Paper 2017/293

Montgomery curves and the Montgomery ladder

Daniel J. Bernstein and Tanja Lange

Abstract

The Montgomery ladder is a remarkably simple method of computing scalar multiples of points on a broad class of elliptic curves. This article surveys a wide range of topics related to the Montgomery ladder, both from the historical perspective of Weierstrass curves and from the modern perspective of Edwards curves. New material includes a full proof of a complete constant-time ladder algorithm suitable for cryptographic applications.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. "Topics in Computational Number Theory inspired by Peter L. Montgomery", edited by Joppe W. Bos and Arjen K. Lenstra, to appear
Keywords
Montgomery curvesMontgomery ladderEdwards curves
Contact author(s)
authorcontact-montladder @ box cr yp to
History
2017-04-03: received
Short URL
https://ia.cr/2017/293
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/293,
      author = {Daniel J.  Bernstein and Tanja Lange},
      title = {Montgomery curves and the Montgomery ladder},
      howpublished = {Cryptology ePrint Archive, Paper 2017/293},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/293}},
      url = {https://eprint.iacr.org/2017/293}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.