Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

Advertisement

Springer Nature Link
Log in

Curve25519: New Diffie-Hellman Speed Records

  • Conference paper

Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 3958))

Included in the following conference series:

Abstract

This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and state-of-the-art timing-attack protection), more than twice as fast as other authors’ results at the same conjectured security level (with or without the side benefits).

Similar content being viewed by others

Keywords

References

  1. 17th annual symposium on foundations of computer science. IEEE Computer Society, Long Beach (1976); MR 56:1766. See [52].

    Google Scholar 

  2. Alster, K., Urbanowicz, J., Williams, H.C. (eds.): Public-key cryptography and computational number theory: proceedings of the international conference held in Warsaw, September 11–15, 2000. Walter de Gruyter, Berlin (2001); ISBN 3–11–017046–9. MR 2002h:94001. See [60]

    MATH  Google Scholar 

  3. Antipa, A., Brown, D., Menezes, A., Struik, R., Vanstone, S.: Validation of elliptic curve public keys. In: [21], pp. 211–223 (2003); MR 2171928. Citations in this paper: §1

    Google Scholar 

  4. Avanzi, R.M.: Aspects of hyperelliptic curves over large prime fields in software implementations. In: [36], pp. 148–162 (2004); Citations in this paper: §1, §5

    Google Scholar 

  5. Avanzi, R.M.: Generic algorithms for computing discrete logarithms. In: [19], pp. 477–494 (2005); MR 2162735. Citations in this paper: §3, §3

    Google Scholar 

  6. Avanzi, R.M., Mihăilescu, P.: Generic efficient arithmetic algorithms for PAFFs (processor adequate finite fields) and related algebraic structures (extended abstract). In: [43], pp. 320–334 (2004); Citations in this paper: §4

    Google Scholar 

  7. Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14, 153–176 (2001); ISSN 0933–2790. Citations in this paper: §1, §4

    Article MathSciNet MATH  Google Scholar 

  8. Bellare, M. (ed.): CRYPTO 2000. LNCS, vol. 1880. Springer, Heidelberg (2000); ISBN 3–540–67907–3. MR 2002c:94002. See [14]

    MATH  Google Scholar 

  9. Bender, A., Castagnoli, G.: On the implementation of elliptic curve cryptosystems. In: [16], pp. 186–192 (1990); MR 91d:11154. Citations in this paper: §4

    Google Scholar 

  10. Bentahar, K.: The equivalence between the DHP and DLP for elliptic curves used in practical applications (revisited, 2005); Citations in this paper: §3,http://eprint.iacr.org/2005/307

  11. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: [32], pp. 32–49 (2005); ID 0018d9551b5 546d97c340e0dd8cb5750. Citations in this paper: §4,http://cr.yp.to/papers.html#poly1305

  12. Bernstein, D.J.: Cache-timing attacks on AES (2005); ID cd9faae9bd5308c440df50fc26a517b4. Citations in this paper: §1, §4,http://cr.yp.to/papers.html#cachetiming

  13. Bernstein, D.J.: Salsa20 specification (2005); Citations in this paper: §3,http://cr.yp.to/snuffle.html

  14. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems (extended abstract). In: [8], pp. 131–146 (2000); Citations in this paper: §1, §3,http://lecturer.ukdw.ac.id/vmueller/publications.php

  15. Boyd, C. (ed.): ASIACRYPT 2001. LNCS, vol. 2248. Springer, Heidelberg (2001); ISBN 3–540–42987–5. MR 2003d:94001. See [59]

    MATH  Google Scholar 

  16. Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990); ISBN 0–387–97317–6. MR 91b:94002. See [9]

    MATH  Google Scholar 

  17. Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields (2000); see also newer version [18]. Citations in this paper: §1, §5,http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-56.ps

  18. Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: [49], pp. 250–265 (2001); see also older version [17]. MR 1907102

    Google Scholar 

  19. Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005); ISBN 1–58488–518–1. See [5], [24], [25], [30]

    Google Scholar 

  20. Desmedt, Y. (ed.): CRYPTO 1994. LNCS, vol. 839. Springer, Heidelberg (1994); See [44]

    MATH  Google Scholar 

  21. Desmedt, Y. (ed.): PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002); ISBN 3–540–00324–X. See [3]

    MATH  Google Scholar 

  22. Diem, C.: The GHS attack in odd characteristic. Journal of the Ramanujan Mathematical Society 18, 1–32 (2003); MR 2004a:14030. Citations in this paper: §4,http://www.math.uni-leipzig.de/~diem/preprints

