Fast, uniform, and compact scalar multiplication for elliptic curves and genus 2 Jacobians with applications to signature schemes
This work addresses performance and uniformity in cryptographic operations for discrete logarithm-based systems, such as signature schemes, though it is incremental as it builds on existing methods.
The paper tackles the problem of efficient scalar multiplication for elliptic curves and genus 2 Jacobians by developing a framework that projects to faster pseudomultiplication on the x-line or Kummer surface and recovers the output, extending prior work to genus 2 and two-dimensional scalar multiplication. The result enables competitive full scalar multiplication algorithms for use in cryptosystems like signature schemes, with genus 2 Kummer surfaces potentially outperforming elliptic curve systems.
We give a general framework for uniform, constant-time one-and two-dimensional scalar multiplication algorithms for elliptic curves and Jacobians of genus 2 curves that operate by projecting to the x-line or Kummer surface, where we can exploit faster and more uniform pseudomultiplication, before recovering the proper "signed" output back on the curve or Jacobian. This extends the work of L{ó}pez and Dahab, Okeya and Sakurai, and Brier and Joye to genus 2, and also to two-dimensional scalar multiplication. Our results show that many existing fast pseudomultiplication implementations (hitherto limited to applications in Diffie--Hellman key exchange) can be wrapped with simple and efficient pre-and post-computations to yield competitive full scalar multiplication algorithms, ready for use in more general discrete logarithm-based cryptosystems, including signature schemes. This is especially interesting for genus 2, where Kummer surfaces can outperform comparable elliptic curve systems. As an example, we construct an instance of the Schnorr signature scheme driven by Kummer surface arithmetic.