Efficient arithmetic on subfield elliptic curves over small finite fields of odd characteristic

摘要

In elliptic curve cryptosystems, scalar multiplications performed on the curves have much effect on the efficiency of the schemes, and many efficient methods have been proposed. In particular, recoding methods of the scalars play an important role in the performance of the algorithm used. For integer radices, the non-adjacent form (NAF) and its generalizations (e.g., the generalized non-adjacent form (GNAF) and the radix-r nonadjacent form (rNAF)) have been proposed for minimizing the non-zero densities in the representations of the scalars. On the other hand, for subfield elliptic curves, the Frobenius expansions of the scalars can be used for improving efficiency. Unfortunately, there are only a few methods apply the techniques of NAF or its analogue to the Frobenius expansion,namely r-adic NAF techniques on Koblitz curves and hyperelliptic Koblitz curves.In this paper, we try to combine these techniques, namely recoding methods for reducing non-zero density and the Frobenius expansion, and propose two new efficient recoding methods of scalars on more general family of subfield elliptic curves in odd characteristic.We also prove that the non-zero densities for the new methods are same as those for the original GNAF and rNAF. We estimate scalar multiplication costs on the above subfield elliptic curves in terms of elliptic curve operations and finite field operations for several previous methods and the proposed methods. In addition, we implement scalar multiplication on an subfield elliptic curve belonging to the above family, for the previous methods and a proposed method. As a result, our estimation and implementation show that the speed of the proposed methods improve between 8% and 50% over that for the Frobenius expansion method.