Optimality of the Width-ww Non-adjacent Form: General Characterisation and the Case of Imaginary Quadratic Bases

Efficient scalar multiplication in Abelian groups (which is an important operation in public key cryptography) can be performed using digital expansions. Apart from rational integer bases (double-and-add algorithm), imaginary quadratic integer bases are of interest for elliptic curve cryptography, because the Frobenius endomorphism fulfils a quadratic equation. One strategy for improving the efficiency is to increase the digit set (at the prize of additional precomputations). A common choice is the width\nbd-$w$ non-adjacent form (\wNAF): each block of $w$ consecutive digits contains at most one non-zero digit. Heuristically, this ensures a low weight, i.e.\ number of non-zero digits, which translates in few costly curve operations. This paper investigates the following question: Is the \wNAF{}-expansion optimal, where optimality means minimising the weight over all possible expansions with the same digit set? The main characterisation of optimality of \wNAF{}s can be formulated in the following more general setting: We consider an Abelian group together with an endomorphism (e.g., multiplication by a base element in a ring) and a finite digit set. We show that each group element has an optimal \wNAF{}-expansion if and only if this is the case for each sum of two expansions of weight 1. This leads both to an algorithmic criterion and to generic answers for various cases. Imaginary quadratic integers of trace at least 3 (in absolute value) have optimal \wNAF{}s for $w\ge 4$. The same holds for the special case of base $(\pm 3\pm\sqrt{-3})/2$ and $w\ge 2$, which corresponds to Koblitz curves in characteristic three. In the case of $\tau=\pm1\pm i$, optimality depends on the parity of $w$. Computational results for small trace are given

Group ring elements with large spectral density

Given an arbitrary d>0 we construct a group G and a group ring element S in Z[G] such that the spectral measure mu of S has the property that mu((0,eps)) > C/|log(eps)|^(1+d) for small eps. In particular the Novikov-Shubin invariant of any such S is 0. The constructed examples show that the best known upper bounds on mu((0,eps)) are not far from being optimal.Comment: 19 pages, v3: Changes suggested by a referee; Essentially this is the version published in Math. An

Panphasia: a user guide

We make a very large realisation of a Gaussian white noise field, called PANPHASIA, public by releasing software that computes this field. Panphasia is designed specifically for setting up Gaussian initial conditions for cosmological simulations and resimulations of structure formation. We make available both software to compute the field itself and codes to illustrate applications including a modified version of a public serial initial conditions generator. We document the software and present the results of a few basic tests of the field. The properties and method of construction of Panphasia are described in full in a companion paper Jenkins 2013.Comment: 11 pages, 2 figures. Software to calculate Panphasia is available from: http://icc.dur.ac.uk/Panphasia.ph