Curve41417: Karatsuba revisited

D.J. Bernstein, C. Chuengsatiansup, T. Lange

Research output: Book/ReportReportAcademic

22 Citations (Scopus)
396 Downloads (Pure)


This paper introduces constant-time ARM Cortex-A8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2^200 using a prime above 2^400. For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80. The new speeds are achieved in a quite different way from typical prime-field ECC software: they rely on a synergy between Karatsuba's method and choices of radix smaller than the CPU word size.
Original languageEnglish
Number of pages19
Publication statusPublished - 2014

Publication series

NameCryptology ePrint Archive


Dive into the research topics of 'Curve41417: Karatsuba revisited'. Together they form a unique fingerprint.

Cite this