(w) inversions for a window width w, using Montgomery trick. In addition, our proposed method computes uP and vQ first, then compute uP + vQ, where P, Q are elliptic points. This procedure enables us to remove unused points of precomputation. Compared with the method without Montgomery trick, our proposed method is 3.6 times faster in the case of the precomputation stage for simultaneous sliding window NAF method with window width w = 3 and 160-bit scalars under the assumption that I/M = 30, S/M = 0.8, where I, M, S respectively denote computational amounts of inversion, multiplication and squaring on a finite field.

UR - http://www.scopus.com/inward/record.url?scp=0042477603&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0042477603&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:0042477603

VL - E86-A

SP - 98

EP - 112

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -