WO1999063426A1 - Accelerated cryptographic operations - Google Patents

Accelerated cryptographic operations Download PDF

Info

Publication number
WO1999063426A1
WO1999063426A1 PCT/CA1999/000466 CA9900466W WO9963426A1 WO 1999063426 A1 WO1999063426 A1 WO 1999063426A1 CA 9900466 W CA9900466 W CA 9900466W WO 9963426 A1 WO9963426 A1 WO 9963426A1
Authority
WO
WIPO (PCT)
Prior art keywords
mod
square root
exponents
elliptic curve
exponent
Prior art date
Application number
PCT/CA1999/000466
Other languages
French (fr)
Inventor
Robert J. Lambert
Original Assignee
Certicom Corp.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Certicom Corp. filed Critical Certicom Corp.
Priority to AU41251/99A priority Critical patent/AU4125199A/en
Publication of WO1999063426A1 publication Critical patent/WO1999063426A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/724Finite field arithmetic
    • G06F7/725Finite field arithmetic over elliptic curves

Definitions

  • This invention relates to a method and apparatus for accelerating arithmetic operations in a cryptographic system.
  • part of the data exchange between the corresponds includes elliptic curve points which are usually represented by two coordinates (x,y). These points are generally represented by large bit strings, however, it has been found that a point can be compressed (i.e., the entire y-coordinate does not have to be transmitted) and thus, transmitted more efficiently with reduced bandwidth. This is particularly important in wireless systems or where many sessions are performed.
  • Point compression is possible, because the elliptic curve is symmetrical about the x- axis, these elliptic curve points can be more compactly represented by the -coordinate along with a (one-bit) indication of the y-coordinate, which indicates on which side of the x-axis the point lies.
  • the -coordinate and the one-bit representing the v-coordinate is transmitted to a recipient which then utilizes the one-bit to reconstruct the appropriate y-coordinate corresponding to the x-coordinate.
  • the recipient In order to extract the ⁇ -coordinate however, the recipient has to perform a number of operations, one of these operations is a square root operation which heretofore is computationally intensive. By speeding up this operation, it is possible to accelerate the entire data communication operation. Thus, there is a need to provide an accelerated square root extraction scheme in order to facilitate a more efficient cryptographic system when utilizing compressed point transmission.
  • the least significant bit of y makes a suitable one-bit indication of the jy-coordinate of a specific point on the elliptic curve.
  • An advantage of the invention is to provide an efficient method for producing exponents all-ones in binary expansion, not requiring inversion.
  • a further advantage of the invention is a method for using such exponents to produce exponents deriving from sparse exponents, such as those that arise in performing square roots modulo certain primes having a sparse representation.
  • a still further embodiment of the invention provides a method, which uses such square root extraction to decompress compressed elliptic curve points defined on elliptic curves over primes over which such methods are applicable.
  • Figure 1 is a schematic diagram of a data communication system
  • FIG. 2 is a schematic diagram of an encryption module used with the communication system of Figure 1;
  • Figure 3 is a flowchart showing an accelerated square root extraction function used in the communication system of Figure 2.
  • a message is to be transferred from a transmitter 10 to a receiver 12, being the pair of correspondents, through a communication channel 14.
  • Each of the transmitters 10 and receiver 12 have a cryptographic processing unit or module 16 associated therewith. These modules implement encryption/decryption functions, key exchange protocols and other cryptographic operations.
  • the module 16 is shown schematically in Figure 2 and includes an arithmetic unit 20 to perform the cryptographic computations in the various schemes.
  • a memory 21 which contains the various system parameters, such as parameters of the elliptic curve, a base point P, that lies in the elliptic curve, a private key, and such like. These parameters are available to the CPU 22 and the arithmetic unit 20.
  • one of the correspondents provides as part of a cryptographic operation, a compressed elliptic curve point (x,y) to the other correspondent.
  • S a limited (or sparse) set of bit positions.
  • Our invention efficiently calculates such exponents when such a p is a sparsely represented prime.
  • the method of the present invention utilizes the following:
  • these exponents are in every case integers. If in addition, p is sparsely represented (typically in binary) then these exponents, either (p + l)/4 or ( ?+3)/8, are also typically represented by long strings of O's and long strings of 1 's interleaved with sporadic O's and 1 's. To compute these exponents, the method given above for computing all-one exponents is employed and the resulting pieces shifted (via squaring) and the components assembled with multiplication.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Complex Calculations (AREA)

