Double-Base Number System for Multi-scalar Multiplications

The Joint Sparse Form is currently the standard representation system to perform multi-scalar multiplications of the form [

n

]

P

 + 

m

[

Q

]. We introduce the concept of Joint Double-Base Chain, a generalization of the Double-Base Number System to represent simultaneously

n

and

m

. This concept is relevant because of the high redundancy of Double-Base systems, which ensures that we can find a chain of reasonable length that uses exactly the same terms to compute both

n

and

m

. Furthermore, we discuss an algorithm to produce such a Joint Double-Base Chain. Because of its simplicity, this algorithm is straightforward to implement, efficient, and also quite easy to analyze. Namely, in our main result we show that the average number of terms in the expansion is less than 0.3945log

2

n

. With respect to the Joint Sparse Form, this induces a reduction by more than 20% of the number of additions. As a consequence, the total number of multiplications required for a scalar multiplications is minimal for our method, across all the methods using two precomputations,

P

 + 

Q

and

P

 − 

Q

. This is the case even with coordinate systems offering very cheap doublings, in contrast with recent results on scalar multiplications. Several variants are discussed, including methods using more precomputed points and a generalization relevant for Koblitz curves. Our second contribution is a new way to evaluate

$\widehat\phi$

, the dual endomorphism of the Frobenius. Namely, we propose formulae to compute

$\pm{\widehat\phi}(P)$

with at most 2 multiplications and 2 squarings in the base field

$\mathbb{F}_{2^d}$

. This represents a speed-up of about 50% with respect to the fastest known techniques. This has very concrete consequences on scalar and multi-scalar multiplications on Koblitz curves.