Skip to main content

Advertisement

Springer Nature Link
Log in
Menu
Find a journal Publish with us Track your research
Search
Saved research
Cart
  1. Home
  2. Public Key Cryptography - PKC 2006
  3. Conference paper

Curve25519: New Diffie-Hellman Speed Records

  • Conference paper
  • pp 207–228
  • Cite this conference paper
Save conference paper
View saved research
Public Key Cryptography - PKC 2006 (PKC 2006)
Curve25519: New Diffie-Hellman Speed Records
  • Daniel J. Bernstein 

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3958))

Included in the following conference series:

  • International Workshop on Public Key Cryptography

  • 9459 Accesses

  • 680 Citations

  • 30 Altmetric

Abstract

This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and state-of-the-art timing-attack protection), more than twice as fast as other authors’ results at the same conjectured security level (with or without the side benefits).

Download to read the full chapter text

Chapter PDF

Similar content being viewed by others

Searching Pattern in DNA Sequence Using ECC-Diffie-Hellman Exchange Based Hash Function: An Efficient Approach

Chapter © 2022

Four $$\mathbb {Q}$$ on Embedded Devices with Strong Countermeasures Against Side-Channel Attacks

Chapter © 2017

Security and efficiency trade-offs for elliptic curve Diffie–Hellman at the 128-bit and 224-bit security levels

Article 12 April 2021

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.
  • Big Data
  • Cryptology
  • Data Privacy
  • Data and Information Security
  • DNA computing and cryptography
  • Blockchain
  • Post-Quantum Cryptography Using Supersingular Isogenies

References

  1. 17th annual symposium on foundations of computer science. IEEE Computer Society, Long Beach (1976); MR 56:1766. See [52].

    Google Scholar 

  2. Alster, K., Urbanowicz, J., Williams, H.C. (eds.): Public-key cryptography and computational number theory: proceedings of the international conference held in Warsaw, September 11–15, 2000. Walter de Gruyter, Berlin (2001); ISBN 3–11–017046–9. MR 2002h:94001. See [60]

    MATH  Google Scholar 

  3. Antipa, A., Brown, D., Menezes, A., Struik, R., Vanstone, S.: Validation of elliptic curve public keys. In: [21], pp. 211–223 (2003); MR 2171928. Citations in this paper: §1

    Google Scholar 

  4. Avanzi, R.M.: Aspects of hyperelliptic curves over large prime fields in software implementations. In: [36], pp. 148–162 (2004); Citations in this paper: §1, §5

    Google Scholar 

  5. Avanzi, R.M.: Generic algorithms for computing discrete logarithms. In: [19], pp. 477–494 (2005); MR 2162735. Citations in this paper: §3, §3

    Google Scholar 

  6. Avanzi, R.M., Mihăilescu, P.: Generic efficient arithmetic algorithms for PAFFs (processor adequate finite fields) and related algebraic structures (extended abstract). In: [43], pp. 320–334 (2004); Citations in this paper: §4

    Google Scholar 

  7. Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14, 153–176 (2001); ISSN 0933–2790. Citations in this paper: §1, §4

    Article  MathSciNet  MATH  Google Scholar 

  8. Bellare, M. (ed.): CRYPTO 2000. LNCS, vol. 1880. Springer, Heidelberg (2000); ISBN 3–540–67907–3. MR 2002c:94002. See [14]

    MATH  Google Scholar 

  9. Bender, A., Castagnoli, G.: On the implementation of elliptic curve cryptosystems. In: [16], pp. 186–192 (1990); MR 91d:11154. Citations in this paper: §4

    Google Scholar 

  10. Bentahar, K.: The equivalence between the DHP and DLP for elliptic curves used in practical applications (revisited, 2005); Citations in this paper: §3, http://eprint.iacr.org/2005/307

  11. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: [32], pp. 32–49 (2005); ID 0018d9551b5 546d97c340e0dd8cb5750. Citations in this paper: §4, http://cr.yp.to/papers.html#poly1305

  12. Bernstein, D.J.: Cache-timing attacks on AES (2005); ID cd9faae9bd5308c440df50fc26a517b4. Citations in this paper: §1, §4, http://cr.yp.to/papers.html#cachetiming

  13. Bernstein, D.J.: Salsa20 specification (2005); Citations in this paper: §3, http://cr.yp.to/snuffle.html

  14. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems (extended abstract). In: [8], pp. 131–146 (2000); Citations in this paper: §1, §3, http://lecturer.ukdw.ac.id/vmueller/publications.php

  15. Boyd, C. (ed.): ASIACRYPT 2001. LNCS, vol. 2248. Springer, Heidelberg (2001); ISBN 3–540–42987–5. MR 2003d:94001. See [59]

    MATH  Google Scholar 

  16. Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990); ISBN 0–387–97317–6. MR 91b:94002. See [9]

    MATH  Google Scholar 

  17. Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields (2000); see also newer version [18]. Citations in this paper: §1, §5, http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-56.ps

