Paper 2015/036

Faster software for fast endomorphisms

Billy Bob Brumley

Abstract

GLV curves (Gallant et al.) have performance advantages over standard elliptic curves, using half the number of point doublings for scalar multiplication. Despite their introduction in 2001, implementations of the GLV method have yet to permeate widespread software libraries. Furthermore, side-channel vulnerabilities, specifically cache-timing attacks, remain unpatched in the OpenSSL code base since the first attack in 2009 (Brumley and Hakala) even still after the most recent attack in 2014 (Benger et al.). This work reports on the integration of the GLV method in OpenSSL for curves from 160 to 256 bits, as well as deploying and evaluating two side-channel defenses. Performance gains are up to 51%, and with these improvements GLV curves are now the fastest elliptic curves in OpenSSL for these bit sizes.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
elliptic curve cryptographyGLV curvesside-channel analysistiming attackscache-timing attacksOpenSSL
Contact author(s)
billy brumley @ tut fi
History
2015-01-15: received
Short URL
https://ia.cr/2015/036
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/036,
      author = {Billy Bob Brumley},
      title = {Faster software for fast endomorphisms},
      howpublished = {Cryptology ePrint Archive, Paper 2015/036},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/036}},
      url = {https://eprint.iacr.org/2015/036}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.