Endomorphism-based Pippenger

Open UlrichHaboeck75 opened this issue 3 years ago • 1 comments

Aztek has implemented a GLV-variant of Pippenger. In short, the GLV method makes use of the endomorphism (having equivalent scalar lambda) by decomposing a scalar k into k = k1 * lambda + k2, with k1 and k2 of half the size of the modulus. (See Gallant, Lambert, Vanstone 2001 or the corrected analyis of Quisquater, et al 2002 for a detailed description on the decomposition.) With this decomposition one can replace the initial instance for a multi-scalar multiplication by one having the double number of base points (the original ones plus their endomorphism image) but scalars of half the size.

@DDT92 Let us estimate the performance improvement using this technique.

Apr 01 '22 16:04 UlrichHaboeck75

Nice

Apr 23 '22 06:04 Ashrafafnan