JP2005284111A - Method and device for high speed arithmetic processing of elliptic curve cryptosystem - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the following problem that speeding up of encryption processing of elliptic curve cryptosystem is retarded by the fact that multiplication and division take more than half of the processing time and the degree increases in multiplication, therefore, in an OEF system which is said to be the fastest, two-stage arithmetic operation is performed wherein polynomial product is taken and the remainder is taken in a modulus polynomial. <P>SOLUTION: In the arithmetic processing of elliptic curve cryptosystem using an extension field GF(p<SP>m</SP>), the processing speed greatly varies depending on the way of selecting an irreducible polynomial f(x) and a base. In this invention, an irreducible polynomial f(x)=(x<SP>2m+1</SP>-1)/(x-1)=x<SP>2m</SP>+x<SP>2m-1</SP>+ ... +x+1 is used for elliptic curve encryption processing, and a base äω+ω<SP>-1</SP>, ω<SP>2</SP>+ω<SP>-2</SP>, ..., ω<SP>m</SP>+ω<SP>-m</SP>} is constituted by the zero point ω which makes f(ω)=0. Thus, since an arbitrary element is given as an self-contradictory element, the computational complexity can be reduced by defining multiplication by using the CVMA method and the operation speed can be enhanced. The block diagram shows the configuration of a multiplier in this invention. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a high-speed arithmetic processing method and apparatus for elliptic curve cryptography useful for public key cryptography widely used for confidential functions such as information communication secrecy and authentication, and in particular, binary in elliptic curve cryptography using a Galois extension field The present invention relates to an algorithm for speeding up the multiplication of.

  With the spread of the Internet in recent years, the need for open network security has increased, and encryption technology to achieve this is an indispensable basic technology. Elliptic curve cryptography is being standardized and implemented as a next generation public key cryptosystem. In the cryptographic processing, a majority of the time is required for multiplication and division among the four arithmetic operations. In particular, calculation of the inverse element in division is a problem. The present invention provides one effective solution for that purpose.

  Encryption is used when important information, pay information, and private information are concealed using a public communication network, or when the identity is confirmed by signature / authentication. In particular, encryption technology is indispensable for communicating with many other parties. There are two encryption methods: common key encryption and public key encryption. In general, these two methods are used in combination. Among public-key cryptosystems, the elliptic curve cryptography that has recently attracted attention is much stronger than the conventional cryptography (RSA system), and the RSA system cipher actually avoids the decryption. In contrast, elliptic curve cryptography requires 160 bits to secure the equivalent encryption strength, so elliptic curve cryptography is about to become an international standard. Research into implementation is underway.

An elliptic curve generally used for encryption is represented by y ² = x ³ + ax + b, and encryption processing is performed using a finite number of points (x, y) on the curve. Up to now, a finite field GF (p) having an odd prime p and an extension field GF (2 ^m ) having a characteristic number p have been used as the definition field of a finite number of points on the curve. An extension field GF (2 ^m ) with characteristic 2 means an m-dimensional vector space of GF (2), and each element is m 0s such as (0,1,0,0,...). And 1 The expansion field GF (2 ^m ) has been the mainstream of research and development until now, because the computer basically represents the data in binary format and the conventional error code correction technique. For example, in the extension field GF (2 ¹⁶⁰ ) with m = 160, the key length is 160 bits. However, in the case of GF (p ^m ), six 32-bit words can be configured, so it is advantageous to adopt GF (p ^m ) because of the ease of software microcomputer mounting.

  Recently, Bailey et al. Proposed OEF (Optimal Extension Field) as a powerful extension that can be implemented by software (see Non-Patent Document 1). In OEF, a polynomial remainder operation is facilitated by using a polynomial basis in which a modulo polynomial is an irreducible binary expression, and as a result, high-speed multiplication is possible. In addition, a high-speed method using normal bases and Frobenius mapping has been proposed when performing inverse element operations in OEF (see Non-Patent Documents 2 and 3).

  In OEF, a polynomial remainder operation is performed by using a pseudo Mersenne prime number as a characteristic and an irreducible binary as a modulus polynomial, thereby enabling high-speed multiplication / calculation between arbitrary elements. Based on this high-speed multiplication, high-speed division is realized by introducing a high-speed inverse element calculation method applying the Ito-Sakurai algorithm.

