Wyniki wyszukiwania - BazTech

Ograniczanie wyników

2 Fundamenta Informaticae

Znaleziono wyników: 2

Liczba wyników na stronie

Wyniki wyszukiwania

Wyszukiwano:
w słowach kluczowych: scalar multiplication

Sortuj według:

Ogranicz wyniki do:

Determining Formulas Related to Point Compression on Alternative Models of Elliptic Curves

Dryło Robert, Kijko Tomasz, Wroński Michał

Fundamenta Informaticae

2019

Vol. 169, nr 4

285--294

Let E be an elliptic curve given by any model over a field K. A rational function f : E → K of degree 2 such that f(P) = f(Q) ⇔ Q = ±P can be used as a point compression on E. Then there exists induced from E multiplication of values of f by integers given by [n]f(P) := f([n]P), which can be computed using the Montgomery ladder algorithm. For this algorithm one needs the generalized Montgomery formulas for differential addition and doubling that is rational functions A(X1, X2, X3) ∈ K(X1, X2, X3) and [2] ∈ K(X) such that f(P + Q) = A(f(P), f(Q), f(Q − P)) and [2]f(P) = f([2]P) for generic P,Q ∈ E. For most standard models of elliptic curves generalized Montgomery formulas are known. To use compression for scalar multiplication [n]P for P ∈ E, one can compute after compression [n]f(P), which is followed by [n + 1]f(P) in the Montgomery ladder algorithm, then one can recover [n]P on E, since there exists a rational map B such that [n]P = B(P, [n]f(P), [n + 1]f(P)) for generic P ∈ E and n ∈ Z. Such a map B is known for Weierstrass and Edwards curves, but to our knowledge it seems that it was not given for other models of elliptic curves. In this paper for an elliptic curve E and the above compression function f we give an algorithm to search for generalized Montgomery formulas, functions on K induced after compression by endomorphisms of E, and the above map B for point recovering. All these tasks require searching for solutions of similar type problems for which we describe an algorithm based on Gröbner bases. As applications we give formulas for differential addition, doubling and the above map B for Jacobi quartic, Huff curves, and twisted Hessian curves.

Constructing Elliptic Curves for the GLV Method with Low-cost Decomposition

Wroński M., Dryło R., Kijko T., Bora P.

Fundamenta Informaticae

2017

Vol. 153, nr 4

399--413

The GLV method allows to improve scalar multiplication on an elliptic curve E/Fqwith an efficiently computable endomorphism Φ : E → E over Fq. For points in a subgroup of large prime order r this requires decomposition of scalar k = k0 + k1λ mod r, where Φ acts on the subgroup of order r as multiplication by λ ∊ Fr and k0, k1 are integers O(√r) . In this note we consider the case when λ is of the form λ = 2s + a, where a is a small integer and λ=O(√r), which allows very easy and fast decomposition of k especially in hardware implementations. We give a method to construct such elliptic curves based on the complex multiplication method, and give examples of elliptic curves for λ ∊ {2s, 2s - 1} and various security levels.