  18. Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: [49], pp. 250–265 (2001); see also older version [17]. MR 1907102

    Google Scholar 

  19. Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005); ISBN 1–58488–518–1. See [5], [24], [25], [30]

    Google Scholar 

  20. Desmedt, Y. (ed.): CRYPTO 1994. LNCS, vol. 839. Springer, Heidelberg (1994); See [44]

    MATH  Google Scholar 

  21. Desmedt, Y. (ed.): PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002); ISBN 3–540–00324–X. See [3]

    MATH  Google Scholar 

  22. Diem, C.: The GHS attack in odd characteristic. Journal of the Ramanujan Mathematical Society 18, 1–32 (2003); MR 2004a:14030. Citations in this paper: §4, http://www.math.uni-leipzig.de/~diem/preprints

    MathSciNet  MATH  Google Scholar 

  23. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976); ISSN 0018–9448. MR 55:10141. Citations in this paper: §3, http://cr.yp.to/bib/entries.html#1976/diffie

    Article  MathSciNet  MATH  Google Scholar 

  24. Doche, C., Lange, T.: Arithmetic of elliptic curves. In: [19], pp. 267–302 (2005); MR 2162729. Citations in this paper: §A

    Google Scholar 

  25. Doche, C., Lange, T.: Arithmetic of special curves. In: [19], pp. 355–387 (2005); MR 2162731. Citations in this paper: §4

    Google Scholar 

  26. Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited (2003); see also newer version [27]. Citations in this paper: §1, http://www.cacr.math.uwaterloo.ca/techreports/2003/techreports2003.html

  27. Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited. IEEE Transactions on Computers 53, 1047–1059 (2004); see also older version [26]. ISSN 0018–9340

    Article  Google Scholar 

  28. Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Simka, M., Stahlke, C.: In: Workshop Record of SHARCS 2005, pp. 51–62 (2005); Citations in this paper: §3, §3, http://www.best.tuke.sk/simka/pub.html

  29. Frey, G.: How to disguise an elliptic curve, Weil descent (1998); Citations in this paper: §4, http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html

  30. Frey, G., Lange, T.: Transfer of discrete logarithms. In: [19], pp. 529–543 (2005); MR 2162738. Citations in this paper: §3

    Google Scholar 

  31. Robert, P., Gallant, R.J., Lambert, S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [38], pp. 190–200 (2001); MR 2003h:14043. Citations in this paper: §5.

    Google Scholar 

  32. Gilbert, H., Handschuh, H. (eds.): FSE 2005. LNCS, vol. 3557. Springer, Heidelberg (2005); ISBN 3–540– 26541–4. See [11].

    Google Scholar 

  33. Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields (2000); Citations in this paper: §1, see also newer version [34], http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-42.ps

  34. Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: [40], pp. 1–24 (2000); see also older version [33]

    Google Scholar 

  35. Hankerson, D., Menezes, A., Vanstone, S.: Guide to elliptic curve cryptography. Springer, New York (2004); ISBN 0–387–95273–X. MR 2054891. Citations in this paper: §4

    MATH  Google Scholar 

  36. Joye, M., Quisquater, J.-J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004); ISBN 3–540–22666–4. See [4]

    MATH  Google Scholar 

  37. Kaliski Jr., B.S. (ed.): CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997); ISBN 3–540–63384–7. MR 99a:94041. See [42]

    MATH  Google Scholar 

  38. Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001); ISBN 3–540–42456–3. MR 2003d:94002. See [31]

    MATH  Google Scholar 

  39. Koblitz, N., Menezes, A.J.: Another look at provable security (2004); Citations in this paper: §3, http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/provable.pdf

  40. Ko̧c, Ç.K., Paar, C.: CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000); ISBN 3–540–42521–7. See [34]

    Book  Google Scholar 

  41. Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithm for computing multiple discrete logarithms. In: [64], pp. 212–229 (2001); Citations in this paper: §3, http://www.distcomp.ethz.ch/publications.html

  42. Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: [37], pp. 249–263 (1997); Citations in this paper: §3, §3, http://dasan.sejong.ac.kr/~chlim/english_pub.html

  43. Matsui, M., Zuccherato, R.: SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004); ISBN 3–540–21370–8. See [6]

    Book  MATH  Google Scholar 

  44. Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms. In: [20], pp. 271–281 (1994); Citations in this paper: §3, http://www.crypto.ethz.ch/~maurer/publications.html

  45. Menezes, A.: Another look at HMQV (2005); Citations in this paper: §2, http://eprint.iacr.org/2005/205

  46. Miller, V.S.: Use of elliptic curves in cryptography. In: [65], pp. 417–426 (1986); MR 88b:68040. Citations in this paper: §1

    Google Scholar 

  47. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987); ISSN 0025–5718. Citations in this paper: §5, http://cr.yp.to/bib/entries.html#1987/montgomery

    Article  MathSciNet  MATH  Google Scholar 

  48. Muzereau, A., Smart, N.P., Vercauteren, F.: The equivalence between the DHP and DLP for elliptic curves used in practical applications. LMS Journal of Computation and Mathematics 7, 50–72 (2004); Citations in this paper: §3, http://www.lms.ac.uk/jcm/7/lms2003-034/