  For this reason, elliptic curve cryptography is now becoming the standard. In addition to the above OEF, AOPF by the present inventors (see Non-Patent Document 4) and XTR by Lenstra et al. (See Non-Patent Document 5) Research on software implementation such as

Next, the definition of OEF and the mechanism of multiplication will be described.
Definition of OEF OEF is an extension field that satisfies the following three conditions (i), (ii), and (iii) in the following [Equation 1].

(I) and (ii) are the selection conditions for the characteristic p for performing multiplication on the prime field GF (p) at high speed, and (iii) is for high speed multiplication on the extension field GF (p ^m ). It is a condition to do.

Multiplication method in OEF First, an arbitrary element A, BεGF (p ^m ) of OEF is a polynomial basis by a zero α of a modulus polynomial f (x) = x ^m −s: {1, α, α ² ,. It is expressed as follows in the form of a linear combination of ^m−1 }.

A = a ₀ + a ₁ α +... A _m−1 α ^m−1 , a _i ∈GF (p) (1)
B = b ₀ + b ₁ α +... B _m−1 α ^m−1 , b _i εGF (p)
The product of A and B is obtained by the following two steps.

[Step 1: Polynomial product]
The elements A and B are considered as polynomials having α as an indefinite element, and the following polynomial product is obtained.
A (α) × B (α) = a ₀ b ₀ + (a ₀ b ₁ + a ₁ b ₀ ) α +.
+ A _m-1 b _m-1 α ^2m-2
= C ₀ + c ₁ α + ... + c _2m-2 α ^2m-2 (2)
When the coefficient c _i (0 ≦ i ≦ 2m−2) of the above equation (2) is calculated by the textbook method, it is necessary to perform multiplication m ² times and addition (m−1 ² ) times on GF (p). Using the Karatsuba method, the number of additions can be increased, but the number of multiplications can be reduced.

[Step 2: Polynomial remainder calculation]
Substituting f (α) = α ^m −s = 0 into the equation (2), the following equation (3) of [Equation 2] is obtained.

That is, from equation (3), the polynomial remainder operation is executed by m-1 multiplications and m-1 additions in the prime field GF (p).

In addition, the inventors of the present invention previously performed an elliptic curve cryptography process on the m-th irreducible polynomial f (x) = (x ^{m + 1} −1) / (x−1) on the prime field GF (p). A set of m elements with zero ω: By using an extension field GF (p ^m ) based on {ω, ω ² ,... Ω ^m }, high-speed processing of binary multiplication and inverse element operation is performed. A patent application has been filed for a method and apparatus that enable this (see Patent Document 1).
DVBailey and C. Paar, "Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms," Proc. Asiacrypt2000, LNCS 1976, pp.248-258, (2000). NP Smart, "On the Performance of Hyperelliptic Cryptosystems," Proc. Eurocrypt'99, Springer LNCS, vol. 1592, pp.165-175, 1999. Toshiya Ito and Shigeo Sakurai, “Fast Inverse Element Calculation Algorithm for Finite Fields Using Normal Basis”, Theory of Science (A), vol.J70-A, no.11, pp.1637-1645, 1987. Yasuyuki Nogami, Akinori Saito, Yoshitaka Morikawa “Finite Extension Field with Modulus of All-One Polynomial and Representation of its Elements for Fast Arithmetic Operations”, Trans.IEICE, vol.E86-A, no.9, p.2376-2387, (2003). A. Lenstra and E. Verheul, “The XTR Public Key System,” Proc. Crypto 2000, LNCS 1880, 2000, pp.1-20. Japanese Patent Application No. 2001-272759 (Japanese Patent Laid-Open No. 2003-84666)

  As described above, it has been known that the OEF of the extension field proposed by Bailey et al. Is effective for speeding up the calculation processing of elliptic curve cryptography. In cryptographic processing, multiplication and division take a majority of time among the four arithmetic operations. Since the order increases in multiplication, the OFF method, which is said to be the fastest, performs a two-stage operation of taking a polynomial product and taking a remainder with a modulus polynomial, which is a barrier to speeding up. The present invention aims to improve this.

