Welcome to the resource topic for 2021/383
Title:
GLV+HWCD for 2y^2=x^3+x/GF(8^91+5)
Authors: Daniel R. L. Brown
Abstract:This report considers combining three well-known optimization methods for elliptic curve scalar multiplication: Gallant–Lambert–Vanstone (GLV) for complex multiplication endomorphisms [i] and [i+1]; 3-bit fixed windows (signed base 8); and Hisil–Wong–Carter–Dawson (HWCD) curve arithmetic for twisted Edwards curves. An x-only Diffie–Hellman scalar multiplication for curve 2y^2=x^3+x over field size 8^{91}+5 has arithmetic cost 947\textbf{M} + 1086\textbf{S}, where \textbf{M} is a field multiplication and \textbf{S} is a field squaring. This is approximately (3.55\textbf{M} + 4.07\textbf{S})/bit, with 1\textbf{S}/bit for input decompression and 1\textbf{S}/bit for output normalization. Optimizing speed by allowing uncompressed input points leads to an estimate (3.38\textbf{M}+2.95\textbf{S})/bit. To mitigate some side-channel attacks, the secret scalar is only used to copy curve points from one array to another: the field operations used are fixed and independent of the secret scalar. The method is likely vulnerable to cache-timing attacks, nonetheless.
ePrint: https://eprint.iacr.org/2021/383
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .