An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices

One of the most frequent operations in modern cryptosystems is a multi-scalar multiplication with two scalars. Common methods to compute it are the Shamir method and the Interleave method whereas their speed mainly depends on the (joint) Hamming weight of the scalars. To increase the speed, the scal...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Dahmen, Erik, Okeya, Katsuyuki, Takagi, Tsuyoshi
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 204
container_issue
container_start_page 189
container_title
container_volume
creator Dahmen, Erik
Okeya, Katsuyuki
Takagi, Tsuyoshi
description One of the most frequent operations in modern cryptosystems is a multi-scalar multiplication with two scalars. Common methods to compute it are the Shamir method and the Interleave method whereas their speed mainly depends on the (joint) Hamming weight of the scalars. To increase the speed, the scalars are usually deployed using some general representation which provides a lower (joint) Hamming weight than the binary representation. However, by using such general representations the precomputation and storing of some points becomes necessary and therefore more memory is required. Probably the most famous method to speed up the Shamir method is the joint sparse form (JSF). The resulting representation has an average joint Hamming weight of 1/2 and it uses the digits 0,± 1. To compute a multi-scalar multiplication with the JSF, the precomputation of two points is required. While for two precomputed points both the Shamir and the Interleave method provide the same efficiency, until now the Interleave method is faster in any case where more points are precomputed. This paper extends the used digits of the JSF in a natural way, namely we use the digits 0, ±1, ±3 which results in the necessity to precompute ten points. We will prove that using the proposed scheme, the average joint Hamming density is reduced to 239/661 ≈ 0.3615. Hence, a multi-scalar multiplication can be computed more than 10% faster, compared to the JSF. Further, our scheme is superior to all known methods using ten precomputed points and is therefore the first method to improve the Shamir method such that it is faster than the Interleave method. Another advantage of the new representation is, that it is generated starting at the most significant bit. More specific, we need to store only up to 5 joint bits of the new representation at a time. Compared to representations which are generated starting at the least significant bit, where we have to store the whole representation, this yields a significant saving of memory.
doi_str_mv 10.1007/11601494_16
format Conference Proceeding
fullrecord <record><control><sourceid>pascalfrancis_sprin</sourceid><recordid>TN_cdi_pascalfrancis_primary_17415369</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>17415369</sourcerecordid><originalsourceid>FETCH-LOGICAL-p219t-a72a49dec290679f9b69c86d59d992a27dd22b2dec4e9f7aa461a0ec4ac572d13</originalsourceid><addsrcrecordid>eNpNkMtOwzAQRc1LIpSu-AFvWLAIeGzH7iyr8lYrkIB15MYOBNI4skOl_j2u2gWzmbm6R6OZS8gFsGtgTN8AKAYSZQnqgJyJQjIBCgo8JFnqkAsh8WhvMAQ-OSZZmniOWopTMo7xm6USgChlRl6nHZ3atekqZ-nCDV_e0toH-uybbqBvlWlNoIvfdmj6tqnM0PguUt8ldOXDhs6SHILZsrdu3VQunpOT2rTRjfd9RD7u795nj_n85eFpNp3nPQcccqO5kWhdxZEpjTUuFVYTZQu0iNxwbS3nS54A6bDWxkgFhiVlqkJzC2JELnd7exPTlXVILzSx7EOzMmFTgpZQCIWJu9pxMVndpwvl0vufWAIrt3mW__IUf3bPYqk</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices</title><source>Springer Books</source><creator>Dahmen, Erik ; Okeya, Katsuyuki ; Takagi, Tsuyoshi</creator><contributor>Tsudik, Gene ; Westhoff, Dirk ; Molva, Refik</contributor><creatorcontrib>Dahmen, Erik ; Okeya, Katsuyuki ; Takagi, Tsuyoshi ; Tsudik, Gene ; Westhoff, Dirk ; Molva, Refik</creatorcontrib><description>One of the most frequent operations in modern cryptosystems is a multi-scalar multiplication with two scalars. Common methods to compute it are the Shamir method and the Interleave method whereas their speed mainly depends on the (joint) Hamming weight of the scalars. To increase the speed, the scalars are usually deployed using some general representation which provides a lower (joint) Hamming weight than the binary representation. However, by using such general representations the precomputation and storing of some points becomes necessary and therefore more memory is required. Probably the most famous method to speed up the Shamir method is the joint sparse form (JSF). The resulting representation has an average joint Hamming weight of 1/2 and it uses the digits 0,± 1. To compute a multi-scalar multiplication with the JSF, the precomputation of two points is required. While for two precomputed points both the Shamir and the Interleave method provide the same efficiency, until now the Interleave method is faster in any case where more points are precomputed. This paper extends the used digits of the JSF in a natural way, namely we use the digits 0, ±1, ±3 which results in the necessity to precompute ten points. We will prove that using the proposed scheme, the average joint Hamming density is reduced to 239/661 ≈ 0.3615. Hence, a multi-scalar multiplication can be computed more than 10% faster, compared to the JSF. Further, our scheme is superior to all known methods using ten precomputed points and is therefore the first method to improve the Shamir method such that it is faster than the Interleave method. Another advantage of the new representation is, that it is generated starting at the most significant bit. More specific, we need to store only up to 5 joint bits of the new representation at a time. Compared to representations which are generated starting at the least significant bit, where we have to store the whole representation, this yields a significant saving of memory.