@article{Nath_Sarkar_2021, title={Reduction Modulo 2^{448}-2^{224}-1}, url={https://journals.flvc.org/mathcryptology/article/view/123700}, abstractNote={<p>An elliptic curve known as Curve448 defined over the finite field $\mathbb{F}_p$, where $p=2^{448}-2^{224}-1$, has been proposed as part of <br>the Transport Layer Security (TLS) protocol, version 1.3. Elements of $\mathbb{F}_p$ can be represented using 7 limbs where each limb is a 64-bit <br>quantity. This paper describes efficient algorithms for reduction modulo $p$ that are required for performing field arithmetic in $\mathbb{F}_p$ <br>using 7-limb representation. A key feature of our work is that we provide the relevant proofs of correctness of the algorithms. <br>We also report efficient 64-bit assembly implementations for key generation and shared secret computation of the Diffie-Hellman key agreement <br>protocol on Curve448. Timings results on the Haswell and Skylake processors demonstrate that the new 64-bit implementations for computing the <br>shared secret are faster than the previously best known 64-bit implementations.</p>}, number={1}, journal={Mathematical Cryptology}, author={Nath, Kaushik and Sarkar, Palash}, year={2021}, month={Jan.}, pages={8–21} }