Elliptic curve cryptography is a popular form of public key encryption that is based on the mathematical theory of elliptic curves.
Points on an elliptic curve can be added and form a group under this addition operation.
This article describes the computational costs for this group addition and certain related operations that are used in elliptic curve cryptography algorithms.
The next section presents a table of all the time-costs of some of the possible operations in elliptic curves.
The columns of the table are labelled by various computational operations.
The rows of the table are for different models of elliptic curves.
These are the operations considered: DBL – Doubling ADD – Addition mADD – Mixed addition: addition of an input that has been scaled to have Z-coordinate 1. mDBL – Mixed doubling: doubling of an input that has been scaled to have Z-coordinate 1.
DBL+ADD – Combined double-and-add step To see how adding (ADD) and doubling (DBL) points on elliptic curves are defined, see The group law.
The importance of doubling to speed scalar multiplication is discussed after the table.
For information about other possible operations on elliptic curves see http://hyperelliptic.org/EFD/g1p/index.html.
Under different assumptions on the multiplication, addition, inversion for the elements in some fixed field, the time-cost of these operations varies.
For more information about other results obtained with different assumptions, see http://hyperelliptic.org/EFD/g1p/index.html In some applications of elliptic curve cryptography and the elliptic curve method of factorization (ECM) it is necessary to consider the scalar multiplication [n]P. One way to do this is to compute successively: But it is faster to use double-and-add method; for example, [5]P = [2]([2]P) + P. In general, to compute [k]P, write
So, this is one of the reasons why addition and doubling formulas are defined.
Furthermore, this method is applicable to any group and if the group law is written multiplicatively; the double-and-add algorithm is then called square-and-multiply algorithm.