Cryptology ePrint Archive: Report 2014/526
Curve41417: Karatsuba revisited
Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange
Abstract: This paper introduces constant-time ARM Cortex-A8 ECDH software that
(1) is faster than the fastest ECDH option in the latest version of OpenSSL but
(2) achieves a security level above 2^200 using a prime above 2^400.
For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80.
The new speeds are achieved in a quite different way
from typical prime-field ECC software:
they rely on a synergy between Karatsuba's method
and choices of radix smaller than the CPU word size.
Category / Keywords: performance, Karatsuba, refined Karatsuba, reduced refined Karatsuba, radix choices, vectorization, Edwards curves, Curve41417
Original Publication (with minor differences): IACR-CHES-2014
Date: received 6 Jul 2014, last revised 6 Jul 2014
Contact author: tanja at hyperelliptic org
Available format(s): PDF | BibTeX Citation
Version: 20140707:064349 (All versions of this report)
Short URL: ia.cr/2014/526
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]