Efficient elliptic curve Diffie-Hellman computation at the 256-bit security level

扫码查看

原文链接

NETL
NSTL
Inst Engineering Technology-Iet

外文摘要：In this study, the authors introduce new Montgomery and Edwards form elliptic curves targeted at the 256-bit security level. To this end, they work with three primes, namely p(1) := 2(506) - 45, p(2) := 2(510) - 75 and p(3) := 2(521) - 1. While p(3) has been considered earlier in the literature, p(1) and p(2) are new. They define a pair of birationally equivalent Montgomery and Edwards form curves over all the three primes. Efficient 64-bit assembly implementations targeted at Skylake and later generation Intel processors have been made for the shared secret computation phase of the Diffie-Hellman key agreement protocol for the new Montgomery curves. Curve448 of the Transport Layer Security, Version 1.3 is a Montgomery curve which provides security at the 224-bit security level. Compared to the best publicly available 64-bit implementation of Curve448, the new Montgomery curve over p(1) leads to a 3-4% slowdown and the new Montgomery curve over p(2) leads to a 4.5-5% slowdown; on the other hand, 29 and 30.5 extra bits of security, respectively, are gained. For designers aiming for the 256-bit security level, the new curves over p(1) and p(2) provide an acceptable trade-off between security and efficiency.

外文关键词：

cryptographycryptographic protocolspublic key cryptographytelecommunication securityefficient elliptic curve Diffie-Hellman computation256-bit security levelefficient 64-bit assembly implementationsDiffie-Hellman key agreement protocolMontgomery curve224-bit security level64-bit implementation

作者：

Nath, Kaushik、Sarkar, Palash

展开 >

作者单位：

Indian Stat Inst, Appl Stat Unit, 203 BT Rd, Kolkata, India

出版年：

2020

DOI：

10.1049/iet-ifs.2019.0620

IET information security

ISSN：1751-8709

年,卷(期)：2020.14(6)

被引量2
参考文献量25