## Abstract

Communication Security (COSY) - Electrical Engineering and Information Technology Ruhr-Universität Bochum, Universitätsstraße 150, D-44780 Bochum, Germany Addition-subtraction-chains obtained from signed digit recodings of integers are a common tool for computing multiples of random elements of a group where the computation of inverses is a fast operation. Cohen and Solinas independently described one such recoding, the w-NAF. For scalars of the size commonly used in cryptographic applications, it leads to the current scalar multiplication algorithm of choice. However, we could find no formal proof of its optimality in the literature. This recoding is computed right-to-left. We solve two open questions regarding the w-NAF. We first prove that the w-NAF is a redundant radix-2 recoding of smallest weight among all those with integral coefficients smaller in absolute value than 2^{w-1}. Secondly, we introduce a left-to-right recoding with the same digit set as the w-NAF, generalizing previous results. We also prove that the two recodings have the same (optimal) weight. Finally, we sketch how to prove similar results for other recodings.

Original language | English |
---|---|

Pages (from-to) | 130-143 |

Number of pages | 14 |

Journal | Lecture Notes in Computer Science |

Volume | 3357 |

DOIs | |

State | Published - 2004 |

Externally published | Yes |

## Keywords

- Computer arithmetic
- Integer Recoding
- Left-to-right recoding
- Non-adjacent form
- Redundant number representation
- Signed-digit representation
- Width-w non-adjacent form (w-NAF)

## ASJC Scopus subject areas

- Theoretical Computer Science
- Computer Science (all)