Information Processing Letters 116 (2016) 41–46
Contents lists available at ScienceDirect
Information Processing Letters
www.elsevier.com/locate/ipl
Some techniques for faster scalar multiplication on GLS
curves
✩
Zhi Hu
a,b,∗
, Guoliang Zhang
c
, Maozhi Xu
c
a
School of Mathematics and Statistics, Central South University, Changsha, 410083 Hunan, PR China
b
BICMR, Peking University, Beijing 100871, PR China
c
LMAM, School of Mathematical Sciences, Peking University, Beijing, 100871, PR China
a r t i c l e i n f o a b s t r a c t
Article history:
Received
3 November 2014
Accepted
2 September 2015
Available
online 8 September 2015
Communicated
by S.M. Yiu
Keywords:
Cryptography
Elliptic
curve
Hyperelliptic
curve
Scalar
multiplication algorithm
GLV
method
Galbraith, Lin and Scott (EUROCRYPT 2009) [8] constructed a class of elliptic curves
over F
p
2
(a.k.a GLS curves) on which the Gallant–Lambert–Vanstone (GLV) method can
be employed for fast scalar multiplication. In this work we give an alternative way to
implement the quadratic extension field arithmetic for GLS curves, and exploit some
explicit decomposition to support 4dimensional GLV method on GLS curves with special
complex multiplication (CM). Such techniques usually bring more computational benefits
compared
with previous methods. Specially, we give a fair comparison between the cost
of 4GLV based scalar multiplication on GLS curve with CM discriminant −8and that on
the Jacobian of its isogenous FKT genus 2curve. Our implementations indicate that scalar
multiplication on the Jacobian of hyperelliptic curve in Scholten model has competitive
efficiency with that on its isogenous GLS curve in twisted Edwards model.
© 2015 Elsevier B.V. All rights reserved.
1. Introduction
The primary operations in curve based cryptography
are scalar multiplications. Plenty of techniques that facil-
itate
fast scalar multiplications have been exploited. The
Gallant–Lambert–Vanstone (a.k.a. GLV) method [7] is such
an approach that speeds up scalar multiplications on cer-
tain
classes of curves with efficiently computable endo-
morphisms,
and has been implemented in several works.
The original GLV method [7] works on elliptic curves over
F
p
with special complex multiplication (a.k.a CM). Park,
Jeong and Lim [14] extended this approach to hyperel-
liptic
curves equipped with efficient endomorphisms. Bos,
Costello, Hisil and Lauter [3,4] realized fast genus 2curves
✩
Supported by the Natural Science Foundation of China (Grants
No. 61272499 & No. 10990011).
*
Corresponding author at: School of Mathematics and Statistics, Central
South University, Changsha, 410083 Hunan, PR China.
E-mail
address: huzhi@math.pku.edu.cn (Z. Hu).
based cryptography, while 4 and 8 dimensional GLV meth-
ods
were studied.
Galbraith,
Lin and Scott [8] constructed a new class
of “GLV friendly” curves over F
p
2
(a.k.a GLS curves) by
basically exploiting the action of the Frobenius map and
twist map, and it is expected that GLV method could also
be achieved on genus 1or 2GLS curves over extension
fields. Galbraith et al. implemented 2 dimensional GLV
method on GLS curves in twisted Edwards model. Longa
and Sica [13] combined the GLV method and GLS method
together, and implemented 4 dimensional GLV method on
GLS curves in twisted Edwards model with special CM, im-
proving
the performance even further.
In
this work we exploit some new techniques for fast
scalar multiplication on some GLS curves, and hope such
techniques would serve as an inspiration to further study
on related “GLV friendly” curves. The main contribution of
this work includes
• We show how to efficiently implement the arith-
metic
on quadratic extension field F
p
[ω]/(ω
2
+ω +1),
http://dx.doi.org/10.1016/j.ipl.2015.09.001
0020-0190/
© 2015 Elsevier B.V. All rights reserved.