Abstract:
Elliptic curve scalar multiplication k . P , where k is a nonnegative constant and P is a point on the elliptic curve, requires two distinct operations: addition (ADD) and doubling (DBL). To reduce the number of ADDs without increasing the number of DBLs, a recoding of k with fewer nonzero digits is necessary. Based on Radix- 2w arithmetic, we introduce a principled w -bit windowing method where the properties of speed, memory, and security are described by exact analytic formulas as proof of superiority. Contrary to existing windowing algorithms, to minimize the number of ADDs the window size ( w ) is guided by an optimum depending on the bit-length ( l ) of the scalar k. The number of required precomputations is minimal regarding the value of w . The proposed method recodes the binary string k and evaluates the multiplication on-the-fly from right-to-left and left-to-right, likewise. Radix- 2w method is very easy to be used and highly reconfigurable, allowing speed-memory and speed-security trade-offs to satisfy different crypto-system constraints. Furthermore, the method shows a high resilience to side-channel attacks based on power, timing, and statistical analysis. All Radix- 2w properties are confronted to standard windowing methods’ through an in-depth analysis of the complexities. An overall comparison is made via NIST-recommended GF( 2l ) finite fields.
Published in: IEEE Transactions on Circuits and Systems I: Regular Papers ( Volume: 68, Issue: 5, May 2021)