ON REDUCED COMPUTATION COST FOR EDWARDS AND EXTENDED TWISTED EDWARDS CURVES

Scalar multiplication techniques are having the scope for gaining the computational efficiency for Elliptic Curve Cryptography (ECC). The security strength and effectiveness schemes have shown better results as reported in literature for very shorter key lengths. The Edwards curves are one of the forms used in cryptography that is showing one of the advanced studies for generating the more randomness and unpredictability behaviors. The numbers of researchers have shown significant improvement in solving the same problem on two, four and eight processors and that are contributing immensely contribution in the field of security. In this chapter, we have solved the Edwards Curves and twisted Edwards Curves problems on four and eight processors based on reduced computation cost from to on four processors and to on 8-processors, respectively. The operation is performing on input scalar (usually secret key) which multiplies with point-coordinates on curve. This is accumulated on reduced clock cycles with resistance to the simple side channel attack.


INTRODUCTION
Cryptography is a discipline of computer science and it has been generalized for security aspects from definition and concepts of computing systems.It is fulfilling the security requirements on systematic foundational issues.It has been treated as a branch of mathematics.Modern cryptography is mostly focusing on security problems, perfect definition and light-weight evolution methodology that suits short-memory devices with low computation and communication cost.The security mechanisms work as a backbone for information systems.
These are preventing adversaries from business secrets.Recent research trends are observed for security techniques, types of processor used to influence the performance, using resources and given architecture are acting as a central role in information systems.The public-key cryptography is a major technique to protect the security.Today's it is using special functionalities, advanced algorithms and focused curves that are in very particular to accelerate software performance and reduce hardware specification storage dependence on some base point.
In public key cryptography, ECC [12]-[13] has attracted the most attention from the research community in the last three decades.ECC has gained much popularity and is also dominating RSA/DSA systems today due to its higher computational speed on shorter key sizes.Scalar multiplication is a central operation of ECC that eventually depends on point addition and point doubling operations and these two operations depends on the finite field's arithmetic [14].
Discrete Logarithmic Problem (DLP) is acting as a most sensitive part of cryptography which is in general generated on applied algorithms.The faster algorithms are running and compete with prompted in the computation and communication scenario [118].DLP-ECC is working on a given two elliptic points and on the curve, to find the value of (generally secret key), such The generalized curves are used in important security schemes as well and are well worth studying.
Bernstein and Lange developed various applications for Edward's curves in cryptography [46].They also pointed out several advantages of Edwards form in comparison to the more well known Weierstrass form.Here we have summarized works related to Edward's and twisted Edward's curves:- Edward's followed addition law on the results produced from the Gauss/Euler example and generalized it in the form of elliptic curve to do the arithmetic on this curve in [44].
The general equation of Edwards curves is: , for some scalar, where .
One another form for Edward's curves is also available with c and d parameters such as: , where with . (18) The reviews on addition, doubling and a dual addition-doubling law for Edwards and Twisted Edwards curves fulfill the criteria into the complete curves.The following terms such as unified refers to addition formula is remain valid throughout when two input points are identical and it can also be used for point doubling, and the term complete refers to the addition formula for all inputs.
The Edwards addition law: The Edwards curves (18) say have two elliptic points, with such coordinates and addition point is based on affine coordinates as: On appropriate denominators insertion one obtains a Edwards addition law in the following coordinates, such as projective coordinates, inverted coordinates, extended coordinates, and completed coordinates.
The Edwards addition law is in generic doublings operations and named as strongly unified.The point in addition law is the neutral element.The negative coordinates of a point is .

Affine Doubling Formulae (independent of d):
(20) The dual addition law: Hisil et al. in [21] introduced the addition law The dual addition law is the same likely treated as Edward's addition law; nevertheless there are some of the exceptional cases.This chapter is organized as follows: section 3.2 is parallelized for Edward's curves on 4processor architecture.This contains the Edwards curve problem on two coordinates that solves for 4-processors architecture.The advantages we get in the form of computation cost.Similarly we solve the problem of extended twisted Edward's curves which is based on 8-processors with its computational cost in section 3.3.Finally, we summarize our work.

PARALLEL ARCHITECTURE ON EDWARDS
In this section, we parallel the architecture of Edward's curves on 4-processors that are showing a significant addition operation of the proposed work.This follows on two points coordinates of Edwards curve such as and present a protected scalar multiplication scheme for the prime field on all the parallel and simple side channel attacks that have reported with the various proposed approaches on the fast Montgomery curve for Montgomery Ladder method [21] and radix-8 scalar multiplication [30].
The coordinates of point additions are as follows: (22) Whereas the coordinates of point doublings are as follows: (23) The proposed method is solving this problem for ADD-DBL operations on the reduced computational complexity from 2M+1S+1D+3A [30] to 2M+1S+1D+2A based on the 4processors, as shown in Figure 3.1.The comparative study in relation to the proposed scheme is showing a significant improvement in addition.

