You are looking at a specific version 20191112:061154 of this paper. See the latest version.

Paper 2019/1304

Reduction Modulo $2^{448}-2^{224}-1$

Kaushik Nath and Palash Sarkar

Abstract

An elliptic curve known as Curve448 over the finite field $\mathbb{F}_p$, where $p=2^{448}-2^{224}-1$ has been proposed as part of the Transport Layer Security (TLS) protocol, version 1.3. Elements of $\mathbb{F}_p$ can be represented using 7 limbs where each limb is a 64-bit quantity. In this paper, we describe efficient algorithms for reduction modulo $p$ that are required for performing field arithmetic in $\mathbb{F}_p$. A key feature of our algorithms is that we provide the relevant proofs of correctness. Based on the proofs of correctness we point out the incompleteness of the reduction methods in the previously known fastest code for implementing arithmetic in $\mathbb{F}_p$.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Curve448Goldilocks primemodulo reductionelliptic curve cryptography.
Contact author(s)
kaushikn_r @ isical ac in,palash @ isical ac in
History
2022-01-06: last of 3 revisions
2019-11-11: received
See all versions
Short URL
https://ia.cr/2019/1304
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.