Abstract

The present invention relates to a method and apparatus for decompressing elliptic curve points in cryptographic systems, wherein an elliptic curve point on an elliptic curve y2=f(x) is defined over a field F¿p? where p is either 3 mod 4 or 5 mod 8 and p is sparsely represented, the method comprising extracting a square root ∑f(x) including calculating exponents comprised of a success series of 1's in a binary expansion of the exponent and combining these exponents together with an appropriate number of squarings and multiplications to obtain a desired square root, the square root being a solution said curve.

Description

ACCELERATED CRYPTOGRAPHIC OPERATIONS
This invention relates to a method and apparatus for accelerating arithmetic operations in a cryptographic system.
BACKGROUND OF THE INVENTION
It is well known that to communicate data electronically between a pair of correspondents, typically, a pair of computer terminals or a personal card and a computer terminal. Widespread use is made of such communication in the banking environment in order to conduct transactions. Verification and encryption schemes are utilized to ensure secure data exchange between these correspondents. Generally, in smart card type applications, the card contains a low power processor and thus, it is desirable to optimize the computationally intensive operations in order to accelerate cryptographic operations, particularly, verification and encryption in these low power electronic cards, but efficient operation is generally useful.
In elliptic curve encryption systems, part of the data exchange between the corresponds includes elliptic curve points which are usually represented by two coordinates (x,y). These points are generally represented by large bit strings, however, it has been found that a point can be compressed (i.e., the entire y-coordinate does not have to be transmitted) and thus, transmitted more efficiently with reduced bandwidth. This is particularly important in wireless systems or where many sessions are performed.
Point compression is possible, because the elliptic curve is symmetrical about the x- axis, these elliptic curve points can be more compactly represented by the -coordinate along with a (one-bit) indication of the y-coordinate, which indicates on which side of the x-axis the point lies.
The -coordinate and the one-bit representing the v-coordinate is transmitted to a recipient which then utilizes the one-bit to reconstruct the appropriate y-coordinate corresponding to the x-coordinate. In order to extract the ^-coordinate however, the recipient has to perform a number of operations, one of these operations is a square root operation which heretofore is computationally intensive. By speeding up this operation, it is possible to accelerate the entire data communication operation. Thus, there is a need to provide an accelerated square root extraction scheme in order to facilitate a more efficient cryptographic system when utilizing compressed point transmission. To more clearly illustrate, elliptic curves defined over prime fields (that is modulo a prime) the curve representation is usually defined as y2 = f(x) , where f(x) is a cubic function of x. Thus, for a given x, there are (at most) two possible square roots giving a solution for y. \ϊy0 is such a solution to the square root, then - y0 = p -y0 mod p is another such solution. Since the prime over which the elliptic curve is defined will be odd for practical systems, one of yo and - y0 is odd. Thus the least significant bit of y makes a suitable one-bit indication of the jy-coordinate of a specific point on the elliptic curve. Given an x value on the elliptic curve and the least significant bit of y, a point is expanded into the standard ordered pair representation by solving the square root y2 = f(x) modp for the particular curve parameterization and typically, a square root yo is obtained. Once yo is known, y can be determined as either y0 or -yo =p -yo modp, selected according to the least significant bit of y specified in the compressed representation.
SUMMARY OF THE INVENTION
In accordance with this invention there is provided a method of decompressing elliptic curve points for use in a cryptographic system.
When elliptic curve points are represented in a compressed format, square root algorithms are required to decompress this format into the standard (x,y) representation useful for additional computation. For elliptic curves defined over prime fields, where the prime/? has a specific form and is also sparsely represented, the method of the subject invention efficiently extracts these square roots by a mechanism which efficiently calculates exponents comprised of successive ones in the binary expansion of the exponent, and combines these exponents together with the appropriate numbers of squarings and finally multiplication to obtain the desired square root.