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 3540309128</identifier><identifier>ISBN: 9783540309123</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 3540316159</identifier><identifier>EISBN: 9783540316152</identifier><identifier>DOI: 10.1007/11601494_16</identifier><language>eng</language><publisher>Berlin, Heidelberg: Springer Berlin Heidelberg</publisher><subject>Applied sciences ; Computer science; control theory; systems ; Computer systems and distributed systems. User interface ; elliptic curve cryptosystem ; Exact sciences and technology ; joint sparse form ; left-to-right ; Memory and file management (including protection and security) ; Memory organisation. Data processing ; multi-scalar multiplication ; shamir method ; Software</subject><ispartof>Lecture notes in computer science, 2005, p.189-204</ispartof><rights>Springer-Verlag Berlin Heidelberg 2005</rights><rights>2006 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/11601494_16$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/11601494_16$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,779,780,784,789,790,793,4050,4051,27925,38255,41442,42511</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&amp;idt=17415369$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Tsudik, Gene</contributor><contributor>Westhoff, Dirk</contributor><contributor>Molva, Refik</contributor><creatorcontrib>Dahmen, Erik</creatorcontrib><creatorcontrib>Okeya, Katsuyuki</creatorcontrib><creatorcontrib>Takagi, Tsuyoshi</creatorcontrib><title>An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices</title><title>Lecture notes in computer science</title><description>One of the most frequent operations in modern cryptosystems is a multi-scalar multiplication with two scalars. Common methods to compute it are the Shamir method and the Interleave method whereas their speed mainly depends on the (joint) Hamming weight of the scalars. To increase the speed, the scalars are usually deployed using some general representation which provides a lower (joint) Hamming weight than the binary representation. However, by using such general representations the precomputation and storing of some points becomes necessary and therefore more memory is required. Probably the most famous method to speed up the Shamir method is the joint sparse form (JSF). The resulting representation has an average joint Hamming weight of 1/2 and it uses the digits 0,± 1. To compute a multi-scalar multiplication with the JSF, the precomputation of two points is required. While for two precomputed points both the Shamir and the Interleave method provide the same efficiency, until now the Interleave method is faster in any case where more points are precomputed. This paper extends the used digits of the JSF in a natural way, namely we use the digits 0, ±1, ±3 which results in the necessity to precompute ten points. We will prove that using the proposed scheme, the average joint Hamming density is reduced to 239/661 ≈ 0.3615. Hence, a multi-scalar multiplication can be computed more than 10% faster, compared to the JSF. Further, our scheme is superior to all known methods using ten precomputed points and is therefore the first method to improve the Shamir method such that it is faster than the Interleave method. Another advantage of the new representation is, that it is generated starting at the most significant bit. More specific, we need to store only up to 5 joint bits of the new representation at a time. Compared to representations which are generated starting at the least significant bit, where we have to store the whole representation, this yields a significant saving of memory.</description><subject>Applied sciences</subject><subject>Computer science; control theory; systems</subject><subject>Computer systems and distributed systems. User interface</subject><subject>elliptic curve cryptosystem</subject><subject>Exact sciences and technology</subject><subject>joint sparse form</subject><subject>left-to-right</subject><subject>Memory and file management (including protection and security)</subject><subject>Memory organisation. Data processing</subject><subject>multi-scalar multiplication</subject><subject>shamir method</subject><subject>Software</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>3540309128</isbn><isbn>9783540309123</isbn><isbn>3540316159</isbn><isbn>9783540316152</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2005</creationdate><recordtype>conference_proceeding</recordtype><recordid>eNpNkMtOwzAQRc1LIpSu-AFvWLAIeGzH7iyr8lYrkIB15MYOBNI4skOl_j2u2gWzmbm6R6OZS8gFsGtgTN8AKAYSZQnqgJyJQjIBCgo8JFnqkAsh8WhvMAQ-OSZZmniOWopTMo7xm6USgChlRl6nHZ3atekqZ-nCDV_e0toH-uybbqBvlWlNoIvfdmj6tqnM0PguUt8ldOXDhs6SHILZsrdu3VQunpOT2rTRjfd9RD7u795nj_n85eFpNp3nPQcccqO5kWhdxZEpjTUuFVYTZQu0iNxwbS3nS54A6bDWxkgFhiVlqkJzC2JELnd7exPTlXVILzSx7EOzMmFTgpZQCIWJu9pxMVndpwvl0vufWAIrt3mW__IUf3bPYqk</recordid><startdate>2005</startdate><enddate>2005</enddate><creator>Dahmen, Erik</creator><creator>Okeya, Katsuyuki</creator><creator>Takagi, Tsuyoshi</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>IQODW</scope></search><sort><creationdate>2005</creationdate><title>An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices</title><author>Dahmen, Erik ; Okeya, Katsuyuki ; Takagi, Tsuyoshi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-p219t-a72a49dec290679f9b69c86d59d992a27dd22b2dec4e9f7aa461a0ec4ac572d13</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Applied sciences</topic><topic>Computer science; control theory; systems</topic><topic>Computer systems and distributed systems. User interface</topic><topic>elliptic curve cryptosystem</topic><topic>Exact sciences and technology</topic><topic>joint sparse form</topic><topic>left-to-right</topic><topic>Memory and file management (including protection and security)</topic><topic>Memory organisation. Data processing</topic><topic>multi-scalar multiplication</topic><topic>shamir method</topic><topic>Software</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Dahmen, Erik</creatorcontrib><creatorcontrib>Okeya, Katsuyuki</creatorcontrib><creatorcontrib>Takagi, Tsuyoshi</creatorcontrib><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Dahmen, Erik</au><au>Okeya, Katsuyuki</au><au>Takagi, Tsuyoshi</au><au>Tsudik, Gene</au><au>Westhoff, Dirk</au><au>Molva, Refik</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices</atitle><btitle>Lecture notes in computer science</btitle><date>2005</date><risdate>2005</risdate><spage>189</spage><epage>204</epage><pages>189-204</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>3540309128</isbn><isbn>9783540309123</isbn><eisbn>3540316159</eisbn><eisbn>9783540316152</eisbn><abstract>One of the most frequent operations in modern cryptosystems is a multi-scalar multiplication with two scalars. Common methods to compute it are the Shamir method and the Interleave method whereas their speed mainly depends on the (joint) Hamming weight of the scalars. To increase the speed, the scalars are usually deployed using some general representation which provides a lower (joint) Hamming weight than the binary representation. However, by using such general representations the precomputation and storing of some points becomes necessary and therefore more memory is required. Probably the most famous method to speed up the Shamir method is the joint sparse form (JSF). The resulting representation has an average joint Hamming weight of 1/2 and it uses the digits 0,± 1. To compute a multi-scalar multiplication with the JSF, the precomputation of two points is required. While for two precomputed points both the Shamir and the Interleave method provide the same efficiency, until now the Interleave method is faster in any case where more points are precomputed. This paper extends the used digits of the JSF in a natural way, namely we use the digits 0, ±1, ±3 which results in the necessity to precompute ten points. We will prove that using the proposed scheme, the average joint Hamming density is reduced to 239/661 ≈ 0.3615. Hence, a multi-scalar multiplication can be computed more than 10% faster, compared to the JSF. Further, our scheme is superior to all known methods using ten precomputed points and is therefore the first method to improve the Shamir method such that it is faster than the Interleave method. Another advantage of the new representation is, that it is generated starting at the most significant bit. More specific, we need to store only up to 5 joint bits of the new representation at a time. Compared to representations which are generated starting at the least significant bit, where we have to store the whole representation, this yields a significant saving of memory.</abstract><cop>Berlin, Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/11601494_16</doi><tpages>16</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0302-9743
ispartof Lecture notes in computer science, 2005, p.189-204
issn 0302-9743
1611-3349
language eng
recordid cdi_pascalfrancis_primary_17415369
source Springer Books
subjects Applied sciences
Computer science
control theory
systems
Computer systems and distributed systems. User interface
elliptic curve cryptosystem
Exact sciences and technology
joint sparse form
left-to-right
Memory and file management (including protection and security)
Memory organisation. Data processing
multi-scalar multiplication
shamir method
Software
title An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T19%3A38%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-pascalfrancis_sprin&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=An%20Advanced%20Method%20for%20Joint%20Scalar%20Multiplications%20on%20Memory%20Constraint%20Devices&rft.btitle=Lecture%20notes%20in%20computer%20science&rft.au=Dahmen,%20Erik&rft.date=2005&rft.spage=189&rft.epage=204&rft.pages=189-204&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=3540309128&rft.isbn_list=9783540309123&rft_id=info:doi/10.1007/11601494_16&rft_dat=%3Cpascalfrancis_sprin%3E17415369%3C/pascalfrancis_sprin%3E%3Curl%3E%3C/url%3E&rft.eisbn=3540316159&rft.eisbn_list=9783540316152&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true