Yier Jin,Haibin Shen

DOI: https://doi.org/10.1109/icsict.2006.306633

2006-01-01

Abstract:A new unbalanced exponent modular reduction over GF(2m) is proposed. The algorithm can achieve high efficiency when computing on a certain class of fields generated by f(x) = xm + T(x) where deg[T(x)] Lt C m. The algorithm is applied in modular multiplication on the basis of scalable polynomial basis(SPB) to form scalable modular multiplication. Most of irreducible polynomials used in elliptic curve cryptography(ECC) fulfil the characteristic mentioned above well. So the scalable algorithm is implemented in ECC computation with high flexibility and efficiency both in theoretic calculation and application

DOI: https://doi.org/10.1007/s13389-024-00353-5

2024-05-14

Journal of Cryptographic Engineering

Abstract:A one-third century ago, as a means to speed up the elliptic curve method (ECM) for integer factoring, Montgomery suggested using a special elliptic curve form over prime fields and developed an addition chain to compute scalar multiplication on them, which nowadays are famous as Montgomery curves and Montgomery ladder. Kim et al. (http://eprint.iacr.org/2017/669. 2017) and Kim et al. (Adv Math Commun https://doi.org/10.3934/amc.2020090. 2020) found the Montgomery ladder very efficient on every short Weierstrass curve, leading to the most efficient regular scalar multiplication algorithms, which was further improved by Hamburg (https://ches.2017.rump.cr.yp.to/. 2020) and Hamburg (http://eprint.iacr.org/2020/437. 2020). However, the efficiency of the Montgomery ladder in general Montgomery curves remained not improved at all since firstly presented by Montgomery. This paper addresses the long-standing Elliptic Curve Cryptography (ECC) problem. The topic of this article is considered one of the topics that have attracted much attention from the cryptographic community following the launch of a multi-year project called "Post-Quantum Cryptography Standardization" by the National Institute of Standards and Technology (NIST) and also thanks partly to featuring one of the smallest keys of any algorithm known in the literature that is conjectured to be quantum resistant. To the best of our knowledge, this article provides, for the first time after Peter L. Montgomery's, an improvement of arithmetic in general Montgomery curves, including point doubling and differential addition, which are the most fundamental operations in the context of ECC and supersingular isogeny-based primitives such as Supersingular Isogeny Diffie–Hellman (SIDH) or Supersingular Isogeny Key Encapsulation (SIKE), as well as ECM.

computer science, theory & methods

Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

WANG Qin-qin,CHEN Xiang-ning

DOI: https://doi.org/10.3969/j.issn.1673-629x.2007.06.043

2007-01-01

Abstract:Montgomery algorithm is a fast modular multiplication algorithm and is widely used in the base operation of public-key cryptography algorithms such as RSA and ElGamal.Firstly,the algorithm of RSA and Montgomery are simply introduced and analyzed.Method and calcutive steps of normal application of Montgomery algorithm in RSA are expatiated also.Algorithm in most conmmon use chooses parameter r to power of 2 and the base to 2.Via analyzing the method and calcutive steps of normal algorithm,discusses changing the numerical value of parameter r and the base and use the fast algorithm of Dusse in the meantime,to advance the calcutive velocity a lot.

LI Mingjiu,JI Xiaoyong,LIU Bianjian

DOI: https://doi.org/10.3969/j.issn.1671-1815.2006.12.011

2006-01-01

Abstract:Montgomery algorithm is a fast modular multiplication algorithm and has been widely used in the base operation of public-key cryptography algorithms such as RSA and ElGamal. The algorithm is analyzed deeply and deduced systematically in this paper. Then, two typical methods is realized and compared, and two other improvements is given.

