Advanced Information Security 3 PROJECTIVE COORDINATES Dr. Turki F. Al-Somani 2015

Module Outlines 2  Why Projective Coordinates ?  Which Projective Coordinates ?  Homogeneous,  Jacobian,  Lopez-Dahab,  Mixed,  and Edwards coordinate systems  Summary

Why Projective Coordinates ? 3  The group operations in an affine coordinate system involve finite field inversion, which is a very costly operation, particularly over prime fields.  Projective coordinate systems are used to reduce the need for performing inversion to only 1.  Several projective coordinate systems have been proposed:  Homogeneous, Jacobian, Lopez-Dahab, Mixed and Edwards coordinate systems

Which Projective Coordinate ? 4  The selection of a projective coordinate is based on the number of arithmetic operations, mainly multiplications.  This is to be expected due to the sequential nature of these architectures where a single multiplier is used.  For high performance implementations, such sequential architectures are too slow to meet the demand of increasing number of operations.  One solution for meeting this requirement is to exploit the inherent parallelism within the elliptic curve point operations in projective coordinate

Homogeneous Coordinates 5  For the Homogeneous, so called projective, coordinate system, an elliptic curve point P takes the form (x, y) = (X/Z, Y/Z).  Let P 1, P 2 and P 3 be three different points on the elliptic curve over GF(p), where P 1 =(X 1, Y 1, Z 1 ), P 2 =(X 2, Y 2, Z 2 =1) and P 3 =(X 3, Y 3, Z 3 ).  Point addition with the Homogenous coordinate systems can be computed as: A=Y 2 Z 1, B=X 2 Z 1 − X 1, C=A 2 Z 1 − B 3 − 2B 2 X 1, X 3 =BC, Y 3 =A(B 2 X 1 − C) − B 3 Y 1, Z 3 =B 3 Z 1.

Homogeneous Coordinates (contd.) 6  Point doubling, on the other hand, can be computed as: A=aZ X 1 2, B=Y 1 Z 1, C=X 1 Y 1 B, D=A 2 − 8C, X 3 =2BD, Y 3 =A(4C − D) − 8Y 1 2 B 2, Z 3 =8B 3.

Jacobian Coordinates 7  For the Jacobian coordinate system, P takes the form (x, y) = (X/Z 2, Y/Z 3 ).  Point addition can be computed as: A=X 1, B=X 2 Z 1 2, C=Y 1, D=Y 2 Z 1 3, E=B − A, F=D − C, X 3 =F 2 –(E3+2AE2), Y3=F(AE 2 − X 3 ) − CE 3, Z 3 =Z 1 E.  Point doubling, on the other hand, can be computed as: A=4X 1 Y 1 2, B=3X 1 2 +aZ 1 4, X 3 =B 2 − 2A, Y 3 =B(A − X 3 ) − 8Y 1 4, Z 3 =2Y 1 Z 1.

Lopez-Dahab Coordinates 8  Lopez-Dahab coordinate system takes the form (x,y)=(X/Z,Y/Z 2 ).  Very efficient in GF(2 m )  Point addition can be computed as: A 0 =Y 1 2 Z 1 2, A 1 =Y 1 Z 2 2, B 0 =X 2 Z 1, B 1 =X 1 Z 2, C=A 0 +A 1, D=B 0 +B 1, E=Z 1 Z 2, F=DE, Z 3 =F 2, G=D 2 (F+aE 2 ), H=CF, X 3 =C 2 +H+G, I=D 2 B 0 E+X 3, J=D 2 A 0 +X 3, Y 3 =HI+Z 3 J.  Point doubling can be computed as: Z 3 =Z 1 2 X 1 2, X 3 =X 1 4 +bZ 1 4, Y 3 =bZ 1 4 Z 3 +X 3 (aZ 3 +Y 1 2 +bZ 1 4 )

Mixed Coordinates 9  The Mixed coordinate system adds two points where one is given in some coordinate system while the other in another coordinate system.  The coordinate system of the resulting point, may be in a third coordinate system

Mixed Coordinates (contd.) 10

Edwards Coordinates 11  Recently, Edwards showed that all elliptic curves over prime fields could be transformed to the shape: x 2 + y 2 = c 2 (1 + x 2 y 2 ), with (0, c) as neutral element and with the surprisingly simple and symmetric addition law of two points P 1 = (x 1, y 1 ) and P 2 = (x 2, y 2 ) as:

Edwards Coordinates (contd.) 12  To capture a larger class of elliptic curves over the original field, the notion of Edwards form have been modified to include all curves x 2 + y 2 = c 2 (1 + dx 2 y 2 ) where cd(1 − dc 4 ) ≠ 0.  Point addition with the Edwards coordinate systems can be computed as: B=Z 1 2 Z 1, C=X 1 X 2, D=Y 1 Y 2, E=G– (C+D), F=dCD, G=(X 1 +Y 1 )(X 2 +Y 2 ), X 3 =Z 1 E(B–F), Z 3 =(B–F)(B+F), Y 3 =Z 1 (D–C)(B+F).  Point doubling, on the other hand, can be computed as: A=X 1 +Y 1, B=A 2, C=X 1 2, D=Y 1 2, E=C+D, F=B–E, H=Z 1 2, I=2H, J=E–I, X 3 =FJ, Z 3 =EJ, Y 3 =E(C–D).

Inherent Parallelism (2006) 13

Inherent Parallelism (2006) 14

Inherent Parallelism (2006) 15

Inherent Parallelism (2010) 16

Inherent Parallelism (2010) 17

Inherent Parallelism (2010) 18

Inherent Parallelism (2013) 19

Inherent Parallelism (2013) 20

Summary 21  The projective coordinate systems are used to eliminate the need for performing inversion.  For elliptic curves, many different forms of formulas are found for point addition and doubling.  The selection of a specific projective coordinate systems depends on:  Time  Inherent parallelism.

THANKS & GOOD LUCK NEXT IS: 4 FIELD ARITHMETIC Dr. Turki F. Al-Somani 2015