Generalised Mersenne Numbers Revisited

Generalised Mersenne Numbers (GMNs) were defined by Solinas in 1999 and feature in the NIST (FIPS 186-2) and SECG standards for use in elliptic curve cryptography. Their form is such that modular reduction is extremely efficient, thus making them an attractive choice for modular multiplication implementation. However, the issue of residue multiplication efficiency seems to have been overlooked. Asymptotically, using a cyclic rather than a linear convolution, residue multiplication modulo a Mersenne number is twice as fast as integer multiplication; this property does not hold for prime GMNs, unless they are of Mersenne's form. In this work we exploit an alternative generalisation of Mersenne numbers for which an analogue of the above property --- and hence the same efficiency ratio --- holds, even at bitlengths for which schoolbook multiplication is optimal, while also maintaining very efficient reduction. Moreover, our proposed primes are abundant at any bitlength, whereas GMNs are extremely rare. Our multiplication and reduction algorithms can also be easily parallelised, making our arithmetic particularly suitable for hardware implementation. Furthermore, the field representation we propose also naturally protects against side-channel attacks, including timing attacks, simple power analysis and differential power analysis, which is essential in many cryptographic scenarios, in constrast to GMNs.Comment: 32 pages. Accepted to Mathematics of Computatio

Fast implementation of Curve25519 using AVX2

AVX2 is the newest instruction set on the Intel Haswell processor that provides simultaneous execution of operations over vectors of 256 bits. This work presents the advances on the applicability of AVX2 on the development of an efficient software implementation of the elliptic curve Diffie-Hellman protocol using the Curve25519 elliptic curve. Also, we will discuss some advantages that vector instructions offer as an alternative method to accelerate prime field and elliptic curve arithmetic. The performance of our implementation shows a slight improvement against the fastest state-of-the-art implementations.AVX2 is the newest instruction set on the Intel Haswell processor that provides simultaneous execution of operations over vectors of 256 bits. This work presents the advances on the applicability of AVX2 on the development of an efficient software impleme9230329345FAPESP - FUNDAÇÃO DE AMPARO À PESQUISA DO ESTADO DE SÃO PAULOSEM INFOMAÇÃO4th International Conference on Cryptology and Information Security in Latin AmericaThe authors would like to thank the anonymous reviewers for their helpful suggestions and comments. Additionally, they would like to show their gratitude to J´er´emie Detrey for his valuable comments on an earlier version of the manuscrip

Multiprecision Multiplication on ARMv8

Peer reviewe

Optimised squaring of long integers using precomputed partial products

©2001 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.This paper considers the combination of two familiar, but hitherto incompatible, arithmetic techniques: optimised squaring and precomputing partial products. Optimised squaring reduces the total accumulation effort required for squaring when compared with multiplication, by removing repeated digit products from the accumulation tree. Iterative implementations of integer multiplication, in which each partial product is evaluated and accumulated in turn, can often be accelerated by precomputing the set of partial products and accumulating these as required. Iterative implementations of optimised squaring cannot benefit from the same straightforward technique. In this paper a new algorithm for optimised squaring is developed which reconciles the these two techniques and which is an improvement over squaring by multiplication for some platforms. The result is of significance for the implementation of public key cryptography on smart cards or other small footprint devices