白国强,黄谆,陈弘毅

DOI: https://doi.org/10.3321/j.issn:1000-0054.2003.04.033

2003-01-01

Abstract:The Montgomery method is a new method for the computation of the multi point arithmetic kP in elliptic curve cryptosystems. A new computational method based on the Montgomery method was developed to reduce the computations for kP+lQ in the verification process of the elliptic curve digital signature algorithm. The algorithm is a combination of two iteration procedures using the Montgomery method for computing both kP and lQ . The computation amount for kP+lQ decreases 25% compared with that for the traditional algorithm. The new algorithm will facilitate the implementation of elliptic curve cryptosystems.

Param Parekh,Paavan Parekh,Sourav Deb,Manish K Gupta

2023-10-18

Abstract:The development of secure cryptographic protocols and the subsequent attack mechanisms have been placed in the literature with the utmost curiosity. While sophisticated quantum attacks bring a concern to the classical cryptographic protocols present in the applications used in everyday life, the necessity of developing post-quantum protocols is felt primarily. In post-quantum cryptography, elliptic curve-base protocols are exciting to the researchers. While the comprehensive study of elliptic curves over finite fields is well known, the extended study over finite rings is still missing. In this work, we generalize the study of Weierstrass elliptic curves over finite ring $\mathbb{Z}_n$ through classification. Several expressions to compute critical factors in studying elliptic curves are conferred. An all-around computational classification on the Weierstrass elliptic curves over $\mathbb{Z}_n$ for rigorous understanding is also attached to this work.

Cryptography and Security,Information Theory,Algebraic Geometry,Number Theory

Yongyi Wu,Xiaoyang Zeng

DOI: https://doi.org/10.1109/iscas.2006.1692583

2006-01-01

Abstract:A new elliptic curve cryptography (ECC processor is proposed in this paper, which supports Galois fields GF(p) and GF(2n) arithmetic for arbitrary prime numbers and irreducible polynomials by introducing a dual-field unified algorithm and data-path. To speed up the scalar multiplication, OJW (optimal joint weight) form is used to convert the integers to optimal signed-binary form on the fly, which is especially useful for the verifying operation of elliptic curve digital signature algorithm. Also in this paper, Montgomery multiplication and modular division algorithm are unified to achieve high area-efficiency and carry-save redundant form of the intermediate results is preserved to reduce the critical path delay. At the same time, the EC arithmetic is executed in an anti-attack form ensuring the proposed design against side-channel power attacks efficiently

白国强,周涛,陈弘毅

DOI: https://doi.org/10.3321/j.issn:0372-2112.2002.11.018

2002-01-01

Abstract:The selection of secure elliptic curves and the scalar multiplications of elliptic curves are two important problems in the practice of efficiently implementing an elliptic curve cryptosystems.In this paper,we study those two problems jointly,give a class of secure elliptic curves mainly based on the computer words,describe a detailed process of how to selecting those curves,and present a new method,which is based on the idea of baby step giant step,of computing the scalar multiplication concerning those curves.With the new method,the amount of scalar multiplications based on those curves can be reduced greatly. Besides,when those curves are used,special representation method for the elements in the base field is no longer needed,and all the arithmetic in the field can be quickly accomplished.

Tian Wang,Xiaoxin Cui,Kai Liao,Nan Liao

DOI: https://doi.org/10.1109/icsict.2014.7021502

2014-01-01

Abstract:Montgomery algorithm is widely used in public-key cryptosystems. In this paper a new word-based Montgomery algorithm suitable for higher radices has been presented and a new modular multiplication block based on it has been designed. The latency between neighboring processing elements can be reduced to one clock period by deferring the calculation of several bits of each word to the next processing element. The radix 2, 4 and 8 modular multiplication block has been implemented with SMIC 0.13um technology and Xilinx Virtex II series FPGA. The proposed design with radix 2 and 4 achieves area reduction with almost the same performance in speed, compared to other designs of the same radix. And the radix-8 block gains at least 10% time reduction in completing a 1024-bit Montgomery multiplication.

