Paper 2013/692
Faster Compact Diffie-Hellman: Endomorphisms on the x-line
Craig Costello and Huseyin Hisil and Benjamin Smith
Abstract
We describe an implementation of fast elliptic curve scalar multiplication, optimized for Diffie–Hellman Key Exchange at the 128-bit security level. The algorithms are compact (using only x-coordinates), run in constant time with uniform execution patterns, and do not distinguish between the curve and its quadratic twist; they thus have a built-in measure of side- channel resistance. The core of our construction is a suite of two-dimensional differential addition chains driven by efficient endomorphism decompositions, built on curves selected from a family of Q-curve reductions over F_{p^2} with p = 2^{127}-1. We include state-of-the-art experimental results for twist-secure, constant-time, x-coordinate-only scalar multiplication.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Elliptic curve cryptographyscalar multiplicationtwist-secureside channel attacksendomorphismKummer varietyaddition chainsMontgomery curve
- Contact author(s)
- craigco @ microsoft com
- History
- 2014-03-19: last of 3 revisions
- 2013-10-28: received
- See all versions
- Short URL
- https://ia.cr/2013/692
- License
-
CC BY