Cryptology ePrint Archive: Report 2017/293

Montgomery curves and the Montgomery ladder

Daniel J. Bernstein and Tanja Lange

Abstract: The Montgomery ladder is a remarkably simple method of computing scalar multiples of points on a broad class of elliptic curves. This article surveys a wide range of topics related to the Montgomery ladder, both from the historical perspective of Weierstrass curves and from the modern perspective of Edwards curves. New material includes a full proof of a complete constant-time ladder algorithm suitable for cryptographic applications.

Category / Keywords: public-key cryptography / Montgomery curves, Montgomery ladder, Edwards curves

Original Publication (with minor differences): "Topics in Computational Number Theory inspired by Peter L. Montgomery", edited by Joppe W. Bos and Arjen K. Lenstra, to appear

Date: received 30 Mar 2017

Contact author: authorcontact-montladder at box cr yp to

Available format(s): PDF | BibTeX Citation

Version: 20170403:154422 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]