Cryptology ePrint Archive: Report 2013/131

Two is the fastest prime: lambda coordinates for binary elliptic curves

Thomaz Oliveira and Julio López and Diego F. Aranha and Francisco Rodríguez-Henríquez

Abstract: In this work, we present new arithmetic formulas for a projective version of the affine point representation $(x,x+y/x),$ for $x\ne 0,$ which leads to an efficient computation of the scalar multiplication operation over binary elliptic curves.A software implementation of our formulas applied to a binary Galbraith-Lin-Scott elliptic curve defined over the field $\mathbb{F}_{2^{254}}$ allows us to achieve speed records for protected/unprotected single/multi-core random-point elliptic curve scalar multiplication at the 127-bit security level. When executed on a Sandy Bridge 3.4GHz Intel Xeon processor, our software is able to compute a single/multi-core unprotected scalar multiplication in $69,500$ and $47,900$ clock cycles, respectively; and a protected single-core scalar multiplication in $114,800$ cycles. These numbers are improved by around 2\% and 46\% on the newer Ivy Bridge and Haswell platforms, respectively, achieving in the latter a protected random-point scalar multiplication in 60,000 clock cycles.

Category / Keywords: elliptic curve cryptography, GLS curves, scalar multiplication

Original Publication (in the same form): Journal of Cryptographic Engineering
DOI: 10.1007/s13389-013-0064-4

Date: received 5 Mar 2013, last revised 30 Jan 2014

Contact author: francisco at cs cinvestav mx

Available format(s): PDF | BibTeX Citation

Note: Extended version of CHES 2013 to appear in JCEN.

Version: 20140131:014434 (All versions of this report)

Short URL: ia.cr/2013/131

Discussion forum: Show discussion | Start new discussion