International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: On multi-exponentiation in cryptography

Roberto Maria Avanzi
Search ePrint
Search Google
Abstract: We describe and analyze new combinations of multi-exponentiation algorithms with representations of the exponents. We deal mainly but not exclusively with the case where the inversion of group elements is fast: These methods are most attractive with exponents in the range from 80 to 256 bits, and can also be used for computing single exponentiations in groups which admit an automorphism satisfying a monic equation of small degree over the integers. The choice of suitable exponent representations allows us to match or improve the running time of the best multi-exponentiation techniques in the aforementioned range, while keeping the memory requirements as small as possible. Hence some of the methods presented here are particularly attractive for deployment in memory constrained environments such as smart cards. By construction, such methods provide good resistance against side channel attacks. We also describe some applications of these algorithms.
  title={On multi-exponentiation in cryptography},
  booktitle={IACR Eprint archive},
  keywords={foundations / multi-exponentiation, algorithms, public-key cryptography, signatures, elliptic curve cryptosystems, hyperelliptic curve cryptosystems, trace zero varieties, XTR},
  note={ 11988 received 12 Oct 2002, last revised 28 Oct 2002},
  author={Roberto Maria Avanzi},