In an embodiment of the invention particular advantages are obtained where/) is either 3 mod 4 or 5 mod 8.
An advantage of the invention is to provide an efficient method for producing exponents all-ones in binary expansion, not requiring inversion.
A further advantage of the invention is a method for using such exponents to produce exponents deriving from sparse exponents, such as those that arise in performing square roots modulo certain primes having a sparse representation. An embodiment of the invention further provides for a method for using such exponentiations to extract square roots modulo certain primes, without first testing if the given element has a square root, or in the case p = 3 (mod 5) which exponentiation will produce a square root.
A still further embodiment of the invention provides a method, which uses such square root extraction to decompress compressed elliptic curve points defined on elliptic curves over primes over which such methods are applicable.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features of the preferred embodiments of the invention will become more apparent in the following detailed description in which reference is made to the appended drawings wherein:
Figure 1 is a schematic diagram of a data communication system;
Figure 2 is a schematic diagram of an encryption module used with the communication system of Figure 1;
Figure 3 is a flowchart showing an accelerated square root extraction function used in the communication system of Figure 2.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring to Figure 1, a message is to be transferred from a transmitter 10 to a receiver 12, being the pair of correspondents, through a communication channel 14. Each of the transmitters 10 and receiver 12 have a cryptographic processing unit or module 16 associated therewith. These modules implement encryption/decryption functions, key exchange protocols and other cryptographic operations.
In a typical embodiment, the module 16 is shown schematically in Figure 2 and includes an arithmetic unit 20 to perform the cryptographic computations in the various schemes. A memory 21 which contains the various system parameters, such as parameters of the elliptic curve, a base point P, that lies in the elliptic curve, a private key, and such like. These parameters are available to the CPU 22 and the arithmetic unit 20. Referring back to Figure 1, one of the correspondents provides as part of a cryptographic operation, a compressed elliptic curve point (x,y) to the other correspondent. The recipient then has to extract the coordinate y, which satisfies the equation y2 =f(x) modp where y is the solution toy2 =f(x) then -y will also be a solution, as shown in Figure 3. For efficiency reasons, the primes p over which elliptic curve cryptosystems are defined can be chosen to have a sparse representation that is p = ΣieS ± 2' , for S a limited (or sparse) set of bit positions. For these types of primes it is desirable to provide an efficient mechanism for square root extraction, as may be applied to point decompression, as outlined above.
For roughly 3/4 of the primes, there exist known exponential formula for square root determination. These formula are the starting point for our invention.
If p = 3 mod 4, then the square root of a, if it exists, is given by
^ = a(p+]), modp) .
Similarly, if/? = 5 mod 8, then the square root of a, if it exists, is given by r _ J aip+i) (modp) if a ip-])l4 = 1 (mod/?) a ~ [2- (4α)(p+3)/8 (mod/?) if α('-')/4 = -1 (mod/?)
Other, more complicated expressions can be developed for some other primes, and the method of the present invention can be applied there as well.
Our invention efficiently calculates such exponents when such a p is a sparsely represented prime.
The method of the present invention utilizes the following:
To raise an element a to the exponent 2 -1, which in binary is an exponent consisting of k ones, one can use the standard square and multiply technique. From this point onward, we shall assume all operations are performed modulo p, the prime over which the elliptic curve is defined. In the square and multiply technique, an accumulator, A is set initially to a, a is the squared producing a2 and A is multiplied by this, which results in A being a . The a2 value is squared again and the result, a4, multiplied into A, producing a , and the process continued until a - 1 is obtained. This requires A: - 1 squares and multiplies.
Instead, our mechanism to compute a to the power of 2k-l, builds up this exponent from smaller exponents of all ones (in a binary representation of the exponent) as shown in Figure 3. To this end, write k itself in a binary representation, the bits of which are k0, k\,..., where ∑iki 2' and proceed with the following mechanism:
Set 5=1, =a, ι=l While k≠O do
If fc mod 2 = l then B = BA k = k/2
A = A2'A i = 2i
B now contains a2 ~l
