The main benefit of HECC is that it has much smaller parameter sizes and offers equivalent security as ECC and RSA. However, there are still more researches on ECC than on HECC. One of the reasons is that the computation of scalar multiplication cannot catch up. The Kummer surface can speed up the scalar multiplication in genus two curves. In this paper, we find that the scalar multiplication formulas of Duquesne in characteristic p > 3 on the Kummer surface are not correct. We verify and revise the formulas with mathematical software. The operation counts become 29M + 2S for new pseudo-addition formulas and 30M + 10S for doubling ones. And then we speed up the scalar multiplication on the Kummer surface with Euclidean addition chains.

Elliptic curves Em: By2 = x3+Ax2+x are suitable for cryptographic use because fast addition operations can be defined over Em. In elliptic curve cryptosystems, encryption/decryption involves multiplying a point P on Em by a large integer n. In this paper, we propose a fast algorithm for computing such scalar multiplication over Em. The new algorithm requires fewer operations than previously proposed algorithms. As a result, elliptic curve cryptosystems based on Em can be speeded up by using the new algorithm.

A fast method for computing a multiple mP for a point P on elliptic curves is proposed. This new method is based on optimal addition sequences and the Frobenius map. The new method can be effectively applied to elliptic curves E(Fqn), where q is a prime power of medium size (e.g., q 128). When we compute mP over curves E(Fqn) with qn of nearly 160-bits and 11 q 128, the new method requires less elliptic curve additions than previously proposed methods. In this case, the average number of elliptic curve additions ranges from 40 to 50.

To speed up discrete-log based cryptographic schemes, we propose new methods of computing exponentiations {gx1, gx2, , gxs} simultaneously in combination with precomputation. Two proposed methods, VAS-B and VSS-B, are based on an extension of vector addition chains and an extension of vector addition-subtraction chains, respectively. Analysis of these methods clarifies upper bounds for the number of multiplications required. The VAS-B requires less multiplications than previously proposed methods with the same amount of storage. The VSS-B requires less multiplications than previously proposed methods with less amount of storage. The VSS-B can suitably be applied to schemes over elliptic curves.