    MathSciNet MATH  Google Scholar 

  23. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976); ISSN 0018–9448. MR 55:10141. Citations in this paper: §3,http://cr.yp.to/bib/entries.html#1976/diffie

    Article MathSciNet MATH  Google Scholar 

  24. Doche, C., Lange, T.: Arithmetic of elliptic curves. In: [19], pp. 267–302 (2005); MR 2162729. Citations in this paper: §A

    Google Scholar 

  25. Doche, C., Lange, T.: Arithmetic of special curves. In: [19], pp. 355–387 (2005); MR 2162731. Citations in this paper: §4

    Google Scholar 

  26. Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited (2003); see also newer version [27]. Citations in this paper: §1,http://www.cacr.math.uwaterloo.ca/techreports/2003/techreports2003.html

  27. Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited. IEEE Transactions on Computers 53, 1047–1059 (2004); see also older version [26]. ISSN 0018–9340

    Article  Google Scholar 

  28. Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Simka, M., Stahlke, C.: In: Workshop Record of SHARCS 2005, pp. 51–62 (2005); Citations in this paper: §3, §3,http://www.best.tuke.sk/simka/pub.html

  29. Frey, G.: How to disguise an elliptic curve, Weil descent (1998); Citations in this paper: §4,http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html

  30. Frey, G., Lange, T.: Transfer of discrete logarithms. In: [19], pp. 529–543 (2005); MR 2162738. Citations in this paper: §3

    Google Scholar 

  31. Robert, P., Gallant, R.J., Lambert, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [38], pp. 190–200 (2001); MR 2003h:14043. Citations in this paper: §5.

    Google Scholar 

  32. Gilbert, H., Handschuh, H. (eds.): FSE 2005. LNCS, vol. 3557. Springer, Heidelberg (2005); ISBN 3–540– 26541–4. See [11].

    Google Scholar 

  33. Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields (2000); Citations in this paper: §1, see also newer version [34],http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps

  34. Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: [40], pp. 1–24 (2000); see also older version [33]

    Google Scholar 

  35. Hankerson, D., Menezes, A., Vanstone, S.: Guide to elliptic curve cryptography. Springer, New York (2004); ISBN 0–387–95273–X. MR 2054891. Citations in this paper: §4

    MATH  Google Scholar 

  36. Joye, M., Quisquater, J.-J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004); ISBN 3–540–22666–4. See [4]

    MATH  Google Scholar 

  37. Kaliski Jr., B.S. (ed.): CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997); ISBN 3–540–63384–7. MR 99a:94041. See [42]

    MATH  Google Scholar 

  38. Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001); ISBN 3–540–42456–3. MR 2003d:94002. See [31]

    MATH  Google Scholar 

  39. Koblitz, N., Menezes, A.J.: Another look at provable security (2004); Citations in this paper: §3,http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/provable.pdf

  40. Ko̧c, Ç.K., Paar, C.: CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000); ISBN 3–540–42521–7. See [34]

    Book  Google Scholar 

  41. Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithm for computing multiple discrete logarithms. In: [64], pp. 212–229 (2001); Citations in this paper: §3,http://www.distcomp.ethz.ch/publications.html

  42. Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: [37], pp. 249–263 (1997); Citations in this paper: §3, §3,http://dasan.sejong.ac.kr/~chlim/english_pub.html

  43. Matsui, M., Zuccherato, R.: SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004); ISBN 3–540–21370–8. See [6]

    Book MATH  Google Scholar 

  44. Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms. In: [20], pp. 271–281 (1994); Citations in this paper: §3,http://www.crypto.ethz.ch/~maurer/publications.html

  45. Menezes, A.: Another look at HMQV (2005); Citations in this paper: §2,http://eprint.iacr.org/2005/205

  46. Miller, V.S.: Use of elliptic curves in cryptography. In: [65], pp. 417–426 (1986); MR 88b:68040. Citations in this paper: §1

    Google Scholar 

  47. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987); ISSN 0025–5718. Citations in this paper: §5,http://cr.yp.to/bib/entries.html#1987/montgomery

    Article MathSciNet MATH  Google Scholar 

  48. Muzereau, A., Smart, N.P., Vercauteren, F.: The equivalence between the DHP and DLP for elliptic curves used in practical applications. LMS Journal of Computation and Mathematics 7, 50–72 (2004); Citations in this paper: §3,http://www.lms.ac.uk/jcm/7/lms2003-034/