It is also possible to compute this exponent (all ones in binary representation) by repeated squaring and one multiplication by the inverse of the element a, but this is not typically a preferred embodiment, since the inversion operation is typically an expensive (either in time, or components of a computing engine) operation.
If/? = 3 (mod 4) or/? = 5 (mod 8), then square roots can be efficiently extracted via certain exponentiations.
If/? = 3 (mod 4), then the square root of a, if it exists is given by [u~ = a(p+l)l4 (modp).
Similarly, if/? = 5 mod 8, then the square root of a, if it exists, is given by r- _ { aip+3)/& (mod/?) // «('-1)/4 = l (mod/?) α _ {2-1 (4α)("+3)'8 (mod/?) // α('-I) 4 = -l (mod/?)
Notice that these exponents are in every case integers. If in addition, p is sparsely represented (typically in binary) then these exponents, either (p + l)/4 or ( ?+3)/8, are also typically represented by long strings of O's and long strings of 1 's interleaved with sporadic O's and 1 's. To compute these exponents, the method given above for computing all-one exponents is employed and the resulting pieces shifted (via squaring) and the components assembled with multiplication.
It is intended, in a preferred embodiment, that the computation of a set of all-one exponents of different lengths k, be computed in a single loop like the one described above, where the exponents of k} each take from the current accumulator A value whatever portions are required for that particular k and each k} is divided by 2 on each loop iteration.
More precisely, let e be the exponent (/?+l)/4 or ( ?+3)/8, as appropriate for/?, then e can be represented as a sent of n runs of zeros of lengths z = [z0 , z, ,...z._, ] , interleaved with runs of ones of lengths u = [u0 ,ul ,...«„_, ] . This means that, from the least significant bit of e, there begins a run of zeros of length ZQ, followed by a run of ones of length u0,which are followed by the last run of ones of length u„.\. For example, if/? = 2' + 7 = 3 (mod 4), then
1 R e = (p+l)/4 =2 +2, which has runs of ones of lengths u = [1,1], and interleaving runs of zeros of lengths z = [1,156]. If instead/? = 2160 -231 + 128 + 15 - 3 (mod 4), then e = 2158 -229 +36 and z=[2,2,23] and u = [1,1,129].
Given an exponent e specified by a run length vectors z and u of length n, the following mechanism computes a
Set b = [b0,bl ,...,bn_i ] = [1,1,..., 1] a vector of length tt, =a, i=\ Z = z + u (component-wise)
/* Compute each run of ones: */ While any component of u is not 0 do For j from 0 to n - 1 do liuj mod 2 = 1, then bj = bjA mod p
Uj = Uj/2
A - A2 mod /? i = 21
*/Assemble the runs of ones:/*
5 = 1 For/' from n - 1 down to 0 do
B = Buj mod/?
Figure imgf000008_0001
B = B2 mod /? B now contains ae
Also, instead of testing before extraction if the element has a square root, and for the/? = 5 mod 8 case, which formula is useful, we propose that the exponent ( α(p+1)/ 4 or a{p+3)! & ) be computed directly, and checked for solution by squaring and testing the result against a. In the/? = 5 mod 8 case, 2"'4(',+3) /8 can also be precomputed and multiplied with the prospective square root, and the result tested in the event the first possibility aip+2) did not produce the correct result upon squaring. If these computations do not reproduce a, it can be concluded that the element a does not have a square root modulo the prime/?.
If/? = 2160 - 231-1, then/? =3 (mod 4), and then the appropriate exponent e = 2158 - 229. For specific primes/?, and therefore exponents e, less general mechanisms can be produced.
For example, a mechanism producing the square root of a, that is (mod/?), for p = 2160 - 231-1 can be described by:
b = a, i = 1 for/' from 1 to 7 do c = b for k from 1 to/' do c - c2 mod/? b = be mod p i = 2/ b = b2 mod/? b - ba mod /?
Figure imgf000009_0001
6 = ό2 mod/? if b2 mod /? = a then b contains v a
If p = 2192 - 264-l, then/? =3 (mod 4), and then the appropriate exponent e = 2m - 262 and a specific mechanism producing the square root of a is given by: b = a, i = l for/' from 1 to 7 do c = b for k from 1 to/' do c = c2 mod/? b = bcmodp i - 21
Figure imgf000009_0002
b = b2 mod/? if b2 mod/? = α then b contains Vα
If ? = 21 2 - 2 + 581, then/? = 5 (mod 8), and then the appropriate exponent e = 2189 - 264 + 73, C - 2~14(p+3)/8 and a specific mechanism producing the square root of α is given by: b = α z = l for i from 1 to 7 do c = b for/' from 1 to i do c = c2 mod/? b = be mod /? i — 2i for i from 1 to 54 do b = b2 mod/? b - b2 mod/? b - ba mod p b - b2 mod/? b = b2 mod/? 6 = 62 mod/? b = ba mod /? /3 = t?2 mod/? b = b2 mod/? b = £2 mod/? ό = άαmod/? if b2 mod/? = a then b contains sfa b = Cbmodp if 62 mod/? = a then b contains yα otherwise a has no square root.
Although the invention has been described with reference to certain specific embodiments, various modifications thereof will be apparent to those skilled in the art without departing from the spirit and scope of the invention as outlined in the claims appended hereto.

