Craig CostelloHuseyin HisilBenjamin SmithCostello, CraigHisil, HuseyinSmith, BenjaminPQ NguyenE Oswald2025-10-062014978-3-642-55220-5, 978-3-642-55219-9978364255219997836425522050302-97431611-334910.1007/978-3-642-55220-5_112-s2.0-84901674442https://gcris.yasar.edu.tr/handle/123456789/7550https://doi.org/10.1007/978-3-642-55220-5_11We describe an implementation of fast elliptic curve scalar multiplication optimized for Diffie-Hellman Key Exchange at the 128-bit security level. The algorithms are compact (using only x-coordinates) run in constant time with uniform execution patterns and do not distinguish between the curve and its quadratic twist, they thus have a built-in measure of side-channel resistance. (For comparison we also implement two faster but non-constant-time algorithms.) The core of our construction is a suite of two-dimensional differential addition chains driven by efficient endomorphism decompositions built on curves selected from a family of Q-curve reductions over F-p2 with p = 2(127) - 1. We include state-of-the-art experimental results for twist-secure constant-time x-coordinate-only scalar multiplication.Englishinfo:eu-repo/semantics/openAccessElliptic curve cryptography, scalar multiplication, twist-secure, side channel attacks, endomorphism, Kummer variety, addition chains, Montgomery curveELLIPTIC CURVE, IMPROVED ALGORITHM, LOGARITHMSEndomorphismKummer VarietyMontgomery CurveSide Channel AttacksScalar MultiplicationTwist-secureAddition ChainsElliptic Curve CryptographyConference Object