Paper 2019/1166
The complete cost of cofactor h=1
Abstract
This paper presents optimized software for constant-time variable-base scalar multiplication on prime-order Weierstraß curves using the complete addition and doubling formulas presented by Renes, Costello, and Batina in 2016. Our software targets three different microarchitectures: Intel Sandy Bridge, Intel Haswell, and ARM Cortex-M4. We use a 255-bit elliptic curve over
Note: The final authenticated version is available online at https://doi.org/10.1007/978-3-030-35423-7_19 CHANGELOG - Changed the citing style to splncs04, as requested by the INDOCRYPT editors. - Updated the cycle counts for AuCPake to better resemble our own benchmarks. - Textual fix (reported by Nicolas Braud-Santoni).
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Progress in Cryptology – INDOCRYPT 2019
- DOI
- 10.1007/978-3-030-35423-7_19
- Keywords
- Elliptic Curve Cryptography SIMD Curve25519 scalar multiplication prime-field arithmetic cofactor security
- Contact author(s)
-
peter @ cryptojedi org
amber @ electricdusk com - History
- 2022-12-16: last of 2 revisions
- 2019-10-08: received
- See all versions
- Short URL
- https://ia.cr/2019/1166
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1166,
author = {Peter Schwabe and Amber Sprenkels},
title = {The complete cost of cofactor h=1},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/1166},
year = {2019},
doi = {10.1007/978-3-030-35423-7_19},
url = {https://eprint.iacr.org/2019/1166}
}
