2020 Volume 28 Pages 464-472
Elliptic curve cryptosystems (ECCs) are widely used because of their short key size. ECCs can ensure sufficient security with shorter keys, using less memory to reduce parameters. Hence, ECCs are typically used in IoT devices. The dominant computation of an ECC is scalar multiplication $Q = kP$ for $P \in E(\mathbb{F}_q)$. Thus, the security and efficiency of scalar multiplication are paramount. To render secure ECCs, complete addition (CA) formulae can be employed for secure scalar multiplication algorithms. However, this requires significant memory; thus, it is not suitable for compact devices. Several types of coordinates exist for elliptic curves such as affine, Jacobian, Projective and so on. The CA formulae are not based on affine coordinates and, thus, require considerable memory. In this study, we achieve a compact ECC by focusing on affine coordinates. In fact, affine coordinates are highly advantageous in terms of memory but require many if statements for scalar multiplication owing to exceptional points. We propose two scalar multiplication algorithms with the extended affine formulae to delete some exceptional inputs for scalar multiplication. Our two algorithms reduce memory cost up to 37% or 21%. In many cases such as NIST elliptic curves, our two algorithms are the most efficient if $\frac{I}{M}<12$, for the ratio of computational cost of inversion and multiplication. The experiment shows that our algorithms can compute the elliptic curve scalar multiplication correctly and efficiently.
