Mathematics – Number Theory
Scientific paper
2011-10-05
Mathematics
Number Theory
Scientific paper
Efficient scalar multiplication in Abelian groups (which is an important operation in public key cryptography) can be performed using digital expansions. Apart from rational integer bases (double-and-add algorithm), imaginary quadratic integer bases are of interest for elliptic curve cryptography, because the Frobenius endomorphism fulfils a quadratic equation. One strategy for improving the efficiency is to increase the digit set (at the prize of additional precomputations). A common choice is the width\nbd-$w$ non-adjacent form (\wNAF): each block of $w$ consecutive digits contains at most one non-zero digit. Heuristically, this ensures a low weight, i.e.\ number of non-zero digits, which translates in few costly curve operations. This paper investigates the following question: Is the \wNAF{}-expansion optimal, where optimality means minimising the weight over all possible expansions with the same digit set? The main characterisation of optimality of \wNAF{}s can be formulated in the following more general setting: We consider an Abelian group together with an endomorphism (e.g., multiplication by a base element in a ring) and a finite digit set. We show that each group element has an optimal \wNAF{}-expansion if and only if this is the case for each sum of two expansions of weight 1. This leads both to an algorithmic criterion and to generic answers for various cases. Imaginary quadratic integers of trace at least 3 (in absolute value) have optimal \wNAF{}s for $w\ge 4$. The same holds for the special case of base $(\pm 3\pm\sqrt{-3})/2$ and $w\ge 2$, which corresponds to Koblitz curves in characteristic three. In the case of $\tau=\pm1\pm i$, optimality depends on the parity of $w$. Computational results for small trace are given.
Heuberger Clemens
Krenn Daniel
No associations
LandOfFree
Optimality of the Width-$w$ Non-adjacent Form: General Characterisation and the Case of Imaginary Quadratic Bases does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Optimality of the Width-$w$ Non-adjacent Form: General Characterisation and the Case of Imaginary Quadratic Bases, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Optimality of the Width-$w$ Non-adjacent Form: General Characterisation and the Case of Imaginary Quadratic Bases will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-325167