Claims

THE EMBODIMENTS OF THE INVENTION IN WHICH AN EXCLUSIVE PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A method for exponentiating a base value by an exponent in a cryptographic system, said method comprising the steps of:
(a) representing said exponent as a binary vector k0,kι,...,k,;
(b) partitioning said binary vector into runs of zero's and ones;
(c) determining for each runs of ones a respective run length;
(d) representing each said run length in binary;
(e) using said binary representation of said run length to determine which of said powers of said base to multiply into a result register;
(f) repeating said step (e) for each said run;
(g) composing each step (f) to obtain said exponentiated value in said result register.
2. A method as defined in claim 1, including using such exponents to produce exponents deriving from sparse exponents, such as those that arise in performing square roots modulo certain primes having a sparse representation.
3. A method as defined in claim 1, including using such exponentiations to extract square roots modulo certain primes, without first testing if the given element has a square root, or in the case p = 3 (mod 5) which exponentiation will produce a square root.
4. A method for decompressing a compressed elliptic curve point, said method comprising the steps of: using a square root extraction to decompress said compressed elliptic curve points defined on elliptic curves over primes.
PCT/CA1999/000466 1998-06-01 1999-06-01 Accelerated cryptographic operations WO1999063426A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU41251/99A AU4125199A (en) 1998-06-01 1999-06-01 Accelerated cryptographic operations

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CA2,239,372 1998-06-01
CA002239372A CA2239372A1 (en) 1998-06-01 1998-06-01 Accelerated cryptographic operations

Publications (1)

Publication Number Publication Date
WO1999063426A1 true WO1999063426A1 (en) 1999-12-09

Family

ID=4162507

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1999/000466 WO1999063426A1 (en) 1998-06-01 1999-06-01 Accelerated cryptographic operations

Country Status (3)

Country Link
AU (1) AU4125199A (en)
CA (1) CA2239372A1 (en)
WO (1) WO1999063426A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002236445A (en) * 2001-02-13 2002-08-23 Fujitsu Ltd Power remainder arithmetic method and reciprocal arithmetic method, and their device
EP2816465A1 (en) * 2013-06-18 2014-12-24 Certicom Corp. Method to calculate square roots for elliptic curve cryptography
US9148282B2 (en) 2013-06-18 2015-09-29 Certicom Corp. Method to calculate square roots for elliptic curve cryptography

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996004602A1 (en) * 1994-07-29 1996-02-15 Certicom Corp. Elliptic curve encryption systems