Duo LIU,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2005.08.023

2005-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Elliptic curve cryptosystem is the focus of public cryptology nowadays, for it has many advantages which the RSA lacks. In this paper, a new elliptic curve scalar multiplication algorithm is proposed. The algorithm uses the Frobenius map on optimal extension field (OEF) and the logic operations of binary strings. Based on this algorithm, a new method of computing scalar multiplication of elliptic curve over an OEF is presented. The accurate analysis about it is given. The comparisons of traditional method and the new method are presented. The running time of new method is about 60%-80% of that of the traditional φ-adic scalar multiplication algorithms of elliptic curve over OEF.

Xiaoqiang Zhang,Guiliang Zhu,Weiping Wang,Mengmeng Wang

DOI: https://doi.org/10.1109/msna.2012.6324573

2012-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is a promising asymmetric cryptosystem. But its difficulty and complexity limit its extensive application in practice. A new design scheme of ECC is given, which can be divided into three layers, i.e., the big integer layer, point operation layer and application layer. The big integer layer is the basis of point operation layer. The point operation layer realizes the operations of point addition, point multiplication and so on. The application layer realizes the complete processes of ECC encryption and decryption, and affords a friendly interface for users. The design of every layer is performed in detail. Finally, ECC system is developed with Java language. The given instance verifies the design rationality and the program correctness.

Meng Zhang,Xuehong Chen,Maozhi Xu,Jie Wang

DOI: https://doi.org/10.1007/978-981-15-2777-7_5

2019-01-01

Abstract:Since Boneh and Franklin implemented the Identity Based Encryption in 2001, a number of novel schemes have been proposed based on bilinear pairings, which have been widely used in the scenario of blockchain. The elliptic curves with low embedding degree and large prime-order subgroup (a.k.a pairing-friendly elliptic curves) are the basic components for such schemes, where prime order elliptic curves are most frequently used in practice. In this paper, a systematic method is utilized to find all the possible prime order families, then it is shown that all the existing constructions can be explained via our method. We further give the evidence that it's unlikely to produce extra families.

Congming Wei,Jiazhe Chen,An Wang,Beibei Wang,Hongsong Shi,Xiaoyun Wang

DOI: https://doi.org/10.1049/iet-ifs.2018.5228

2020-01-01

IET Information Security

Abstract:This study revisits the side-channel security of the elliptic curve cryptography (ECC) scalar multiplication implemented with Montgomery ladder. Focusing on a specific implementation that does not use they-coordinate for point addition (ECADD) and point doubling (ECDBL), the authors show that Montgomery ladder on Weierstrass curves is vulnerable to a chosen base-point attack. Unlike the normal implementation withy-coordinate, in the scenario of this study, the chosen base-point strategy will not lead to operations with two same inputs during the ECADD and/or ECDBL. Instead, by choosing a suitable base-point, one will find that there are operations that share a common operand; while it is not the case if the base-point is not chosen correctly. This results in the recovery of the secret (fixed) scalar. They also experiment the methods of shared operand detection on a real-world SoC, where asecp256k1dedicated Montgomery ladder scalar multiplication withx-only coordinate is implemented, to show the efficiency of the scalar recovery attack. Naturally, the attack can be generalised to other Weierstrass curves when they contain special points.

Dmitrii Koshelev

DOI: https://doi.org/10.1007/s00145-024-09490-w

2024-02-28

Journal of Cryptology

Abstract:The present article provides a novel hash function to any elliptic curve of j -invariant over a finite field of large characteristic. The unique bottleneck of consists of extracting a square root in as well as for most hash functions. However, is designed in such a way that the root can be found by (Cipolla–Lehmer–)Müller's algorithm in constant time. Violation of this security condition is known to be the only obstacle to applying the given algorithm in the cryptographic context. When the field is highly 2-adic and , the new batching technique is the state-of-the-art hashing solution except for some sporadic curves. Indeed, Müller's algorithm costs multiplications in . In turn, original Tonelli–Shanks's square root algorithm and all of its subsequent modifications have the algebraic complexity , where is the 2-adicity of and a function . As an example, it is shown that Müller's algorithm actually needs several times fewer multiplications in the field (whose ) of the standardized curve NIST P-224.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