    Article MathSciNet MATH  Google Scholar 

  49. Naccache, D. (ed.): CT-RSA 2001. LNCS, vol. 2020. Springer, Heidelberg (2001); ISBN 3– 540–41898–9. MR 2003a:94039. See [18]

    MATH  Google Scholar 

  50. Osvik, D.A., Shamir, A., Tromer, E.: Cache atacks and countermeasures: the case of AES, extended version (2005); Citations in this paper: §1,http://www.wisdom.weizmann.ac.il/~tromer/

  51. Percival, C.: Cache missing for fun and profit (2005); Citations in this paper: §1,http://www.daemonology.net/hyperthreading-considered-harmful/

  52. Pippenger, N.: On the evaluation of powers and related problems (preliminary version). In: [1], pp. 258–263 (1976); newer version split into [53] and [54]. MR 58:3682. Citations in this paper: §5,http://cr.yp.to/bib/entries.html#1976/pippenger

  53. Pippenger, N.: The minimum number of edges in graphs with prescribed paths. Mathematical Systems Theory 12, 325–346 (1979); see also older version [52], ISSN 0025–5661. MR 81 e:05079,http://cr.yp.to/bib/entries.html#1979/pippenger

    Article MathSciNet MATH  Google Scholar 

  54. Pippenger, N.: On the evaluation of powers and monomials. SIAM Journal on Computing 9, 230–250 (1980); see also older version [52]. ISSN 0097–5397. MR 82c:10064,http://cr.yp.to/bib/entries.html#1980/pippenger

    Article MathSciNet MATH  Google Scholar 

  55. Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000); ISSN 0933–2790. Citations in this paper: §3

    Article MathSciNet MATH  Google Scholar 

  56. Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves (2003); Citations in this paper: §1,http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html

  57. Smart, N.P.: A comparison of different finite fields for use in elliptic curve cryptosystems (2000); see also newer version [58],http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=1000458

  58. Smart, N.P.: A comparison of different finite fields for elliptic curve cryptosystems. Computers and Mathematics with Applications 42, 91–100 (2001); see also older version [57]. MR 2002c:94033. Citations in this paper: §1

    Article MathSciNet MATH  Google Scholar 

  59. Stam, M., Lenstra, A.K.: Speeding up XTR. In: [15], pp. 125–143 (2001); MR 2003h:94049. Citations in this paper: §5

    Google Scholar 

  60. Teske, E.: Square-root algorithms for the discrete logarithm problem (a survey). In: [2], pp. 283–301 (2001); MR 2003c:11156. Citations in this paper: §3,http://www.cacr.math.uwaterloo.ca/~eteske/publications.html

  61. Teske, E.: Computing discrete logarithms with the parallelized kangaroo method (2001); see also newer version [62]. Citations in this paper: §3,http://www.cacr.math.uwaterloo.ca/techreports/2001/tech_reports2001.html

  62. Teske, E.: Computing discrete logarithms with the parallelized kangaroo method. Discrete Applied Mathematics 130, 61–82 (2003); see also older version [61]. MR 2004h:11112

    Article MathSciNet MATH  Google Scholar 

  63. van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999); ISSN 0933–2790. Citations in this paper: §3,http://members.rogers.com/paulv/papers/pubs.html

    Article MathSciNet MATH  Google Scholar 

  64. Vaudenay, S., Youssef, A.M. (eds.): SAC 2001. LNCS, vol. 2259. Springer, Heidelberg (2001); ISBN 3–540–43066–0. MR 2004k:94066. See [41]

    MATH  Google Scholar 

  65. Williams, H.C. (ed.): CRYPTO 1985. LNCS, vol. 218. Springer, Heidelberg (1986); ISBN 3–540–16463–4. See [46]

    Google Scholar 

Download references

Authors
  1. Daniel J. Bernstein

Editor information

Editors and Affiliations

  1. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

  2. New York University, USA

    Yevgeniy Dodis

  3. Computer Science and Engineering, University of Connecticut, Storrs, CT, USA

    Aggelos Kiayias

  4. Dept. of Computer Science, Columbia University, USA

    Tal Malkin

Rights and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernstein, D.J. (2006). Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11745853_14

Download citation

Publish with us

[8]ページ先頭
©2009-2025 Movatter.jp