Paper 2017/212

Montgomery curves and their arithmetic: The case of large characteristic fields

Craig Costello and Benjamin Smith

Abstract

Three decades ago, Montgomery introduced a new elliptic curve model for use in Lenstra's ECM factorization algorithm. Since then, his curves and the algorithms associated with them have become foundational in the implementation of elliptic curve cryptosystems. This article surveys the theory and cryptographic applications of Montgomery curves over non-binary finite fields, including Montgomery's x-only arithmetic and Ladder algorithm, x-only Diffie--Hellman, y-coordinate recovery, and 2-dimensional and Euclidean differential addition chains such as Montgomery's PRAC algorithm.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Journal of Cryptographic Engineering
Keywords
Montgomery curveMontgomery ladderelliptic curve cryptographyscalar multiplication
Contact author(s)
craigco @ microsoft com
smith @ lix polytechnique fr
History
2017-11-14: revised
2017-03-02: received
See all versions
Short URL
https://ia.cr/2017/212
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/212,
      author = {Craig Costello and Benjamin Smith},
      title = {Montgomery curves and their arithmetic: The case of large characteristic fields},
      howpublished = {Cryptology ePrint Archive, Paper 2017/212},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/212}},
      url = {https://eprint.iacr.org/2017/212}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.