Montgomery ladder

E831071

cryptographic algorithm elliptic curve algorithm scalar multiplication algorithm

The Montgomery ladder is a scalar multiplication algorithm on elliptic curves that provides efficient, uniform, and side-channel-resistant computation for cryptographic protocols such as those based on Curve25519.

Try in SPARQL Jump to: Statements Referenced by

Statements (47)

Predicate	Object
instanceOf	cryptographic algorithm ⓘ elliptic curve algorithm ⓘ scalar multiplication algorithm ⓘ
advantageOver	naive double-and-add with secret-dependent branches ⓘ
describedIn	"Speeding the Pollard and elliptic curve methods of factorization" ⓘ
designedFor	efficient implementation on constrained devices ⓘ implementation without secret-dependent branches ⓘ implementation without secret-dependent memory access patterns ⓘ
field	cryptography ⓘ
hasProperty	amenable to constant-time implementation ⓘ binary ladder structure ⓘ bit-by-bit scalar processing ⓘ constant-time conditional operations ⓘ iterative algorithm ⓘ performs one point addition and one point doubling per bit ⓘ regular structure ⓘ resistance to simple power analysis ⓘ resistance to timing attacks ⓘ side-channel resistance ⓘ simple control flow ⓘ uniform execution pattern ⓘ uses two running points ⓘ
implementedIn	BoringSSL NERFINISHED ⓘ OpenSSL NERFINISHED ⓘ TLS libraries ⓘ libsodium NERFINISHED ⓘ
introducedBy	Peter L. Montgomery NERFINISHED ⓘ
notableApplication	Curve25519 NERFINISHED ⓘ RFC 7748 elliptic curves ⓘ X25519 key exchange NERFINISHED ⓘ
operatesOn	Montgomery curves NERFINISHED ⓘ elliptic curves over finite fields ⓘ x-coordinates of points on Montgomery curves ⓘ
publicationYear	1987 ⓘ
relatedTo	Montgomery curve NERFINISHED ⓘ constant-time cryptographic implementations ⓘ double-and-add algorithm ⓘ windowed scalar multiplication ⓘ
securityGoal	mitigation of power analysis side channels ⓘ mitigation of timing side channels ⓘ
usedFor	Curve25519-based key exchange ⓘ Diffie–Hellman key exchange NERFINISHED ⓘ Elliptic Curve Diffie–Hellman NERFINISHED ⓘ constant-time scalar multiplication ⓘ key agreement protocols ⓘ scalar multiplication on elliptic curves ⓘ side-channel-resistant scalar multiplication ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Curve25519-based schemes → usesScalarMultiplicationAlgorithm → Montgomery ladder ⓘ