Faster ECC over $\mathbb{F}_{2^{521}-1}$

In this paper we present a new multiplication algorithm for residues modulo the Mersenne prime $2^{521}−1$. Using this approach, on an Intel Haswell Core i7-4770, constant-time variable-base scalar multiplication on NIST’s (and SECG’s) curve P-521 requires 1,108,000 cycles, while on the recently proposed Edwards curve E-521 it requires just 943,000 cycles. As a comparison, on the same architecture openSSL’s ECDH speed test for curve P-521 requires 1,319,000 cycles. Furthermore, our code was written entirely in C and so is robust across different platforms. The basic observation behind these speedups is that the form of the modulus allows one to multiply residues with as few word-by-word multiplications as is needed for squaring, while incurring very little overhead from extra additions, in contrast to the usual Karatsuba methods.

Katz, Jonathan
Published in:
Public-Key Cryptography -- PKC 2015, 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30 -- April 1, 2015, Proceedings, 539-553
Presented at:
Public-Key Cryptography -- PKC 2015, Gaithersburg, MD, USA, March 30 -- April 1, 2015
Springer Berlin Heidelberg

 Record created 2016-01-19, last modified 2018-03-17

External link:
Download fulltext
Rate this document:

Rate this document:
(Not yet reviewed)