In the processing of elliptic curve cryptography using the extension field GF (p ^m ), the processing speed varies greatly depending on how the irreducible polynomial f (x) and the base are selected. In the present invention, the irreducible polynomial f (x) = ( ^{x2m +} 1-1) / (x-1) = ^x2m + ^x2m-1 + ... x + 1 (4)
, And ω ^{2m + 1} = 1 and ω + ω ² +... + Ω ^2m = −1 are established by ω where f (ω) = 0, which is the zero point, and the basis {ω + ω using this ^-1 , ω ² + ω ^-2 , ..., ω ^m + ω ^-m }
Is configured.

2m + 1 is a prime number, and the characteristic p is
p = 2 ⁿ ± c (log ₂ c ≦ n / 2)
Is a prime number of the form In terms of implementation in a computer, log ₂ p is preferably in the vicinity of values such as word lengths of 16, 32, 64, and 128.

  The above base used in the present invention is derived as follows. First, the irreducible polynomial (4) has a property as shown by the following relational expression (5).

f (ω) ≡ω ^{2m + 1} ≡1≡ω + ω ² + ... + ω ^2m (5)
Here, consider the following basis using zeros of irreducible polynomials.
^{(Ω, ···, ω m,} ω m + 1, ···, ω 2m)
This base is equivalent to the following base using the above relational expression (5).
(Ω, ..., ω ^m , ω ^{m + 1} , ..., ω ^2m ) ≡ (ω, ..., ω ^m , ω ^-m , ..., ω ^-1 )
Here, the above equivalent base is considered as the following base using the element β _{i such} that β _i = ω ⁱ + ω ⁻ⁱ .

(Β ₁ , β ₂ ,..., Β _m )
In the cryptographic processing of the present invention, as a result of using such a base, a multiplication method called CVMA (Cyclic Vector Multi-plication Algorithm) can be applied when obtaining the product of any two elements, which is compared with the conventional method. Thus, the number of multiplications and additions is reduced, and high-speed computation is possible.

In the CVMA method, the relational expression ω ^{m + 1} = 1 that holds also in the method of the present invention.
ω ^m + ω ^m-1 + ... + ω + 1 = 1
This is a multiplication method constructed by cyclic convolution using effectively. The CVMA method has a characteristic that the amount of calculation is smaller than that of a conventional OEF or the like, particularly for multiplication of self-reciprocal elements (for details, see [Non-Patent Document 4] above). In the method of the present invention, since an arbitrary element is given as a self-reciprocal element, the amount of calculation can be reduced by defining multiplication using the CVMA method.

Here, the self-reciprocal element will be described. The element A ^* given below is called a reciprocal element of A with respect to the element A of the next extension field.
A = (a ₁ , a ₂ ,... A _m )
A ^* = (a _m , a _m−1 ,... A ₁ )
When A = A ^*, the element A is called a self-reciprocal element.

Next, multiplication using the CVMA method will be described. When any two elements A and B of the extension field are expressed as follows,
A = a ₁ (ω + ω ⁻¹ ) + a ₂ (ω ² + ω ⁻² ),..., + A _m (ω ^m + ω ^−m ),
a _i ∈GF (p)
B = b ₁ (ω + ω ⁻¹ ) + b ₂ (ω ² + ω ⁻² ),..., + B _m (ω ^m + ω ^−m ),
b _i ∈GF (p)
The product C = c ₁ (ω + ω ⁻¹ ) + c ₂ (ω ² + ω ⁻² ),..., + C _m (ω ^m + ω ^−m )
Is obtained based on the CVMA method using the calculation formula shown in the following [Equation 3].

The present invention can be configured as follows.
(1) A high-speed arithmetic processing method for elliptic curve cryptography having Galois extension field GF (p ^m ) having characteristic p and extension degree m as a definition field,
The Galois extension field GF (p ^m ) used for elliptic curve cryptography is a prime number in the form of p = 2 ⁿ ± c (log ₂ c ≦ n / 2) where the characteristic p is n less than the word length. There is,
Also, the irreducible polynomial f (x) = ( ^{x2m +} 1-1) / (x-1) = ^x2m + ^x2m-1 + ... x + 1
, And the zero that is f (ω) = 0,
{Ω + ω ⁻¹ , ω ² + ω ⁻² ,..., Ω ^m + ω ^−m }
And 2m + 1 is a prime number,
A configuration of a high-speed arithmetic processing method for elliptic curve cryptography characterized by the above.

