Overview of method used to digitally encrypt data
Elliptic curve cryptography is a popular form of public key encryption that is based on the mathematical theory of elliptic curves. Points on an elliptic curve can be added and form a group under this addition operation. This article describes the computational costs for this group addition and certain related operations that are used in elliptic curve cryptography algorithms.
Abbreviations for the operations
The next section presents a table of all the time-costs of some of the possible operations in elliptic curves. The columns of the table are labelled by various computational operations. The rows of the table are for different models of elliptic curves. These are the operations considered:
DBL – Doubling
ADD – Addition
mADD – Mixed addition: addition of an input that has been scaled to have Z-coordinate 1.
mDBL – Mixed doubling: doubling of an input that has been scaled to have Z-coordinate 1.
TPL – Tripling.
DBL+ADD – Combined double-and-add step
To see how adding (ADD) and doubling (DBL) points on elliptic curves are defined, see The group law. The importance of doubling to speed scalar multiplication is discussed after the table. For information about other possible operations on elliptic curves see http://hyperelliptic.org/EFD/g1p/index.html.
Tabulation
Under different assumptions on the multiplication, addition, inversion for the elements in some fixed field, the time-cost of these operations varies. In this table it is assumed that:
- I = 100M, S = 1M, ×param = 0M, add = 0M, ×const = 0M
This means that 100 multiplications (M) are required to invert (I) an element; one multiplication is required to compute the square (S) of an element; no multiplication is needed to multiply an element by a parameter (×param), by a constant (×const), or to add two elements.
For more information about other results obtained with different assumptions, see http://hyperelliptic.org/EFD/g1p/index.html
Importance of doubling
In some applications of elliptic curve cryptography and the elliptic curve method of factorization (ECM) it is necessary to consider the scalar multiplication [n]P. One way to do this is to compute successively:
But it is faster to use double-and-add method; for example, [5]P = [2]([2]P) + P. In general, to compute [k]P, write
with ki ∈ {0,1} and ℓ = ⌊log2 k⌋ and kℓ = 1, then:
This simple algorithm takes at most 2ℓ steps, and each step consists of a doubling and (if ki ≠ 0) adding two points. So, this is one of the reasons why addition and doubling formulas are defined. Furthermore, this method is applicable to any group and if the group law is written multiplicatively; the double-and-add algorithm is then called square-and-multiply algorithm.
References