The Graphs for Elliptic Curve Cryptography

The scalar multiplication on elliptic curves defined over finite fields is a core operation in elliptic curve cryptography (ECC). Several different methods are used for computing this operation. One of them, the binary method, is applied depending on the binary representation of the scalar v in a scalar multiplication vP , where P is a point that lies on elliptic curve E defined over a prime field F p . On the binary method, two methodologies are performed based on the implementation of the binary string bits from the right to the left (RLB) [or from the left to the right (LRB)]. Another method is a nonadjacent form (NAF) which depended on the signed digit representation of a positive integer v . In this chapter, the graphs and subgraphs are employed for the serial computations of elliptic scalar multiplications defined over prime fields. This work proposed using the subgraphs H of the graphs G or the (simple, undirected, directed, connected, bipartite, and other) graphs to represent a scalar v directly. This usage speeds up the computations on the elliptic scalar multiplication algorithms. The computational complexities of the proposed algorithms and previous ones are determined. The comparison results of the computational complexities on all these algorithms are discussed. The experimental results show that the proposed algorithms which are used the sub-graphs H and graphs G need to the less costs for computing vP in compare to previous algorithms which are employed the binary representations or NAF expansion. Thus, the proposed algorithms that use the subgraphs or the graphs to represent the scalars v are more efficient than the original ones.


Introduction
The scalar multiplication on elliptic curves defined over finite fields is considered as a central and most time-consuming operation in elliptic curve cryptography (ECC) [1][2][3][4][5][6][7]. Different methods are used for computing the scalar multiplication such as the binary method, nonadjacent form, and others [8][9][10][11][12][13][14][15]. The binary method is applied depending on the binary representation of the scalar v in a scalar multiplication vP, where P is a point that lies on elliptic curve E defined over a prime field F p . On the binary method, two methodologies are performed based on the implementation of the binary string bits from the right to the left (RLB) [or from the left to the right (LRB)], whereas the nonadjacent form (NAF) depends on the signed digit representation of a positive integer v [1].
In this chapter, the computation of the scalar multiplication vP on elliptic curve E defined over a prime field F p has been done using the (undirected or directed) graph and (undirected or directed) subgraph. These graph and subgraph are used to represent the scalar v in two ways. The first one is the binary representation and the second one is the sign digit representation.
Also, the l-tuple of the elliptic scalar multiplications is computed using the proposed generalized binary methods (GRLB) and (GLRB) and GNAF. The computational complexities of the proposed algorithms and previous ones are determined. The comparison results of the computational complexities on all these algorithms are discussed. Several experimental results showed that the proposed algorithms which are used the graphs G need to the less costs for computing vP in compare to previous algorithms which are employed the binary representations or NAF expansion. Therefore, the proposed algorithms that use the subgraphs or the graphs to represent the scalars v are more efficient than the original ones.
This chapter is organized as follows: Section 2 presents the vector representation of the graph. Section 3 discusses the matrix representation of the graph. Section 4 includes the binary methods of the elliptic scalar multiplication which are the rightto-left binary and left-to-right binary representations. Section 5 explains the non-adjacent form method, whereas Section 6 discusses the graphic binary methods of the elliptic scalar multiplications. Section 7 displays the digraphic NAF method. Section 8 presents the subgraphs for computing the elliptic scalar multiplication. Section 9 determines the computational complexities on the original elliptic scalar multiplication methods. Section 10 shows the computational complexity for serial computing l-tuple of the scalar multiplications. The computational complexity of the graphic elliptic scalar multiplication methods is explained in Section 11. Section 12 illustrates the computational complexity comparison on the serial and graphic computation methods. Finally, Section 13 draws the conclusions.

The matrix representation of the graph
Suppose G is any undirected graph that is formed by two finite sets V and E, which are called the vertices and edges, respectively. In other words, (1) with l rows corresponding to the l vertices v i and the m columns corresponding to the m edges e i : Whereas the incidence matrix of a connected digraph can be defined by A ¼ e ij À Á lÂm , where e ij ∈ 0; ∓ 1 f g: In other words, if j th edge is incident out of i th vertex, then e ij ¼ 1, while e ij ¼ À1, if j th edge is incident into i th vertex and if j th edge is neither incident out nor incident into i th vertex, then e ij ¼ 0 [16,17].

The binary methods for the elliptic scalar multiplication
Two methods for computing the scalar multiplication vP have been created based on using the binary representation of a scalar v. One of them is called the right-to-left binary (RLB) method, and another one is called left-to-right binary (LRB) method [1,9,10]. These methods depend on the basic repeated-square-and multiply methods for exponentiation with additive version. Using the RLB method, the process of v-bits starts from the right to the left, whereas the v-bits processing starts from the left to the right using the LRB method. The RLB and LRB methods are discussed mathematically as follows.