(2) The configuration of the high-speed arithmetic processing method for elliptic curve cryptography as described in (1) above, wherein the expansion order m is an order of 2, 3, 5, 6, etc.

(3) The logarithmic value log ₂ p of the characteristic p is a prime number in the vicinity of a computer word length of 16, 32, 64, 128, etc. Arithmetic processing method configuration.

(4) Arbitrary binary of Galois extension field GF (p ^m ) A = a ₁ ω + a ₂ ω ² +... A _m ω ^m , a _i ∈GF (p)
B = b ₁ ω + b ₂ ω ² +... B _m ω ^m , b _i ∈GF (p)
The polynomial product A × B = a ₁ b ₁ ω ² + (a ₁ b ₂ + a ₂ b ₁ ) ω ³ +... + A _m b _m ω ^2m
= C ₂ ω ² + c ₃ ω ³ +... + C _2m ω ^2m
The configuration of the high-speed arithmetic processing method for elliptic curve cryptography according to the preceding item (1), wherein the calculation is performed by the CVMA method.

(5) A high-speed arithmetic processing apparatus for elliptic curve cryptography having a characteristic field p and a Galois expansion field GF (p ^m ) having an expansion degree m as a definition field,
The Galois extension field GF (p ^m ) used for elliptic curve encryption processing has its characteristic p
a prime number of the form p = 2 ⁿ ± c (log ₂ c ≦ n / 2),
Also, the irreducible polynomial f (x) = ( ^{x2m +} 1-1) / (x-1) = ^x2m + ^x2m-1 + ... x + 1
, And the zero that is f (ω) = 0,
{Ω + ω ⁻¹ , ω ² + ω ⁻² ,..., Ω ^m + ω ^−m }
And 2m + 1 is a prime number,
A configuration of a high-speed arithmetic processing apparatus for elliptic curve cryptography comprising means for performing cryptographic processing using an elliptic curve defined by:

(6) The configuration of the high-speed arithmetic processing apparatus for elliptic curve cryptography as described in (5) above, wherein the expansion order m is an order of 2, 3, 5, 6 or the like.

(7) The means for cryptographic processing is arbitrary binary of Galois extension field GF (p ^m ) A = a ₁ ω + a ₂ ω ² +... + A _m ω ^m , a _i ∈GF (p)
B = b ₁ ω + b ₂ ω ² +... + B _m ω ^m , b _i εGF (p)
The polynomial product A × B = a ₁ b ₁ ω ² + (a ₁ b ₂ + a ₂ b ₁ ) ω ³ +... + A _m b _m ω ^2m
= C ₂ ω ² + c ₃ ω ³ +... + C _2m ω ^2m
A configuration of a high-speed arithmetic processing apparatus for elliptic curve cryptography as described in the above item (5) or (6), comprising a multiplication device that performs the above calculation by the CVMA method.

By adopting the method of the present invention, the multiplication operation speed is improved in multiplication and inverse element calculation on the prime field in the calculation processing of elliptic curve cryptography, so that the encryption processing time can be shortened. For example, Pentium (registered trademark) (800 MHz) is used as a CPU, and a prime number of 32 bits or less is adopted in consideration of a microcomputer. As an example, p = 2 ³⁰ +3, m = 5, p = 2 ²⁸ +3, m = 6 In the inverse element calculation requiring the most time, the OEF was 6.15 μs and 6.59 μs, respectively, but the method of the present invention was 4.84 μs and 5.47 μs. Improved by 20%.

  FIG. 1 is a schematic diagram of a cryptographic communication system to which the present invention is applied. Cryptographically processed communication is performed between any communication devices 2 to 5 coupled via a network 1. The communication devices 2 to 5 do not have to be dedicated communication devices, and can be a computer such as a personal computer having a communication function. The elliptic curve cryptographic processing device 6 shown only in the communication device 5 is similarly provided in each of the other communication devices 2 to 4 and performs encryption processing of message encryption and decryption by public key encryption. . The elliptic curve encryption processing device 6 has a multiplication device 7 for high-speed processing of multiplication and division accompanying encryption processing. The multiplication device 7 performs binary multiplication by the CVMA method according to an algorithm based on the extension field defined by the present invention. The multiplier 7 can be configured by a program or a dedicated hardware circuit.