    Article  MathSciNet  MATH  Google Scholar 

  49. Naccache, D. (ed.): CT-RSA 2001. LNCS, vol. 2020. Springer, Heidelberg (2001); ISBN 3– 540–41898–9. MR 2003a:94039. See [18]

    MATH  Google Scholar 

  50. Osvik, D.A., Shamir, A., Tromer, E.: Cache atacks and countermeasures: the case of AES, extended version (2005); Citations in this paper: §1, http://www.wisdom.weizmann.ac.il/~tromer/

  51. Percival, C.: Cache missing for fun and profit (2005); Citations in this paper: §1, http://www.daemonology.net/hyperthreading-considered-harmful/

  52. Pippenger, N.: On the evaluation of powers and related problems (preliminary version). In: [1], pp. 258–263 (1976); newer version split into [53] and [54]. MR 58:3682. Citations in this paper: §5, http://cr.yp.to/bib/entries.html#1976/pippenger

  53. Pippenger, N.: The minimum number of edges in graphs with prescribed paths. Mathematical Systems Theory 12, 325–346 (1979); see also older version [52], ISSN 0025–5661. MR 81 e:05079, http://cr.yp.to/bib/entries.html#1979/pippenger

    Article  MathSciNet  MATH  Google Scholar 

  54. Pippenger, N.: On the evaluation of powers and monomials. SIAM Journal on Computing 9, 230–250 (1980); see also older version [52]. ISSN 0097–5397. MR 82c:10064, http://cr.yp.to/bib/entries.html#1980/pippenger

    Article  MathSciNet  MATH  Google Scholar 

  55. Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000); ISSN 0933–2790. Citations in this paper: §3

    Article  MathSciNet  MATH  Google Scholar 

  56. Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves (2003); Citations in this paper: §1, http://www.cacr.math.uwaterloo.ca/techreports/2003/tech_reports2003.html

  57. Smart, N.P.: A comparison of different finite fields for use in elliptic curve cryptosystems (2000); see also newer version [58], http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=1000458

  58. Smart, N.P.: A comparison of different finite fields for elliptic curve cryptosystems. Computers and Mathematics with Applications 42, 91–100 (2001); see also older version [57]. MR 2002c:94033. Citations in this paper: §1

    Article  MathSciNet  MATH  Google Scholar 

  59. Stam, M., Lenstra, A.K.: Speeding up XTR. In: [15], pp. 125–143 (2001); MR 2003h:94049. Citations in this paper: §5

    Google Scholar 

  60. Teske, E.: Square-root algorithms for the discrete logarithm problem (a survey). In: [2], pp. 283–301 (2001); MR 2003c:11156. Citations in this paper: §3, http://www.cacr.math.uwaterloo.ca/~eteske/publications.html

  61. Teske, E.: Computing discrete logarithms with the parallelized kangaroo method (2001); see also newer version [62]. Citations in this paper: §3, http://www.cacr.math.uwaterloo.ca/techreports/2001/tech_reports2001.html

  62. Teske, E.: Computing discrete logarithms with the parallelized kangaroo method. Discrete Applied Mathematics 130, 61–82 (2003); see also older version [61]. MR 2004h:11112

    Article  MathSciNet  MATH  Google Scholar 

  63. van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999); ISSN 0933–2790. Citations in this paper: §3, http://members.rogers.com/paulv/papers/pubs.html

    Article  MathSciNet  MATH  Google Scholar 

  64. Vaudenay, S., Youssef, A.M. (eds.): SAC 2001. LNCS, vol. 2259. Springer, Heidelberg (2001); ISBN 3–540–43066–0. MR 2004k:94066. See [41]

    MATH  Google Scholar 

  65. Williams, H.C. (ed.): CRYPTO 1985. LNCS, vol. 218. Springer, Heidelberg (1986); ISBN 3–540–16463–4. See [46]

    Google Scholar 

Download references

Authors
  1. Daniel J. Bernstein
    View author publications

    Search author on:PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

  2. New York University, USA

    Yevgeniy Dodis

  3. Computer Science and Engineering, University of Connecticut, Storrs, CT, USA

    Aggelos Kiayias

  4. Dept. of Computer Science, Columbia University, USA

    Tal Malkin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernstein, D.J. (2006). Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11745853_14

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/11745853_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33851-2

  • Online ISBN: 978-3-540-33852-9

  • eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords

  • Diffie-Hellman
  • elliptic curves
  • point multiplication
  • new curve
  • new software
  • high conjectured security
  • high speed
  • constant time
  • short keys

Publish with us

Policies and ethics

Search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Footer Navigation

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Journal finder
  • Publish your research
  • Language editing
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our brands

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Discover

Corporate Navigation

  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Legal notice
  • Cancel contracts here

104.23.197.171

Not affiliated

Springer Nature

© 2026 Springer Nature