Paper 2014/526

Curve41417: Karatsuba revisited

Daniel J. Bernstein, Chitchanok Chuengsatiansup, and Tanja Lange

Abstract

This paper introduces constant-time ARM Cortex-A8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2^200 using a prime above 2^400. For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80. The new speeds are achieved in a quite different way from typical prime-field ECC software: they rely on a synergy between Karatsuba's method and choices of radix smaller than the CPU word size.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in Ches 2014
Keywords
performanceKaratsubarefined Karatsubareduced refined Karatsubaradix choicesvectorizationEdwards curvesCurve41417
Contact author(s)
tanja @ hyperelliptic org
History
2014-07-07: received
Short URL
https://ia.cr/2014/526
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/526,
      author = {Daniel J.  Bernstein and Chitchanok Chuengsatiansup and Tanja Lange},
      title = {Curve41417: Karatsuba revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2014/526},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/526}},
      url = {https://eprint.iacr.org/2014/526}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.