@techreport{costello2013faster, author = {Costello, Craig and Hisil, Huseyin and Smith, Benjamin}, title = {Faster Compact Diffie-Hellman: Endomorphisms on the x-line}, year = {2013}, month = {October}, abstract = {We describe an implementation of fast elliptic curve scalar multiplication, optimized for Diffie–Hellman Key Exchange at the 128-bit security level. The algorithms are compact (using only x-coordinates), run in constant time with uniform execution patterns, and do not distinguish between the curve and its quadratic twist; they thus have a built-in measure of side- channel resistance. The core of our construction is a suite of two-dimensional differential addition chains driven by efficient endomorphism decompositions, built on curves selected from a family of Q-curve reductions over Fp2 with p = 2127-1. We include state-of-the-art experimental results for twist-secure, constant-time, x-coordinate-only scalar multiplication.}, url = {http://approjects.co.za/?big=en-us/research/publication/faster-compact-diffie-hellman-endomorphisms-on-the-x-line/}, number = {MSR-TR-2013-113}, }