The right-to-left binary method
Suppose E is an elliptic curve defined over a prime field F p . The equation of E is given by E: y 2 = x 3 þ ax þ b (mod p). Let P = (x, y) be a generator point that lies on E which has a (large) prime order n. Choosing v to compute vP can be done from the range [1, nÀ1]. So, it should first write v in a binary representation string (e t-1 , …, e 1 , e 0 ) 2 . The starting will be happened with a point Q in E (F p ), (that is, Q = ∞). With the i index that takes the values 0, 1, …, t À 1, the computation of Q = Q þ P can be done if e i = 1. After then, the value 2P is computed and plugging 2P by P. The processing continues until the last value t À 1. Therefore, the last computed value of a point Q is the scalar multiplication point vP [1]. The summary of the RLB method can be given in the following algorithm.

The left-to-right binary method
With the same parameters E, P, n, and v which are used in the RLB method, the computation of vP using the LRB method can be done easily. A scalar v can be written in a binary representation string (e t À 1 , …, e 1 , e 0 ) 2 . Let us start with a point Q in E(F p ), where Q = ∞. With the i index which takes the values t À 1,…, 1, 0, then the computation of 2Q can be done and plugged into Q. After then, the value Q = Q þ P is computed. The processing continues until the last value 0. Therefore, the last computed value of a point Q is the scalar multiplication point vP. The LRB method can be summarized in Algorithm (4.2) [1].

The non-adjacent form for the elliptic scalar multiplication
The motivation to use the signed digit representation of a scalar v, in a scalar multiplication vP, is the computation of the subtraction and addition of the points lying on elliptic curve E which has the same efficient. A signed digit representation of v is given by v ¼ ∑ lÀ1 i¼0 e i 2 i , where e i ∈ 0; AE1 f gwill be explained in this section with more details. The signed digit representation forms the nonadjacent form (NAF) [1,9,10] which is given in the next algorithm. The computation of a scalar multiplication vP by employing the NAF algorithm can be done using the following algorithm:   3.2 If e i = 1 then Q Q þ P.

The graphic methods for the elliptic scalar multiplications
This section discusses the generalization on the binary methods and NAF to compute l-tuple of the scalar multiplications on elliptic curve E defined over prime field Fp. This generalization employed the simple undirected and directed graphs.

The graphic right-to-left binary (GRLB) method
Suppose Ec is an elliptic curve defined over a prime field F p [1][2][3][4][5][6][7]. The equation of Ec is given by Let P ¼ x; y ð Þ be a point that lies on Ec which has a (large) prime order r: Let G V; E ð Þbe a simple (or multigraph or others) graph, where V is a vertex set and E is an edge set. The matrix representation A G ð Þ on G V; E ð Þis defined as given in Eq. (1). Directly from the rows of the matrix A G ð Þ, the binary representation strings e mÀ1 ð Þ l ; …; e 1 l ; e 0 l 2 are obtained. The starting will happen with an elliptic point Q 1 which belongs to E F p À Á , where Q 1 ¼ ∞: With the i index which takes the values 0 1 , 1 1 , …, m À 1 ð Þ 1 in the first row of A G ð Þ, the computation of Q 1 ¼ Q 1 þ P can be done if e i 1 ¼ 1: After then, the value 2P is computed and plugging it by P: The processing on the first row continues until the last value m À 1: Therefore, the last computed value of a point Q 1 is the value of the first scalar multiplication point v 1 P in l-tuple vP h i: In similar way, the processing on others rows can be done. The summary of the GRLB method can be given in the following algorithm: , l and m, where l and m are the order and size of a graph G, respectively.

The implementation results on the GRLB method
With different kinds of graphs which are given in Figure 2, the matrix representations of the graphs have been computed by  and The l-tuple computations of the scalar multiplications that correspond to these graphs are shown in Table 1.

The graphic left-to-right binary method
With the same parameters p, E, P, G, and V which are used in the GRLB method, the computations of l-tuple vP h i using the GLRB method can be done easily. The scalars v 1 , …, v n can be written in the binary representation strings With the i index which takes the values m À 1 ð Þ 1 , …, 1 1 , 0 1 , then the computation of 2Q 1 can be done and plugged into Q 1 : After then, the value Q 1 ¼ Q 1 þ P is computed. The processing continues until the last value 0 1 : Therefore, the last computed value of a point Q 1 is the first scalar multiplication point in an l-tuple vP h i: Similarly, the processing on others rows can be computed. The GLRB method can be summarized in Algorithm (6.2).

Algorithm 6.2 The GLRB method
for j=1,2,…, l from A G ð Þ: 3. For j ¼ 1, 2, …, l: Different kinds of graphs [16]. The experimental results of the l-tuple of the scalar multiplications that correspond to the graphs G a , G b , G c , and G d .