LI Ming-jiu,JI Xiao-yong,Liu Bian-jian

DOI: https://doi.org/10.3969/j.issn.1007-757x.2006.10.014

2006-01-01

Abstract:Montgomery algorithm is a fast modular multiplication algorithm and has been widely used in the basic operation of public key cryptography algorithms such as RSA and ElGamal. However, there're few papers focusing on it theoretically and systematically. The algorithm is analyzed deeply and deduced systematically in this paper. Based on ARM chip, Montgomery Algorithm is optimized so that it can enhance the implementation speed of modular multiplication in RSA algorithm.

WANG Long,BAI Guo-qiang

2008-01-01

Abstract:RSA and ECC are two prevailing public-key crypto-systems.In order to demonstrate the feasibility of using an RSA coprocessor to accelerate the ECC algorithm,we presented a new method for implementing modular inversion which is required by the ECC algorithm.The new method is based on the Montgomery multiplication algorithm and the Montgomery inversion algorithm.We proposed a modification to the Montgomery inversion algorithm and improved the RSA coprocessor.With regard to performance and hardware cost,the new method compares favorably with other methods for modular inversion.The new method is 2.2 times and 7.2 times faster than the implementations based on the extended Euclidean algorithm and those based on Fermat's little theorem,respectively.

Yibo Fan,Takeshi Ikenaga,Satoshi Goto

DOI: https://doi.org/10.1093/ietfec/e91-a.4.971

2008-01-01

Abstract:With the increase of key length used in public cryptographic algorithms such as RSA and ECC, the speed of Montgomery multiplication becomes a bottleneck. This paper proposes a high speed design of Montgomery multiplier. Firstly, a modified scalable high-radix Montgomery algorithm is proposed to reduce critical path. Secondly, a high-radix clock-saving dataflow is proposed to support high-radix operation and one clock cycle delay in dataflow. Finally, a hardware-reused architecture is proposed to reduce the hardware cost and a parallel radix-16 design of data path is proposed to accelerate the speed. By using HHNEC 0.25 μm standard cell library, the implementation results show that the total cost of Montgomery multiplier is 130 KGates, the clock frequency is 180 MHz and the throughput of 1024-bit RSA encryption is 352 kbps. This design is suitable to be used in high speed RSA or ECC encryption/decryption. As a scalable design, it supports any key-length encryption/decryption up to the size of on-chip memory.

Andrew C. Yao

2004-01-01

Abstract:The “x2 mod N” generator, also known as the BBS generator [2], has a strong theoretical foundation from the computational complexity theory and the number theory. Proofs were given that, under certain reasonable assumptions on which modern cryptography heavily relies, the BBS pseudo-random sequences would pass any feasible statistical test. Unfortunately, the algorithm was found to be too slow for computer simulation applications. In this article, we present a practical implementation of the “x2 mod N” generator. We show a variant of the Montgomery modular multiplication algorithm [21] tailored to the typical computer environment used for computer simulations. We observed an adequate level of performance for the “x2 mod N” generator to be seriously considered whenever an otherwise “good” pseudo-random generator casts a doubt about the results of a sensitive simulation.

Jintai Ding,Dieter Schmidt

DOI: https://doi.org/10.1007/978-1-0716-0987-3

2020-01-01

Abstract:Although RSA is a very successful public key cryptosystem, efforts are under way to find alternative systems, which are computationally more efficient, and which would remain secure even when a big enough quantum computer becomes operational. Multivariable polynomials over a finite field have been used to build new public key cryptosystems. Some of these constructions are not as secure as was claimed initially, but others are still viable. The paper gives on overview over this field and discusses the status of many systems, which have been proposed in the last 20 years.