Cryptology ePrint Archive: Report 2017/212

Montgomery curves and their arithmetic: The case of large characteristic fields

Craig Costello and Benjamin Smith

Abstract: Three decades ago, Montgomery introduced a new elliptic curve model for use in Lenstra's ECM factorization algorithm. Since then, his curves and the algorithms associated with them have become foundational in the implementation of elliptic curve cryptosystems. This article surveys the theory and cryptographic applications of Montgomery curves over non-binary finite fields, including Montgomery's x-only arithmetic and Ladder algorithm, x-only Diffie--Hellman, y-coordinate recovery, and 2-dimensional and Euclidean differential addition chains such as Montgomery's PRAC algorithm.

Category / Keywords: Montgomery curve, Montgomery ladder, elliptic curve cryptography, scalar multiplication

Original Publication (in the same form): Journal of Cryptographic Engineering

Date: received 27 Feb 2017, last revised 14 Nov 2017

Contact author: craigco at microsoft com; smith@lix polytechnique fr

Available format(s): PDF | BibTeX Citation

Version: 20171114:085339 (All versions of this report)

Short URL: ia.cr/2017/212

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]