Abstract | ||
---|---|---|
We describe an implementation of fast elliptic curve scalar multiplication, optimized for Diffie-Hellman Key Exchange at the 128-bit security level. The algorithms are compact (using only x-coordinates), run in constant time with uniform execution patterns, and do not distinguish between the curve and its quadratic twist; they thus have a built-in measure of side-channel resistance. (For comparison, we also implement two faster but non-constant-time algorithms.) The core of our construction is a suite of two-dimensional differential addition chains driven by efficient endomorphism decompositions, built on curves selected from a family of Q-curve reductions over F-p2 with p = 2(127) - 1. We include state-of-the-art experimental results for twist-secure, constant-time, x-coordinate-only scalar multiplication. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1007/978-3-642-55220-5_11 | ADVANCES IN CRYPTOLOGY - EUROCRYPT 2014 |
Keywords | DocType | Volume |
Elliptic curve cryptography,scalar multiplication,twist-secure,side channel attacks,endomorphism,Kummer variety,addition chains,Montgomery curve | Conference | 8441 |
ISSN | Citations | PageRank |
0302-9743 | 10 | 0.55 |
References | Authors | |
24 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Craig Costello | 1 | 10 | 0.55 |
Hüseyin Hisil | 2 | 19 | 1.83 |
Benjamin Smith | 3 | 30 | 5.54 |