Paper 2022/748

2DT-GLS: Faster and exception-free scalar multiplication in the GLS254 binary curve

Marius A. Aardal, Aarhus University
Diego F. Aranha, Aarhus University
Abstract

We revisit and improve performance of arithmetic in the binary GLS254 curve by introducing the 2DT-GLS scalar multiplication algorithm. The algorithm includes theoretical and practice-oriented contributions of potential independent interest: (i) for the first time, a proof that the GLS scalar multiplication algorithm does not incur exceptions, such that faster incomplete formulas can be used; (ii) faster dedicated atomic formulas that alleviate the cost of precomputation; (iii) a table compression technique that reduces the storage needed for precomputed points; (iv) a refined constant-time scalar decomposition algorithm that is more robust to rounding. We also present the first GLS254 implementation for Armv8. With our contributions, we set new speed records for constant-time scalar multiplication by $34.5\%$ and $6\%$ on 64-bit Arm and Intel platforms, respectively.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. SAC 2022
Keywords
ECC binary elliptic curves software implementation GLS254
Contact author(s)
maardal @ cs au dk
dfaranha @ cs au dk
History
2022-10-01: last of 4 revisions
2022-06-13: received
See all versions
Short URL
https://ia.cr/2022/748
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/748,
      author = {Marius A. Aardal and Diego F. Aranha},
      title = {2DT-GLS: Faster and exception-free scalar multiplication in the GLS254 binary curve},
      howpublished = {Cryptology ePrint Archive, Paper 2022/748},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/748}},
      url = {https://eprint.iacr.org/2022/748}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.