Abstract
This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and state-of-the-art timing-attack protection), more than twice as fast as other authors’ results at the same conjectured security level (with or without the side benefits).
Chapter PDF
Similar content being viewed by others
Keywords
References
17th annual symposium on foundations of computer science. IEEE Computer Society, Long Beach (1976); MR 56:1766. See [52].
Alster, K., Urbanowicz, J., Williams, H.C. (eds.): Public-key cryptography and computational number theory: proceedings of the international conference held in Warsaw, September 11–15, 2000. Walter de Gruyter, Berlin (2001); ISBN 3–11–017046–9. MR 2002h:94001. See [60]
Antipa, A., Brown, D., Menezes, A., Struik, R., Vanstone, S.: Validation of elliptic curve public keys. In: [21], pp. 211–223 (2003); MR 2171928. Citations in this paper: §1
Avanzi, R.M.: Aspects of hyperelliptic curves over large prime fields in software implementations. In: [36], pp. 148–162 (2004); Citations in this paper: §1, §5
Avanzi, R.M.: Generic algorithms for computing discrete logarithms. In: [19], pp. 477–494 (2005); MR 2162735. Citations in this paper: §3, §3
Avanzi, R.M., Mihăilescu, P.: Generic efficient arithmetic algorithms for PAFFs (processor adequate finite fields) and related algebraic structures (extended abstract). In: [43], pp. 320–334 (2004); Citations in this paper: §4
Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14, 153–176 (2001); ISSN 0933–2790. Citations in this paper: §1, §4
Bellare, M. (ed.): CRYPTO 2000. LNCS, vol. 1880. Springer, Heidelberg (2000); ISBN 3–540–67907–3. MR 2002c:94002. See [14]
Bender, A., Castagnoli, G.: On the implementation of elliptic curve cryptosystems. In: [16], pp. 186–192 (1990); MR 91d:11154. Citations in this paper: §4
Bentahar, K.: The equivalence between the DHP and DLP for elliptic curves used in practical applications (revisited, 2005); Citations in this paper: §3, http://eprint.iacr.org/2005/307
Bernstein, D.J.: The Poly1305-AES message-authentication code. In: [32], pp. 32–49 (2005); ID 0018d9551b5 546d97c340e0dd8cb5750. Citations in this paper: §4, http://cr.yp.to/papers.html#poly1305
Bernstein, D.J.: Cache-timing attacks on AES (2005); ID cd9faae9bd5308c440df50fc26a517b4. Citations in this paper: §1, §4, http://cr.yp.to/papers.html#cachetiming
Bernstein, D.J.: Salsa20 specification (2005); Citations in this paper: §3, http://cr.yp.to/snuffle.html
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems (extended abstract). In: [8], pp. 131–146 (2000); Citations in this paper: §1, §3, http://lecturer.ukdw.ac.id/vmueller/publications.php
Boyd, C. (ed.): ASIACRYPT 2001. LNCS, vol. 2248. Springer, Heidelberg (2001); ISBN 3–540–42987–5. MR 2003d:94001. See [59]
Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990); ISBN 0–387–97317–6. MR 91b:94002. See [9]
Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields (2000); see also newer version [18]. Citations in this paper: §1, §5, http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-56.ps
Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: [49], pp. 250–265 (2001); see also older version [17]. MR 1907102
Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005); ISBN 1–58488–518–1. See [5], [24], [25], [30]
Desmedt, Y. (ed.): CRYPTO 1994. LNCS, vol. 839. Springer, Heidelberg (1994); See [44]
Desmedt, Y. (ed.): PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002); ISBN 3–540–00324–X. See [3]
Diem, C.: The GHS attack in odd characteristic. Journal of the Ramanujan Mathematical Society 18, 1–32 (2003); MR 2004a:14030. Citations in this paper: §4, http://www.math.uni-leipzig.de/~diem/preprints
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976); ISSN 0018–9448. MR 55:10141. Citations in this paper: §3, http://cr.yp.to/bib/entries.html#1976/diffie
Doche, C., Lange, T.: Arithmetic of elliptic curves. In: [19], pp. 267–302 (2005); MR 2162729. Citations in this paper: §A
Doche, C., Lange, T.: Arithmetic of special curves. In: [19], pp. 355–387 (2005); MR 2162731. Citations in this paper: §4
Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited (2003); see also newer version [27]. Citations in this paper: §1, http://www.cacr.math.uwaterloo.ca/techreports/2003/techreports2003.html
Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited. IEEE Transactions on Computers 53, 1047–1059 (2004); see also older version [26]. ISSN 0018–9340
Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Simka, M., Stahlke, C.: In: Workshop Record of SHARCS 2005, pp. 51–62 (2005); Citations in this paper: §3, §3, http://www.best.tuke.sk/simka/pub.html
Frey, G.: How to disguise an elliptic curve, Weil descent (1998); Citations in this paper: §4, http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html
Frey, G., Lange, T.: Transfer of discrete logarithms. In: [19], pp. 529–543 (2005); MR 2162738. Citations in this paper: §3
Robert, P., Gallant, R.J., Lambert, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [38], pp. 190–200 (2001); MR 2003h:14043. Citations in this paper: §5.
Gilbert, H., Handschuh, H. (eds.): FSE 2005. LNCS, vol. 3557. Springer, Heidelberg (2005); ISBN 3–540– 26541–4. See [11].
Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields (2000); Citations in this paper: §1, see also newer version [34], http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps
Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: [40], pp. 1–24 (2000); see also older version [33]
Hankerson, D., Menezes, A., Vanstone, S.: Guide to elliptic curve cryptography. Springer, New York (2004); ISBN 0–387–95273–X. MR 2054891. Citations in this paper: §4
Joye, M., Quisquater, J.-J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004); ISBN 3–540–22666–4. See [4]
Kaliski Jr., B.S. (ed.): CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997); ISBN 3–540–63384–7. MR 99a:94041. See [42]
Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001); ISBN 3–540–42456–3. MR 2003d:94002. See [31]
Koblitz, N., Menezes, A.J.: Another look at provable security (2004); Citations in this paper: §3, http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/provable.pdf
Ko̧c, Ç.K., Paar, C.: CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000); ISBN 3–540–42521–7. See [34]
Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithm for computing multiple discrete logarithms. In: [64], pp. 212–229 (2001); Citations in this paper: §3, http://www.distcomp.ethz.ch/publications.html
Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: [37], pp. 249–263 (1997); Citations in this paper: §3, §3, http://dasan.sejong.ac.kr/~chlim/english_pub.html
Matsui, M., Zuccherato, R.: SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004); ISBN 3–540–21370–8. See [6]
Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms. In: [20], pp. 271–281 (1994); Citations in this paper: §3, http://www.crypto.ethz.ch/~maurer/publications.html
Menezes, A.: Another look at HMQV (2005); Citations in this paper: §2, http://eprint.iacr.org/2005/205
Miller, V.S.: Use of elliptic curves in cryptography. In: [65], pp. 417–426 (1986); MR 88b:68040. Citations in this paper: §1
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987); ISSN 0025–5718. Citations in this paper: §5, http://cr.yp.to/bib/entries.html#1987/montgomery
Muzereau, A., Smart, N.P., Vercauteren, F.: The equivalence between the DHP and DLP for elliptic curves used in practical applications. LMS Journal of Computation and Mathematics 7, 50–72 (2004); Citations in this paper: §3, http://www.lms.ac.uk/jcm/7/lms2003-034/
Naccache, D. (ed.): CT-RSA 2001. LNCS, vol. 2020. Springer, Heidelberg (2001); ISBN 3– 540–41898–9. MR 2003a:94039. See [18]
Osvik, D.A., Shamir, A., Tromer, E.: Cache atacks and countermeasures: the case of AES, extended version (2005); Citations in this paper: §1, http://www.wisdom.weizmann.ac.il/~tromer/
Percival, C.: Cache missing for fun and profit (2005); Citations in this paper: §1, http://www.daemonology.net/hyperthreading-considered-harmful/
Pippenger, N.: On the evaluation of powers and related problems (preliminary version). In: [1], pp. 258–263 (1976); newer version split into [53] and [54]. MR 58:3682. Citations in this paper: §5, http://cr.yp.to/bib/entries.html#1976/pippenger
Pippenger, N.: The minimum number of edges in graphs with prescribed paths. Mathematical Systems Theory 12, 325–346 (1979); see also older version [52], ISSN 0025–5661. MR 81 e:05079, http://cr.yp.to/bib/entries.html#1979/pippenger
Pippenger, N.: On the evaluation of powers and monomials. SIAM Journal on Computing 9, 230–250 (1980); see also older version [52]. ISSN 0097–5397. MR 82c:10064, http://cr.yp.to/bib/entries.html#1980/pippenger
Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000); ISSN 0933–2790. Citations in this paper: §3
Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves (2003); Citations in this paper: §1, http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html
Smart, N.P.: A comparison of different finite fields for use in elliptic curve cryptosystems (2000); see also newer version [58], http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=1000458
Smart, N.P.: A comparison of different finite fields for elliptic curve cryptosystems. Computers and Mathematics with Applications 42, 91–100 (2001); see also older version [57]. MR 2002c:94033. Citations in this paper: §1
Stam, M., Lenstra, A.K.: Speeding up XTR. In: [15], pp. 125–143 (2001); MR 2003h:94049. Citations in this paper: §5
Teske, E.: Square-root algorithms for the discrete logarithm problem (a survey). In: [2], pp. 283–301 (2001); MR 2003c:11156. Citations in this paper: §3, http://www.cacr.math.uwaterloo.ca/~eteske/publications.html
Teske, E.: Computing discrete logarithms with the parallelized kangaroo method (2001); see also newer version [62]. Citations in this paper: §3, http://www.cacr.math.uwaterloo.ca/techreports/2001/tech_reports2001.html
Teske, E.: Computing discrete logarithms with the parallelized kangaroo method. Discrete Applied Mathematics 130, 61–82 (2003); see also older version [61]. MR 2004h:11112
van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999); ISSN 0933–2790. Citations in this paper: §3, http://members.rogers.com/paulv/papers/pubs.html
Vaudenay, S., Youssef, A.M. (eds.): SAC 2001. LNCS, vol. 2259. Springer, Heidelberg (2001); ISBN 3–540–43066–0. MR 2004k:94066. See [41]
Williams, H.C. (ed.): CRYPTO 1985. LNCS, vol. 218. Springer, Heidelberg (1986); ISBN 3–540–16463–4. See [46]
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernstein, D.J. (2006). Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11745853_14
Download citation
DOI: https://doi.org/10.1007/11745853_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33851-2
Online ISBN: 978-3-540-33852-9
eBook Packages: Computer ScienceComputer Science (R0)