Batch Binary Edwards

D.J. Bernstein

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    87 Citations (Scopus)


    This paper sets new software speed records for high-security Diffie-Hellman computations, specifically 251-bit elliptic-curve variablebase-point scalar multiplication. In one second of computation on a $200 Core 2 Quad Q6600 CPU, this paper’s software performs 30000 251-bit scalar multiplications on the binary Edwards curve d(x+x2 +y +y2) = (x + x2)(y + y2) over the field F2[t]/(t251 + t7 + t4 + t2 + 1) where d = t57 + t54 + t44 + 1. The paper’s field-arithmetic techniques can be applied in much more generality but have a particularly efficient interaction with the completeness of addition formulas for binary Edwards curves.
    Original languageEnglish
    Title of host publicationAdvances in Cryptology - CRYPTO 2009 (29th Annual International Cryptology ConferenceSanta Barbara CA, USA, August 16-20, 2009. Proceedings)
    EditorsS. Halevi
    Place of PublicationBerlin
    ISBN (Print)978-3-642-03355-1
    Publication statusPublished - 2009

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)0302-9743


    Dive into the research topics of 'Batch Binary Edwards'. Together they form a unique fingerprint.

    Cite this