  Next, a description will be given of a multiplication apparatus that calculates a binary multiplication A · B = C by the CVMA method. The multiplication algorithm in the CVMA method is as follows.

A = (a ₁ , a ₂ ,..., A _m )
B = (b ₁ , b ₂ ,..., B _m )
C = (c ₁ , c ₂ ,..., C _m )
As
c _k = q ₀ −q _k m ≧ k ≧ 1
In general, q _k is given by the following equation (4).

If m = 4,
A = (a ₁ , a ₂ , a ₃ , a ₄ )
B = (b ₁ , b ₂ , b ₃ , b ₄ )
C = A · B = (c ₁ , c ₂ , c ₃ , c ₄ )
And the multiplication algorithm is given by

q ₀ = (a ₁ −a ₄ ) (b ₁ −b ₄ ) + (a ₂ −a ₃ ) (b ₂ −b ₃ )
c ₁ = q ₀ − (a ₂ −a ₄ ) (b ₂ −b ₄ ) −a ₁ b ₁
c ₂ = q ₀ − (a ₃ −b ₄ ) (b ₃ −b ₄ ) −a ₂ b _{2
c 3 = q 0 - (a} 1 -a 2) (b 1 -b 2) -a 3 b 3
_{c 4 = q 0 - (a} 1 -a 3) (b 1 -b 3) -a 4 b 4
On the other hand, in the present invention, the following base is used.

(Β ₁ , β ₂ ) ≡ (ω ¹ , ω ² , ω ^-2 , ω ^-1 ) = (ω ¹ , ω ² , ω ³ , ω ⁴ )
When 2m = 4, the arbitrary element is expressed as follows using the basis of ω.
A = (a ₁ , a ₂ , a ₂ , a ₁ )
B = (b ₁ , b ₂ , b ₂ , b ₁ )
C = A · B = (c ₁ , c ₂ , c ₂ , c ₁ )
This gives the multiplication algorithm
q ₀ = (a ₁ −a ₁ ) (b ₁ −b ₁ ) + (a ₂ −a ₂ ) (b ₂ −b ₂ ) = 0
_{c 1 = - (a 2 -a} 1) (b 2 -b 1) -a 1 b 1
_{c 2 = - (a 2 -a} 1) (b 2 -b 1) -a 2 b 2
c ₂ = − (a ₁ −a ₂ ) (b ₁ −b ₂ ) −a ₂ b ₂
c ₁ = − (a ₁ −a ₂ ) (b ₁ −b ₂ ) −a ₁ b ₁
And q ₀ = 0, and [(a ₂ −a ₁ ) (b ₂ −b ₁ )] and [a ₁ b ₁ between the equations for obtaining c ₁ , c ₂ , c ₃ , and c _4. ], [A ₂ b ₂ ] and so on, a large number of common operation terms are born, so that the operation can be simplified.

FIG. 2 shows a configuration example of a simplified multiplication apparatus when a binary multiplication A · B = C by the CVMA method is calculated using the basis of the present invention. The binary input data A and B and the output data C of the multiplication result are indicated by 11, 12, and 13, respectively.
A = (a ₁ , a ₂ , a ₂ , a ₁ )
B = (b ₁ , b ₂ , b ₂ , b ₁ )
C = A · B = (c ₁ , c ₂ , c ₂ , c ₁ )

The multiplication device 14 is configured based on the simplified multiplication algorithm described above, and includes a c ₁ calculation unit 15, a c ₂ calculation unit 16, a c ₃ calculation unit 17 that calculates each element of c _{1 to} c ₄ . and c ₄ arithmetic unit 18, the combined output unit 19 of the calculation result is provided. In addition, a path is provided between the calculation units 15 to 18 of c _{1 to} c ₄ for sharing calculation results by other calculation units for common calculation items. For example, when the multiplication device 14 is configured by software, for example, assuming that the priority order of operations is determined in the order of c ₁ , c ₂ , c ₃ , c ₄ , the c ₁ operation unit 15 first has When the calculation items of (a ₂ −a ₁ ) (b ₂ −b ₁ ) and −a ₁ b ₁ are calculated, the respective calculation results are stored in the memory and can be read by other calculation units. Similarly, in other calculation units, when a calculation is performed on a common calculation item used for a lower calculation, the calculation result is stored in a memory and can be read by the other calculation unit. Further, when the multiplication device 14 is configured by a hardware circuit, a data transfer bus via a register is provided between the calculation units sharing the calculation items.

