In which scenarios we go for prime fields or binary fields? Please indicate why we would choose one over the other.
Asked
Active
Viewed 1,573 times
2 Answers
5
Binary fields were developed since they yield more efficient implementations. This is especially true given the Intel PCLMULQDQ instruction. Note, that there are special types of Binary fields that are even more efficient, like Koblitz curves.
However, in general, our confidence in the security of these curves is less than for prime-field curves. Thus, in general, my preference is to use prime-field curves unless there's a special reason why not to.
Yehuda Lindell
- 28,270
- 1
- 69
- 86
1
- Binary fields require only xor and shift operations to implement (i.e. no multiplications), and thus are faster in many platforms;
- For the same reason, they are easier to make their implementations resistant to timing attacks (i.e. no need to handle carries);
- For the same reason, are easier to implement in hardware;
- Some processors have support for binary polynomial multiplication to use with GCM (e.g. Intel PCLMULQDQ; ARM PMULL), and this can be used for binary ECC too, making it even faster.
Conrado
- 6,614
- 1
- 30
- 45