Software Implementation of Binary Elliptic Curves: Impact of the Carry-Less Multiplier on Scalar Multiplication

Taverne, Jonathan; Faz-Hernández, Armando; Aranha, Diego F.; Rodríguez-Henríquez, Francisco; Hankerson, Darrel; López, Julio

doi:10.1007/978-3-642-23951-9_8

Cited by 21 publications

(22 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our result is also 12% faster than the recent implementation by Hamburg [13]. Recent implementations on multiple cores are reported by Taverne et al in [29]. However, they do not explore the 128-bit security level in their implementations and, hence, results are not directly comparable.…”

Section: Performance Analysis and Experimental Resultsmentioning

confidence: 52%

Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication

Longa

Sica

2012

Advances in Cryptology – ASIACRYPT 2012

View full text Add to dashboard Cite

Abstract. The GLV method of Gallant, Lambert and Vanstone (CRYPTO 2001) computes any multiple kP of a point P of prime order n lying on an elliptic curve with a low-degree endomorphism Φ (called GLV curve) over Fp as kP = k1P + k2Φ(P ), with max{|k1|, |k2|} ≤ C1 √ n for some explicit constant C1 > 0. Recently, Galbraith, Lin and Scott (EUROCRYPT 2009) extended this method to all curves over F p 2 which are twists of curves defined over Fp. We show in this work how to merge the two approaches in order to get, for twists of any GLV curve over F p 2 , a four-dimensional decomposition together with fast endomorphisms Φ, Ψ over F p 2 acting on the group generated by a point P of prime order n, resulting in a proven decomposition for any scalar k ∈ [1, n] given byfor some explicit C2 > 0. Remarkably, taking the best C1, C2, we obtain C2/C1 < 412, independently of the curve, ensuring in theory an almost constant relative speedup. In practice, our experiments reveal that the use of the merged GLV-GLS approach supports a scalar multiplication that runs up to 50% faster than the original GLV method. We then improve this performance even further by exploiting the Twisted Edwards model and show that curves originally slower may become extremely efficient on this model. In addition, we analyze the performance of the method on a multicore setting and describe how to efficiently protect GLV-based scalar multiplication against several side-channel attacks. Our implementations improve the state-of-the-art performance of point multiplication for a variety of scenarios including side-channel protected and unprotected cases with sequential and multicore execution.

show abstract

Section: Performance Analysis and Experimental Resultsmentioning

confidence: 52%

Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication

Longa

Sica

2012

Advances in Cryptology – ASIACRYPT 2012

View full text Add to dashboard Cite

show abstract

“…Preliminary results reported here have been published in[42]; this paper is an enhanced and extended version.…”

mentioning

confidence: 79%

Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction

et al. 2011

Self Cite

View full text Add to dashboard Cite

The availability of a new carry-less multiplication instruction in the latest Intel desktop processors significantly accelerates multiplication in binary fields and hence presents the opportunity for reevaluating algorithms for binary field arithmetic and scalar multiplication over elliptic curves. We describe how to best employ this instruction in field multiplication and the effect on performance of doubling and halving operations. Alternate strategies for implementing inversion and half-trace are examined to restore most of their competitiveness relative to the new multiplier. These improvements in field arithmetic are complemented by a study on serial and parallel approaches for Koblitz and random curves, where parallelization strategies are implemented J. and compared. The contributions are illustrated with experimental results improving the state-of-the-art performance of halving and doubling-based scalar multiplication on NIST curves at the 112-and 192-bit security levels and a new speed record for side-channel-resistant scalar multiplication in a random curve at the 128-bit security level. The algorithms presented in this work were implemented on Westmere and Sandy Bridge processors, the latest generation Intel microarchitectures.

show abstract

“…Note that this time should be divided in steps 5, 6, and 7; and step 9 is also needed to verify the blind signature. All these times have been obtained considering the use of a processor Intel Core i5‐4570S 2.9 GHz (Intel Corporation, Malaysia) .…”

Section: Robust Identity Assignment Protocol For P2p Overlaysmentioning

confidence: 99%

RIAPPA: a Robust Identity Assignment Protocol for P2P overlays

Caubet

Esparza

Muñoz

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

Peer-to-peer (P2P) overlay networks have been proposed to solve routing problems of big distributed infrastructures, even for Internet scale. But the research community has been questioning the security of these networks for years. Most prior work in security services was focused on trust and reputation systems, anonymity, and secure routing. However, the proper management of identities in overlays is an important prerequisite to provide most of these security services. In this paper, we propose a protocol to control the access to a P2P overlay and to assign identities in a secure way; all this preserving the anonymity of users. This protocol involves two trusted third parties (TTPs), thanks to which it is possible to preserve the users' anonymity within the network without losing traceability. Users are authenticated by a TTP using real-world digital certificates, they select their network identifier jointly with the other TTP, and finally, the two TTPs issue the internal certificate to them. The protocol also provides revocability and protection against Sybil attacks, Eclipse attacks, whitewashers, and so on. A detailed protocol description is presented, and a performance and security analysis of the protocol is also provided.

show abstract

Software Implementation of Binary Elliptic Curves: Impact of the Carry-Less Multiplier on Scalar Multiplication

Cited by 21 publications

References 26 publications

Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication

Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication

Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction

RIAPPA: a Robust Identity Assignment Protocol for P2P overlays

Contact Info

Product

Resources

About