TY - GEN
T1 - An analysis of double base number systems and a sublinear scalar multiplication algorithm
AU - Ciet, Mathieu
AU - Sica, Francesco
PY - 2005/12/1
Y1 - 2005/12/1
N2 - In this paper we produce a practical and efficient algorithm to find a decomposition of type n = ∑i=1k2si3 ti, si ti ∈ ℕ ∪ {0} with k ≤ (c +o(1)) log n/log log n . It is conjectured that one can take c = 2 above. Then this decomposition is refined into an effective scalar multiplication algorithm to compute nP on some supersingular elliptic curves of characteristic 3 with running time bounded by O (log n/log log n) and essentially no storage. To our knowledge, this is the first instance of a scalar multiplication algorithm that requires o(log n) curve operations on an elliptic curve over double struck F signq, with log q ≈ log n and uses comparable storage as in the standard double-and-add algorithm. This leads to an efficient algorithm very useful for cryptographic protocols based on supersingular curves. This is for example the case of the well-studied (in the past four years) identity based schemes. The method carries over to any supersingular curve of fixed characteristic.
AB - In this paper we produce a practical and efficient algorithm to find a decomposition of type n = ∑i=1k2si3 ti, si ti ∈ ℕ ∪ {0} with k ≤ (c +o(1)) log n/log log n . It is conjectured that one can take c = 2 above. Then this decomposition is refined into an effective scalar multiplication algorithm to compute nP on some supersingular elliptic curves of characteristic 3 with running time bounded by O (log n/log log n) and essentially no storage. To our knowledge, this is the first instance of a scalar multiplication algorithm that requires o(log n) curve operations on an elliptic curve over double struck F signq, with log q ≈ log n and uses comparable storage as in the standard double-and-add algorithm. This leads to an efficient algorithm very useful for cryptographic protocols based on supersingular curves. This is for example the case of the well-studied (in the past four years) identity based schemes. The method carries over to any supersingular curve of fixed characteristic.
KW - Exponentiation algorithms
KW - Integer decomposition
UR - http://www.scopus.com/inward/record.url?scp=33646198552&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33646198552&partnerID=8YFLogxK
U2 - 10.1007/11554868_12
DO - 10.1007/11554868_12
M3 - Conference contribution
AN - SCOPUS:33646198552
SN - 3540289380
SN - 9783540289388
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 171
EP - 182
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
T2 - 1st International Conference on Cryptology in Malaysia on Progress in Cryptology - Mycrypt 2005
Y2 - 28 September 2005 through 30 September 2005
ER -