6.
End for

The digraphic NAF for the elliptic scalar multiplication
The signed digit representation of an l -tuple v h i of scalars v j , which are used to compute an l-tuple vP h i of the scalar multiplications v j P, can be represented directly from the digraphs. The signed digit representations of v j are given by The signed digit representations form the generalized nonadjacent form (GNAF). These representations are computed using the following algorithm: 2. For j = 1, 2, …, l.

4.
If v s is an incident out of v t , where s, t ∈ j 5. then e i j ¼ 1:

6.
Elseif v s is an incident into v t 7. then e ij ¼ À1:

8.
Else there is no edge between v s and v t . Return e 1j ; e 2j ; …; e m j .
The incidence matrix of G that is given in Figure 3 is The GNAF method for l-tuple of the scalar multiplications can be performed using Algorithm (7.2).   8. The subgraphs for the elliptic scalar multiplication

The binary representations
Suppose G is a graph and H i , for i = 1, 2, 3 are subgraphs as shown in Figure 4. Next algorithm can be applied for determining the binary representation of any subgraph from a given graph.

4.
If there is an edge between v s and v t , where s, t ∈ j 5. then e i ¼ 1:

6.
Else there is no edge between v s and v t . The small numerical results based on Figure 4 can be shown in Table 2.
On the binary representations which are found directly from the subgraphs, the scalar multiplications H i P on elliptic curve E defined over a prime field Fp can be computed using Algorithm (4.1) or (4.2). Some experimental results for computing the scalar multiplications based on using the subgraphs to represent the scalars are given in Table 3.

The signed digit representations
Suppose G is a digraph and H i , for i = 1, 2, 3, are directed subgraphs as shown in Figure 5. Algorithm (8.2) can be used to find the signed digit representation of any subgraph from a given graph.

4.
If v s is an incident out of v t , where s, t ∈ j 5. then e i ¼ 1:

6.
Elseif v t is an incident into v s 7. then e i ¼ À1:

8.
Else there is no edge between v s and v t .  The computational results based on Figure 5 and using Algorithm (8.2) are given in Table 4. With the signed digit representations which are given in Table 4, the l-tuple of the scalar multiplications on elliptic curve E defined over a prime field F p can be computed. Some experimental results for computing the l-tuple of the scalar multiplications based on using the directed subgraphs to represent the scalars are given in Table 5.

The computational complexity on the elliptic scalar multiplication methods
This chapter discusses the problems of the computational complexities which are determined depending on the account operations. These operations are the elliptic curve operations, namely, the addition A and doubling D on the points which lie on elliptic curve E defined over a prime field F p . Also, the finite field operations which are field inversion I, field multiplication M and a field squaring S. The computational complexity problems are determined first of the original binary methods and NAF for computing the scalar multiplications on E. The computational complexities of the proposed methods which are dependent on the graphs and subgraphs are determined as well.

The computational complexity of the binary methods
Let #E (F p ) = n, where n is prime number and it is the nearest number to prime p. A point P in E(Fp) which has order n. Suppose v is a scalar such as v is a randomly selected integer from the interval [1, nÀ1]. The binary representation of v is denoted (e m -1 … e 2 .e 1 .e 0 ) 2 where m ≈ t = log 2 p.
The computational complexity of Algorithm (4.1) or (4.2) is roughly t/2 point additions and t point doublings, which is denoted by  in addition to the time of binary representation which is approximately t/2d and t/2S, where d and S are normal addition and squaring. Using Lemmas (6.1) and (6.2) in [18,19], the points addition A and doubling D can be re-expressed by 1I þ 2 M þ 1S and 1I þ 2 M þ 2S, respectively. In other words, the computational complexity of Algorithm (4.1) or (4.2) is expressed in terms of field operations by.
3tS þ 3tM þ 1:5tI þ 0:5td: Several computational complexity results to compute a scalar multiplication by applying the binary method are given in Table 6.

The computational complexity of the NAF
With same the multiplier v which belongs to the interval [1,n À 1], the computational complexity to compute a scalar multiplication vP using the NAF is given by In Eq. (5), D in the first term is the cost of NAF to represent a positive integer v, t/3A þ tD is the cost of computing a scalar multiplication vP using NAF method, and t is the length of the NAF string. In other words, the running time of Algorithm (5.1) is expressed in terms of field operations by  Table 7.
The experimental results of the computational complexity for the scalar multiplications using the NAF method.
Some numerical results of the computational complexity to compute a scalar multiplication using the NAF method are given in Table 7. 11. The computational complexity for serial computing l-tuple of the scalar multiplications 11.1 The computational complexity of the serial GBR On l-tuple of the scalar multiplications vP h i ¼ v 1 P; v 2 P; …; v l P h i , the computations of v 1 P, v 2 P, …, v l P without using the graphs or subgraphs can be done serially. So, the computational cost of these computations using the binary representations of v 1 , v 2 , …, v l is given by lA þ tlD þ 0:5tld: In other words, the running time can be expressed in terms of field operations by 3tlS þ 3tlM þ 1:5tlI þ 0:5tld: (8) Table 8 displays some small experimental results for computational complexities for serial computations of l-tuples vP h iusing the generalized binary method.

