University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Faster ECC over F2521-1

Granger, Robert and Scott, Michael (2015) Faster ECC over F2521-1 In: 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, 30 Mar - 01 Apr 2015, Gaithersburg, MD, USA.

Full text not available from this repository.


In this paper we present a new multiplication algorithm for residues modulo the Mersenne prime 2521 − 1. Using this approach, on an Intel Haswell Core i7-4770, constant-time variable-base scalar multiplication on NIST’s (and SECG’s) curve P-521 requires 1,108,000 cycles, while on the recently proposed Edwards curve E-521 it requires just 943,000 cycles. As a comparison, on the same architecture openSSL’s ECDH speed test for curve P-521 requires 1,319,000 cycles. Furthermore, our code was written entirely in C and so is robust across different platforms. The basic observation behind these speedups is that the form of the modulus allows one to multiply residues with as few word-by-word multiplications as is needed for squaring, while incurring very little overhead from extra additions, in contrast to the usual Karatsuba methods

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
Scott, Michael
Editors :
Katz, Jonathan
Date : 17 March 2015
DOI : 10.1007/978-3-662-46447-2_24
Copyright Disclaimer : © International Association for Cryptologic Research 2015
Uncontrolled Keywords : Elliptic curve cryptography; Performance; P-521; E-521; Edwards curves; Generalised repunit primes; Crandall numbers; Karatsuba
Depositing User : Clive Harris
Date Deposited : 07 Feb 2019 11:04
Last Modified : 08 Feb 2019 09:09

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800