TY - GEN

T1 - Fast elliptic curve cryptography using minimal weight conversion of d integers

AU - Suppakitpaisarn, Vorapong

AU - Edahiro, Masato

AU - Imai, Hiroshi

PY - 2012

Y1 - 2012

N2 - In this paper, we reduce computation time of elliptic curve signature verification scheme by proposing the minimal joint Hamming weight conversion for any binary expansions of d integers. The computation time of multi-scalar multiplication, the bottleneck operation of the scheme, strongly depends on the joint Hamming weight. As we represent the scalars using redundant representations, we may represent a number by many expansions. The minimal joint Hamming weight conversion is the algorithm to select the expansion which has the least joint Hamming weight. Many existing works introduce the conversions for some specific representations, and it is not trivial to generalize their algorithms to other representations. On the other hand, our conversion, based on the dynamic programming scheme, is applicable to find the optimal expansions on any binary representations. We also propose the algorithm to generate the Markov chain used for exploring the minimal average Hamming density automatically from our conversion algorithm. In general, the sets of states in our Markov chains are infinite. Then, we introduce a technique to reduce the number of Markov chain states to a finite set. With the technique, we find the average joint Hamming weight of many representations that have never been found. One of the most significant results is that, for the expansion of integer pairs when the digit set is {0, ±1, ±3} often used in multi-scalar multiplication, we show that the minimal average joint Hamming density is 0.3575, which improves the upper bound value.

AB - In this paper, we reduce computation time of elliptic curve signature verification scheme by proposing the minimal joint Hamming weight conversion for any binary expansions of d integers. The computation time of multi-scalar multiplication, the bottleneck operation of the scheme, strongly depends on the joint Hamming weight. As we represent the scalars using redundant representations, we may represent a number by many expansions. The minimal joint Hamming weight conversion is the algorithm to select the expansion which has the least joint Hamming weight. Many existing works introduce the conversions for some specific representations, and it is not trivial to generalize their algorithms to other representations. On the other hand, our conversion, based on the dynamic programming scheme, is applicable to find the optimal expansions on any binary representations. We also propose the algorithm to generate the Markov chain used for exploring the minimal average Hamming density automatically from our conversion algorithm. In general, the sets of states in our Markov chains are infinite. Then, we introduce a technique to reduce the number of Markov chain states to a finite set. With the technique, we find the average joint Hamming weight of many representations that have never been found. One of the most significant results is that, for the expansion of integer pairs when the digit set is {0, ±1, ±3} often used in multi-scalar multiplication, we show that the minimal average joint Hamming density is 0.3575, which improves the upper bound value.

KW - Average joint hamming weight

KW - Digit set expansion

KW - Elliptic curve cryptography

KW - Minimal weight conversion

UR - http://www.scopus.com/inward/record.url?scp=84867164643&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867164643&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84867164643

SN - 9781921770067

T3 - Conferences in Research and Practice in Information Technology Series

SP - 15

EP - 26

BT - Information Security 2012 - Proceedings of the Tenth Australasian Information Security Conference, AISC 2012

T2 - 10th Australasian Information Security Conference, AISC 2012

Y2 - 31 January 2012 through 3 February 2012

ER -