20070609, 18:01  #1 
Sep 2002
Vienna, Austria
3·73 Posts 
New coordinate system for elliptic curves
In http://cr.yp.to/newelliptic/newelliptic20070522.pdf
Bernstein and Lange described a new elliptic curve coordinte system which costs 3M+4S per doubling and 11M+1S per multiplication. I wonder if this could be faster than Montgomery coordinate and additionsubtraction chains that is currently used in GMPECM. 
20070609, 18:15  #2 
"Nancy"
Aug 2002
Alexandria
2,467 Posts 
Thanks for this link. We've been toying with the idea of using a sliding window multiplication with Weierstraß coordinates before. These new parameters seem like they could help speed that up, specifically they need no inversions which means we could do one curve at a time and choose a larger window size with a given amount of memory. I can't say anything about whether that will actually be faster than Montgomery's curves with PRAC, but it sounds very worthwhile to look into.
Alex 
20070610, 22:57  #3 
P90 years forever!
Aug 2002
Yeehaw, FL
17136_{8} Posts 
On another note, have there been any improvements to PRAC in the last decade?
I doubt it, but I'll ask: Have there have been any improvements to ell_dbl and ell_add which are 10 and 12 transforms in prime95. 
20070611, 14:16  #4 
May 2003
7×13×17 Posts 
Here is another interesting paper on elliptic curves.
http://www.ams.org/bull/20074403/S...536/home.html 
20070718, 00:12  #5  
2×1,861 Posts 
New version of paper available
Dan and I just posted an updated version at
http://www.hyperelliptic.org/tanja/newelliptic/ and http://cr.yp.to/newelliptic/ We discuss single and multiscalar multiplication and show that for window widths >= 4 and general basepoint Edwards curves are faster than Montgomery curves with general basepoint. We're now looking into applications outside ECC including ECM and ECPP. Quote:


20070718, 13:18  #6  
Nov 2003
1110100100100_{2} Posts 
Quote:
Is anything known about preselecting the Edwards curve parameters so that the Torsion subgroup has a specified order? The Montgomery parameterization allows us (as you know) to find curves whose order is divisible by 12 (or 16 half the time and 8 half the time). This gives an extra digit "for free" in the factor being sought. If Edwards curves can not be thusly parameterized, it may negate their advantage of fewer multiplications. 

Thread Tools  
Similar Threads  
Thread  Thread Starter  Forum  Replies  Last Post 
Testing Mersenne Primes with Elliptic Curves  a nicol  Math  3  20171115 20:23 
Elliptic curve arithmetic  burrobert  GMPECM  6  20121108 13:05 
Need help with elliptic curves...  WraithX  Math  12  20100929 09:34 
Elliptic Curve Arithmetic  Raman  Math  8  20090413 19:20 
Elliptic curves in NFS  otkachalka  Factoring  5  20051120 12:22 