Cryptology ePrint Archive: Report 2014/526

Curve41417: Karatsuba revisited

Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange

Abstract: This paper introduces constant-time ARM Cortex-A8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2^200 using a prime above 2^400. For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80. The new speeds are achieved in a quite different way from typical prime-field ECC software: they rely on a synergy between Karatsuba's method and choices of radix smaller than the CPU word size.

Category / Keywords: performance, Karatsuba, refined Karatsuba, reduced refined Karatsuba, radix choices, vectorization, Edwards curves, Curve41417

Original Publication (with minor differences): IACR-CHES-2014

Date: received 6 Jul 2014, last revised 6 Jul 2014

Contact author: tanja at hyperelliptic org

Available format(s): PDF | BibTeX Citation

Version: 20140707:064349 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]