Inverted Edwards coordinates

D.J. Bernstein, T. Lange

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

38 Citations (Scopus)
132 Downloads (Pure)

Abstract

Edwards curves have attracted great interest for several reasons. When curve parameters are chosen properly, the addition formulas use only 10M¿+¿1S. The formulas are strongly unified, i.e., work without change for doublings; even better, they are complete, i.e., work without change for all inputs. Dedicated doubling formulas use only 3M¿+¿4S, and dedicated tripling formulas use only 9M¿+¿4S. This paper introduces inverted Edwards coordinates. Inverted Edwards coordinates (X 1:Y 1:Z 1) represent the affine point (Z 1/X 1,Z 1/Y 1) on an Edwards curve; for comparison, standard Edwards coordinates (X 1:Y 1:Z 1) represent the affine point (X 1/Z 1,Y 1/Z 1). This paper presents addition formulas for inverted Edwards coordinates using only 9M¿+¿1S. The formulas are not complete but still are strongly unified. Dedicated doubling formulas use only 3M¿+¿4S, and dedicated tripling formulas use only 9M¿+¿4S. Inverted Edwards coordinates thus save 1M for each addition, without slowing down doubling or tripling.
Original languageEnglish
Title of host publicationApplied Algebra, Algebraic Algorithms and Error-Correcting Codes (17th International Conference, AAECC-17, Bangalore, India, December 16-20, 2007. Proceedings)
EditorsS. Boztas, H. Lu
Place of PublicationBerlin
PublisherSpringer
Pages20-27
ISBN (Print)978-3-540-77223-1
DOIs
Publication statusPublished - 2007
Eventconference; AAECC 17, Bangalore, India; 2007-12-16; 2007-12-20 -
Duration: 16 Dec 200720 Dec 2007

Publication series

NameLecture Notes in Computer Science
Volume4851
ISSN (Print)0302-9743

Conference

Conferenceconference; AAECC 17, Bangalore, India; 2007-12-16; 2007-12-20
Period16/12/0720/12/07
OtherAAECC 17, Bangalore, India

Fingerprint

Dive into the research topics of 'Inverted Edwards coordinates'. Together they form a unique fingerprint.

Cite this