International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: ECM using Edwards curves

Daniel J. Bernstein
Peter Birkner
Tanja Lange
Christiane Peters
Search ePrint
Search Google
Abstract: This paper introduces GMP-EECM, a fast implementation of the elliptic-curve method of factoring integers. GMP-EECM is based on, but faster than, the well-known GMP-ECM software. The main changes are as follows: (1) use Edwards curves instead of Montgomery curves; (2) use twisted inverted Edwards coordinates; (3) use signed-sliding-window addition chains; (4) batch primes to increase the window size; (5) choose curves with small parameters $a,d,X_1,Y_1,Z_1$; (6) choose curves with larger torsion.
  title={ECM using Edwards curves},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / factorization, ECM, elliptic-curve method, curve selection, Edwards coordinates, inverted Edwards coordinates, twisted Edwards curves},
  note={ 13898 received 9 Jan 2008, last revised 20 Jan 2008},
  author={Daniel J. Bernstein and Peter Birkner and Tanja Lange and Christiane Peters},