Paper 2013/131

Two is the fastest prime: lambda coordinates for binary elliptic curves

Thomaz Oliveira, Julio López, Diego F. Aranha, and Francisco Rodríguez-Henríquez

Abstract

In this work, we present new arithmetic formulas for a projective version of the affine point representation $(x,x+y/x),$ for $x\ne 0,$ which leads to an efficient computation of the scalar multiplication operation over binary elliptic curves.A software implementation of our formulas applied to a binary Galbraith-Lin-Scott elliptic curve defined over the field ${\mathbb{F}}_{2^{254}}$ allows us to achieve speed records for protected/unprotected single/multi-core random-point elliptic curve scalar multiplication at the 127-bit security level. When executed on a Sandy Bridge 3.4GHz Intel Xeon processor, our software is able to compute a single/multi-core unprotected scalar multiplication in $69,500$ and $47,900$ clock cycles, respectively; and a protected single-core scalar multiplication in $114,800$ cycles. These numbers are improved by around 2\% and 46\% on the newer Ivy Bridge and Haswell platforms, respectively, achieving in the latter a protected random-point scalar multiplication in 60,000 clock cycles.

Note: Extended version of CHES 2013 to appear in JCEN.