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996004602A1 (en) * 1994-07-29 1996-02-15 Certicom Corp. Elliptic curve encryption systems

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HUI L C K ET AL: "FAST SQUARE-AND-MULTIPLY EXPONENTIATION FOR RSA", ELECTRONICS LETTERS, vol. 30, no. 17, 18 August 1994 (1994-08-18), pages 1396/1397, XP000476024, ISSN: 0013-5194 *
MEIJER A R: "Cryptological applications of square roots in Z/sub pq/", PROCEEDINGS OF THE 1993 IEEE SOUTH AFRICAN SYMPOSIUM ON COMMUNICATIONS AND SIGNAL PROCESSING, 1993 IEEE SOUTH AFRICAN SYMPOSIUM ON COMMUNICATIONS AND SIGNAL PROCESSING, JAN SMUTS AIRPORT, SOUTH AFRICA, JUNE 1908, Feb. 1994, New York, NY, USA, IEEE, USA, pages 12 - 15, XP002115443, ISBN: 0-7803-1292-9 *
MENEZES A J ET AL: "HANDBOOK OF APPLIED CRYPTOGRAPHY", HANDBOOK OF APPLIED CRYPTOGRAPHY, MENEZES;A J; OORSCHOT VAN; P C; VANSTONE; S A, pages COMPLETE 83, XP000764820, ISBN: 0-8493-8523-7 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002236445A (en) * 2001-02-13 2002-08-23 Fujitsu Ltd Power remainder arithmetic method and reciprocal arithmetic method, and their device
JP4676071B2 (en) * 2001-02-13 2011-04-27 富士通株式会社 Power-residue calculation method, reciprocal calculation method and apparatus
EP2816465A1 (en) * 2013-06-18 2014-12-24 Certicom Corp. Method to calculate square roots for elliptic curve cryptography
US9148282B2 (en) 2013-06-18 2015-09-29 Certicom Corp. Method to calculate square roots for elliptic curve cryptography

Also Published As

Publication number Publication date
AU4125199A (en) 1999-12-20
CA2239372A1 (en) 1999-12-01

Similar Documents

Publication Publication Date Title
US7552329B2 (en) Masked digital signatures
Batina et al. Low-cost elliptic curve cryptography for wireless sensor networks
US6782100B1 (en) Accelerated finite field operations on an elliptic curve
US7602907B2 (en) Elliptic curve point multiplication
US7995752B2 (en) Method for accelerating cryptographic operations on elliptic curves
US7856101B2 (en) Method for elliptic curve scalar multiplication
US7472276B2 (en) Data card verification system
EP2395424B1 (en) Accelerated verification of digital signatures and public keys
US6252959B1 (en) Method and system for point multiplication in elliptic curve cryptosystem
US6611597B1 (en) Method and device for constructing elliptic curves
US7379546B2 (en) Method for XZ-elliptic curve cryptography
US20140281538A1 (en) Accelerated signature verification on an elliptic curve
EP0874307B1 (en) Accelerated finite field operations on an elliptic curve
US20030059043A1 (en) Elliptic curve signature verification method and apparatus and a storage medium for implementing the same
US8102998B2 (en) Method for elliptic curve scalar multiplication using parameterized projective coordinates
WO2009091746A1 (en) Representation change of a point on an elliptic curve
US20080273695A1 (en) Method for elliptic curve scalar multiplication using parameterized projective coordinates
EP0952697A2 (en) Elliptic curve encryption method and system
EP1445891A1 (en) Elliptic curve scalar multiple calculation method and device, and storage medium
WO1999063426A1 (en) Accelerated cryptographic operations
Xu et al. Efficient implementation of elliptic curve cryptosystems on an ARM7 with hardware accelerator
EP1066558B1 (en) Accelerated finite field operations on an elliptic curve
US8649508B2 (en) System and method for implementing elliptic curve scalar multiplication in cryptography
US20050021584A1 (en) Method and apparatus to perform squaring operation in finite field
Nabi et al. Implementation and performance analysis of elliptic curve digital signature algorithm

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 09726485

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase