Cryptology ePrint Archive: Report 2015/977

Faster point scalar multiplication on NIST elliptic curves over GF(p) using (twisted) Edwards curves over GF(pł)

Michał Wroński

Abstract: In this paper we present a new method for fast scalar multiplication on elliptic curves over GF(p) in FPGA using Edwards and twisted Edwards curves over GF(pł). The presented solution works for curves with prime group order (for example for all NIST curves over GF(p)). It is possible because of using 2-isogenous twisted Edwards curves over GF(pł) instead of using short Weierstrass curves over GF(p) for point scalar multiplication. This problem was considered by Verneuil in [1], but in software solutions it is useless, because multiplication in GF(pł) is much harder than multiplication in GF(p). Fortunately in hardware solutions it is possible to make in FPGA fast multiplication in GF(pł) using parallel computations. Single multiplication in GF(pł) is still a little bit slower than in GF(p) but operations on twisted Edwards curves require less multiplications than operations on short Weierstrass curves. Using these observations results in that scalar multiplication on twisted Edwards curve may be in some situations shorter than scalar multiplication on short Weierstrass curve up to 26%. Moreover, in Edwards and twisted Edwards curves arithmetic it is possible to use unified formula (the same formula for points addition and point doubling) which protects us against some kinds of side channel attacks. We also present full coprocessor for fast scalar multiplication in FPGA using described techniques.

Category / Keywords: implementation / Edwards curves. Twisted Edwards curves. Finite Fields. Point scalar multiplication.

Date: received 9 Oct 2015

Contact author: mwronski at wat edu pl

Available format(s): PDF | BibTeX Citation

Version: 20151012:210132 (All versions of this report)

Short URL: ia.cr/2015/977

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]