The computational complexity of the serial GNAF
The computational complexity for computing l-tuple of the scalar multiplications using GNAF representations in serial way is given by Using the field operations, the formula in Eq. (9) can be rewritten by.
The computational complexity results for serial computations of l-tuples vP h i using the GNAF method are given in Table 9.

The computational complexity of the graphic elliptic scalar multiplication methods
Suppose vP h i ¼ v 1 P; v 2 P; …; v l P h i is an l-tuple of the scalar multiplications. The graphic computations of v 1 P, v 2 P, …, v l P can be done using the graphs or subgraphs in two ways. One of them is using the graphs directly to find the binary representations of the scalars v 1 , v 2 , …, v l , whereas another one uses the digraphs to represent these scalars. The computational costs of these computations can be discussed as follows.

The computational complexity of the graphic binary representation (GBR)
Using the graphs to compute l-tuple of the scalar multiplications costs t 2 lA þ tlD: In terms of field operations, the computational complexity of GBR can be expressed by 3tlS þ 3tlM þ 1:5tlI:

The computational complexity of the digraphic NAF
The computational complexity for computing l-tuple of the scalar multiplications using the digraphs is given by Eq. (13) can be rewritten using field operations by: Several experimental results for computational complexities for digraph representations of l-tuples vP h i are given in Table 11.

Computational complexity comparison on the serial and graphic computations of GBR and GNAF methods
This section discusses first the experimental results of the GBR method that uses serial computations to calculate l-tuple of the scalar multiplications and the GBR method that depends directly on using the graphs. Selecting the scalars v 1 , v 2 ,…. v l from the interval [1. n À 1] to represent using the GBR method which needs the cost 0.5tld, where t is the length of the string binary representation, l is the length of the tuple and d is a normal addition operation. The final computational cost as given in Eq. (8).
Whereas, the binary representing of the scalars v 1 , v 2 , … v l can be taken directly from graphs or subgraphs without need to extra cost. This saves the 0.5tld operations to compute l-tuple of the scalar multiplications vP h i: The total cost of the graphic GBR method has been determined previously in Eq. (12). The serial GBR and graphic GBR computational costs for several experimental results are given in Table 12. In this table, one can see the serial GBR method with various values of p is more costly compared to the graphic GBR method.
Also, the experimental results of the serial GNAF and graphic GNAF methods that are used to calculate l-tuple of the scalar multiplications are discussed in this section. Selecting the scalars v 1 , v 2 , … v l from the interval [1. n À 1] to represent using the GNAF method which needs the 1lI þ 2lM þ 2lS cost, l is the length of the tuple, M is a field multiplication, S is a field squaring, and I is a field inversion. So, the total computational cost as given in Eq. (10).
The graphic GNAF of the scalars v 1 , v 2 , …. v l can be taken directly from graphs. So it can save 1lI þ 2lM þ 2lS operations for computing l-tuple of the scalar multiplications vP h i: The total cost of the graphic GNAF method is determined previously in Eq. (14). Several experimental results on the serial GNAF and graphic GNAF computational costs are given in Table 13. With various values of p as shown in Table 13, it can observe that the graphic GNAF method is less costly than the serial GNAF method.

Conclusions
The present chapter was concerned with presenting new graphic elliptic scalar multiplication algorithms for speeding up the computations of the scalar multiplication defined on elliptic curves over a prime field in different ways. These ways employed the undirected graphs and subgraphs to construct the binary representations of the scalars v in the scalar multiplications vP. Also, the sign digit representation of v has been obtained directly from using the digraphs or di-subgraphs. These representations are used to compute one scalar multiplication vP and l-tuple <vP> of the scalar multiplications. The computational complexities of the proposed graphic elliptic scalar multiplication algorithms have been determined. The computational complexity comparison of the proposed algorithms and original ones is discussed based on the elliptic curve and field operations. The experiment results of the computational complexities show that the proposed algorithms are less costly for computing the scalar multiplication or l-tuple of the scalar multiplications than original algorithms which are dependent on the computations of the binary representations or NAF expansions. The new propositions with graphic representations speed up the computations on elliptic scalar multiplication algorithms. Also, it gives the generalized cases with the computations of the l-tuples <vP> using (undirected or directed) graphs or subgraphs. This insight makes the working with graphic elliptic scalar multiplication algorithms more efficient in comparison with the serial original ones.