PARALLEL ARCHITECTURE ON EXTENDED TWISTED EDWARDS CURVES
The extended twisted Edward's curve on eight processors is parallelized for its coordinates.One of the combined operations of point ADD and point DBL is incorporated in a single operation as ADDDBL.The arithmetic cost on 8-processors is implementation for ADDDBL extended twisted Edward's curve on prime field is generalized on curves [46] And for doubling coordinates formula, i.e., , is given in [11] by: ( In a special case , needed DBLs and ADDs operations are and respectively, considering that arithmetic subtraction and addition are equal.The proposed composite (ADD+DBL=ADDDBL) operation for this curve is solved for both ADD and DBL operations in 5 steps on splitting the computational task on 8-processors in [30].This is reported to be the fastest way to do the scalar multiplication.According to this, the effective time has been reduced to operations on 8 processors.
Our proposed scheme is achieving faster scalar multiplication result, as shown in Figure 3.The comparative time complexity to complete the point ADDs and point DBLs takes the shorter clock cycle to initiate the same.Finally, in Table 3.1, we linked the related parallel schemes and its required complexities on key sizes s={192,224,256,384,521}.In this section, we proposed a protected scalar multiplication for the prime extended twisted Edwards curve that can perform faster than all the parallel and SSCA-protected schemes, on behalf of literature including the fast Montgomery Ladder method on the Montgomery curve [40] and scalar multiplication at Radix- [30].
There are two parameters (Multiplication and Subtraction), our contribution is reflecting at the level of multiplication costs (bits) only with respect to the used key (bits), whereas our subtraction cost is remain the same to the previously proposed solution, therefore here in our contribution this parameter we didn't considered and we have not shown in our thesis.

SUMMARY
This chapter makes contribution of significant improvement in performance for the scalar multiplication techniques proposed for the Edwards and extended twisted Edwards curves.The problem statements have been defined on 4-processors and 8-processors having to gain the computational efficiency for Elliptic Curve Cryptography (ECC).The ECC is justifying the security strength and effectiveness on the shorter key lengths.The comparative reduction cost on the 4-processors is to and on the 8-processors is to .


A general version defined by Bernstein and Lange or simply together for computing the group operations on projective coordinates in [46].The outcome of addition cost is with a=1.The rest of this paper includes multiplication by constant curve factor D.  Bernstein and Lange in 2007 invented Edward's coordinates in [47], which reduced the cost for the group operations on point addition costs on Edward's curves. Bernstein et al. introduced the new form of twisted Edward's curves on and considered to be a generalization of the same [43].Due to this reason the arithmetic speed was enhanced on a suitable point representation.This new representation is known as extended twisted Edward's curves which add an auxiliary coordinate to twisted Edward's coordinates.Despite the same, they developed the faster ways for doing the point addition and composed coordinates on the lower degree of arithmetic computation. Jacobian Projective coordinates have generalized on 4-processors by Longa and Miri on the Fast and Flexible Prime Fields [20].They accelerated the techniques on cheaperoperations on the substitution of multiplication with square on the fact that a square cost is less than multiplication.The conventional approach also works for the same and its significance is in protecting Simple Side-Channel Attacks (SSCA).Hisil et al.[21] introduced a fast algorithm for twisted Edward's curves and pushing the recent speed limits on performing group operations on a wide range of applications.The faster algorithm for point addition is presented in paper is 9M+1S.It is also described the new addition algorithm is implemented on four processors gaining the reduced cost to 2M.In addition to it, the presented algorithm is natural protection on simple power analysis from side channel attacks.Bernstein at al. in [48]  suggested to use Elliptic curve method for Edwards curves that pointed out the improvement above the arithmetic level as follows: (1) on behalf of Montgomery curves they used Edwards curves; (2) using extended twisted Edward's curves;(3) addition-subtraction chains on used sliding window method; (4) on increased window size to extend on chosen base points and small parameters curves.Abdulrahman and Masoleh in 2015[30]  solved the problem of Edwards and Twisted Edwards curves on 4-processors and 8-processors respectively on the cost of 2M+1S+1D+2A and 2M+3A.

Figure 3 . 1 :
Figure 3.1: Parallel architecture for ADD-DBL on 4-processors 2. As a simplicity purpose, the required registers (or auxiliaries) in the Elliptic Curve Scalar Multiplication schemes are not analyzed or discussed.Also in the paralleling process, we imposed the architecture limitation on SIMD (Single Instruction Multiple Data) operations that have already been done in [22], [20].

Table 3 . 1 :
Comparison of Related Parallel Scheme on Edwards Curve