Paper 2019/1304

Reduction Modulo $2^{448}-2^{224}-1$

Kaushik Nath and Palash Sarkar

Abstract

An elliptic curve known as Curve448 defined over the finite field $\mathbb{F}_p$, where $p=2^{448}-2^{224}-1$, has been proposed as part of the Transport Layer Security (TLS) protocol, version 1.3. Elements of $\mathbb{F}_p$ can be represented using 7 limbs where each limb is a 64-bit quantity. This paper describes efficient algorithms for reduction modulo $p$ that are required for performing field arithmetic in $\mathbb{F}_p$ using 7-limb representation. A key feature of our work is that we provide the relevant proofs of correctness of the algorithms. We also report efficient 64-bit assembly implementations for key generation and shared secret computation phases of the Diffie-Hellman key agreement protocol on Curve448. Timings results on the Haswell and Skylake processors demonstrate that the new 64-bit implementations for computing the shared secret are faster than the previously best known 64-bit implementations.

Note: Minor revision

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Curve448Goldilocks primemodulo reductionelliptic curve cryptographyDiffie-Hellman key agreement.
Contact author(s)
kaushikn_r @ isical ac in
palash @ isical ac in
History
2022-01-06: last of 3 revisions
2019-11-11: received
See all versions
Short URL
https://ia.cr/2019/1304
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/1304,
      author = {Kaushik Nath and Palash Sarkar},
      title = {Reduction Modulo $2^{448}-2^{224}-1$},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1304},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1304}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.