  Table 1 shows a comparison of the calculation amount between the conventional method and the method of the present invention. In particular, it can be seen that the number of addition operations is reduced.

It is a schematic diagram of a cryptographic communication system to which the present invention is applied. It is an Example block diagram of the multiplication apparatus simplified by the CVMA method using the basis of this invention.

Explanation of symbols

11: Input data A
12: Input data B
13: Output data C
14: multiplier 15: c ₁ arithmetic unit 16: c ₂ calculating unit 17: c ₃ calculation unit 18: c ₄ calculating unit 19: Synthesis Output unit

Claims (7)

A method for high-speed computation of elliptic curve cryptography having a characteristic p and a Galois extension GF (p ^m ) having an expansion degree m as a definition field,
The Galois extension field GF (p ^m ) used for elliptic curve cryptography is a prime number in the form of p = 2 ⁿ ± c (log ₂ c ≦ n / 2) where the characteristic p is n less than the word length. There is,
Also, the irreducible polynomial f (x) = ( ^{x2m +} 1-1) / (x-1) = ^x2m + ^x2m-1 + ... x + 1
, And the zero that is f (ω) = 0,
{Ω + ω ⁻¹ , ω ² + ω ⁻² ,..., Ω ^m + ω ^−m }
And 2m + 1 is a prime number,
A high-speed arithmetic processing method for elliptic curve cryptography characterized by the above.   2. The high-speed computation processing method for elliptic curve cryptography according to claim 1, wherein the expansion order m is an order of 2, 3, 5, 6, and the like. The elliptic curve cryptography high-speed calculation processing method according to claim 1, wherein the logarithmic value log ₂ p of the characteristic p is a prime number in the vicinity of a computer word length of 16, 32, 64, 128, or the like. Arbitrary binary of Galois extension field GF (p ^m ) A = a ₁ ω + a ₂ ω ² +... A _m ω ^m , a _i ∈GF (p)
B = b ₁ ω + b ₂ ω ² +... B _m ω ^m , b _i ∈GF (p)
The polynomial product A × B = a ₁ b ₁ ω ² + (a ₁ b ₂ + a ₂ b ₁ ) ω ³ +... + A _m b _m ω ^2m
= C ₂ ω ² + c ₃ ω ³ +... + C _2m ω ^2m
The high-speed arithmetic processing method for elliptic curve cryptography according to claim 1, wherein the calculation is performed by a CVMA method. A high-speed arithmetic processing device for elliptic curve cryptography having a characteristic p and a Galois extension field GF (p ^m ) having an expansion degree m as a definition field,
The Galois extension field GF (p ^m ) used for elliptic curve encryption processing has its characteristic p
a prime number of the form p = 2 ⁿ ± c (log ₂ c ≦ n / 2),
Also, the irreducible polynomial f (x) = ( ^{x2m +} 1-1) / (x-1) = ^x2m + ^x2m-1 + ... x + 1
, And the zero that is f (ω) = 0,
{Ω + ω ⁻¹ , ω ² + ω ⁻² ,..., Ω ^m + ω ^−m }
And 2m + 1 is a prime number,
A high-speed arithmetic processing apparatus for elliptic curve cryptography, comprising means for cryptographic processing using an elliptic curve defined by:   6. The high-speed arithmetic processing apparatus for elliptic curve cryptography according to claim 5, wherein the expansion order m is an order of 2, 3, 5, 6, and the like. The means for cryptographic processing is arbitrary binary of Galois extension field GF (p ^m ) A = a ₁ ω + a ₂ ω ² +... + A _m ω ^m , a _i ∈GF (p)
B = b ₁ ω + b ₂ ω ² +... + B _m ω ^m , b _i εGF (p)
The polynomial product A × B = a ₁ b ₁ ω ² + (a ₁ b ₂ + a ₂ b ₁ ) ω ³ +... + A _m b _m ω ^2m
= C ₂ ω ² + c ₃ ω ³ +... + C _2m ω ^2m
7. A high-speed arithmetic processing apparatus for elliptic curve cryptography according to claim 5 or 6, further comprising: a multiplication device that performs the above calculation by a CVMA method.

Images