Curve41417: Karatsuba revisited

D.J. Bernstein, C. Chuengsatiansup, T. Lange

Research output: Book/ReportReportAcademic

16 Citations (Scopus)
347 Downloads (Pure)


This paper introduces constant-time ARM Cortex-A8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2^200 using a prime above 2^400. For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80. The new speeds are achieved in a quite different way from typical prime-field ECC software: they rely on a synergy between Karatsuba's method and choices of radix smaller than the CPU word size.
Original languageEnglish
Number of pages19
Publication statusPublished - 2014

Publication series

NameCryptology ePrint Archive

Fingerprint Dive into the research topics of 'Curve41417: Karatsuba revisited'. Together they form a unique fingerprint.

  • Cite this

    Bernstein, D. J., Chuengsatiansup, C., & Lange, T. (2014). Curve41417: Karatsuba revisited. (Cryptology ePrint Archive; Vol. 2014/526). IACR.