**Signed Binary Representations Revisited**

*Katsuyuki Okeya and Katja Schmidt-Samoa and Christian Spahn and Tsuyoshi Takagi*

**Abstract: **The most common method for computing exponentiation of random elements
in Abelian groups are sliding window schemes, which enhance the
efficiency of the binary method at the expense of some precomputation.
In groups where inversion is easy (e.g. elliptic curves), signed
representations of the exponent are meaningful because they decrease
the amount of required precomputation. The asymptotic best signed method is wNAF, because it minimizes the precomputation effort
whilst the non-zero density is nearly optimal. Unfortunately,
wNAF can be computed only from the least significant bit,
i.e. right-to-left. However, in connection with memory constraint devices left-to-right recoding schemes are by far more valuable.

In this paper we define the MOF (Mutual Opposite Form), a new canonical representation of signed binary strings, which can be computed in any order. Therefore we obtain the first left-to-right signed exponent-recoding scheme for general width w by applying the width w sliding window conversion on MOF left-to-right. Moreover, the analogue right-to-left conversion on MOF yields wNAF, which indicates that the new class is the natural left-to-right analogue to the useful wNAF. Indeed, the new class inherits the outstanding properties of wNAF, namely the required precomputation and the achieved non-zero density are exactly the same.

**Category / Keywords: **foundations / addition-subtraction chains, scalar multiplication, exponentiation, signed binary, elliptic curve cryptosystem,

**Publication Info: **Paper without appendix is published in the proceedings of Crypto 2004

**Date: **received 11 Aug 2004

**Contact author: **samoa at informatik tu-darmstadt de

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

**Version: **20040812:045802 (All versions of this report)

**Short URL: **ia.cr/2004/195

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]