Paper 2013/158
Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and their Implementation on GLV-GLS Curves (Extended Version)
Armando Faz-Hernandez, Patrick Longa, and Ana H. Sanchez
Abstract
We propose efficient algorithms and formulas that improve the performance of side-channel protected elliptic curve computations with special focus on scalar multiplication exploiting the Gallant-Lambert-Vanstone (CRYPTO 2001) and Galbraith-Lin-Scott (EUROCRYPT 2009) methods. Firstly, by adapting Feng et al.'s recoding to the GLV setting, we derive new regular algorithms for variable-base scalar multiplication that offer protection against simple side-channel and timing attacks. Secondly, we propose an efficient, side-channel protected algorithm for fixed-base scalar multiplication which combines Feng et al.'s recoding with Lim-Lee's comb method. Thirdly, we propose an efficient technique that interleaves ARM and NEON-based multiprecision operations over an extension field to improve performance of GLS curves on modern ARM processors. Finally, we showcase the efficiency of the proposed techniques by implementing a state-of-the-art GLV-GLS curve in twisted Edwards form defined over GF(p^2), which supports a four dimensional decomposition of the scalar and is fully protected against timing attacks. Analysis and performance results are reported for modern x64 and ARM processors. For instance, we compute a variable-base scalar multiplication in 89,000 and 244,000 cycles on an Intel Ivy Bridge and an ARM Cortex-A15 processor (respect.); using a precomputed table of 6KB, we compute a fixed-base scalar multiplication in 49,000 and 116,000 cycles (respect.); and using a precomputed table of 3KB, we compute a double scalar multiplication in 115,000 and 285,000 cycles (respect.). The proposed techniques represent an important improvement of the state-of-the-art performance of elliptic curve computations, and allow us to set new speed records in several modern processors. The techniques also reduce the cost of adding protection against timing attacks in the computation of GLV-based variable-base scalar multiplication to below 10%.
Note: Extended version of CT-RSA 2014 paper.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Journal of Cryptographic Engineering
- DOI
- 10.1007/s13389-014-0085-7
- Keywords
- Elliptic curvesscalar multiplicationside-channel protectionGLV methodGLS methodGLV-GLS curvex64 processorARM processorNEON vector unit
- Contact author(s)
- plonga @ microsoft com
- History
- 2014-09-03: last of 6 revisions
- 2013-03-26: received
- See all versions
- Short URL
- https://ia.cr/2013/158
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/158, author = {Armando Faz-Hernandez and Patrick Longa and Ana H. Sanchez}, title = {Efficient and Secure Algorithms for {GLV}-Based Scalar Multiplication and their Implementation on {GLV}-{GLS} Curves (Extended Version)}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/158}, year = {2013}, doi = {10.1007/s13389-014-0085-7}, url = {https://eprint.iacr.org/2013/158} }