TY - GEN
T1 - Fast elliptic curve cryptography using minimal weight conversion of d integers
AU - Suppakitpaisarn, Vorapong
AU - Edahiro, Masato
AU - Imai, Hiroshi
PY - 2012
Y1 - 2012
N2 - In this paper, we reduce computation time of elliptic curve signature verification scheme by proposing the minimal joint Hamming weight conversion for any binary expansions of d integers. The computation time of multi-scalar multiplication, the bottleneck operation of the scheme, strongly depends on the joint Hamming weight. As we represent the scalars using redundant representations, we may represent a number by many expansions. The minimal joint Hamming weight conversion is the algorithm to select the expansion which has the least joint Hamming weight. Many existing works introduce the conversions for some specific representations, and it is not trivial to generalize their algorithms to other representations. On the other hand, our conversion, based on the dynamic programming scheme, is applicable to find the optimal expansions on any binary representations. We also propose the algorithm to generate the Markov chain used for exploring the minimal average Hamming density automatically from our conversion algorithm. In general, the sets of states in our Markov chains are infinite. Then, we introduce a technique to reduce the number of Markov chain states to a finite set. With the technique, we find the average joint Hamming weight of many representations that have never been found. One of the most significant results is that, for the expansion of integer pairs when the digit set is {0, ±1, ±3} often used in multi-scalar multiplication, we show that the minimal average joint Hamming density is 0.3575, which improves the upper bound value.
AB - In this paper, we reduce computation time of elliptic curve signature verification scheme by proposing the minimal joint Hamming weight conversion for any binary expansions of d integers. The computation time of multi-scalar multiplication, the bottleneck operation of the scheme, strongly depends on the joint Hamming weight. As we represent the scalars using redundant representations, we may represent a number by many expansions. The minimal joint Hamming weight conversion is the algorithm to select the expansion which has the least joint Hamming weight. Many existing works introduce the conversions for some specific representations, and it is not trivial to generalize their algorithms to other representations. On the other hand, our conversion, based on the dynamic programming scheme, is applicable to find the optimal expansions on any binary representations. We also propose the algorithm to generate the Markov chain used for exploring the minimal average Hamming density automatically from our conversion algorithm. In general, the sets of states in our Markov chains are infinite. Then, we introduce a technique to reduce the number of Markov chain states to a finite set. With the technique, we find the average joint Hamming weight of many representations that have never been found. One of the most significant results is that, for the expansion of integer pairs when the digit set is {0, ±1, ±3} often used in multi-scalar multiplication, we show that the minimal average joint Hamming density is 0.3575, which improves the upper bound value.
KW - Average joint hamming weight
KW - Digit set expansion
KW - Elliptic curve cryptography
KW - Minimal weight conversion
UR - http://www.scopus.com/inward/record.url?scp=84867164643&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84867164643&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84867164643
SN - 9781921770067
T3 - Conferences in Research and Practice in Information Technology Series
SP - 15
EP - 26
BT - Information Security 2012 - Proceedings of the Tenth Australasian Information Security Conference, AISC 2012
T2 - 10th Australasian Information Security Conference, AISC 2012
Y2 - 31 January 2012 through 3 February 2012
ER -