Page 310 - Hardware Implementation of Finite-Field Arithmetic

P. 310

290 Cha pte r T e n

10.3 Group Law
Given an elliptic curve E(L), an addition operation can be defined so
that E(L) is an abelian group ([HMV04]). The addition definition
depends on the type of curve. In all cases the point at infinity ∞ is the
neutral element (or identity). Let P and Q be elements of E(L).
3
m
2
1. If L = GF(p ) where p > 3 (equation y = x + ax + b) then
P + ∞ = ∞ + P = P (10.10)

(x, y) + (x, − y) =∞ (10.11)

if P = (x , y ), Q = (x , y ), P ≠ Q and P ≠− Q, then P + Q = (x , y )
1 1 2 2 3 3
where
2
x = [(y − y )/(x − x )] − x − x , y = [(y − y )/(x − x )](x − x ) − y
3 2 1 2 1 1 2 3 2 1 2 1 1 3 1
(10.12)
if P = (x , y ) and P ≠ − P, that is, y ≠ 0, then P + P = (x , y ) where
1 1 1 3 3
2
2
2
x = [(3x + a)/2y ] − 2x , y = [(3x + a)/2y ](x − x ) − y (10.13)
3 1 1 1 3 1 1 1 3 1
2. If L = GF(2 ), nonsupersingular case (equation y + xy = x + ax + b)
m
2
3
2
then
P + ∞ = ∞ + P = P (10.14)
(x, y) + (x, x + y) =∞ (10.15)
if P = (x , y ), Q = (x , y ), P ≠ Q and P ≠− Q, then P + Q = (x , y )
1 1 2 2 3 3
where
2
x =λ + λ + x + x + a, y =λ(x + x ) + x + y ,
3 1 2 3 1 3 3 1
λ= (y + y )/(x + x ) (10.16)
1 2 1 2
if P = (x , y ) and P ≠− P, that is, x ≠ 0, then P + P = (x , y ) where
1 1 1 3 3
2
2
x =λ + λ + a = x + b/x , y = x + λx + x , λ= x + y /x (10.17)
2
2
3 1 1 3 1 3 3 1 1 1
3
m
2
3. If L = GF(2 ), supersingular case (equation y + cy = x + ax + b)
then
P + ∞ = ∞ + P = P (10.18)
(x, y) + (x, y + c ) =∞ (10.19)

305 306 307 308 309 310 311 312 313 314 315