Worst case computation time for minimal joint Hamming weight numeral system

In this work, we analyze the worst case computation time of multi-scalar multiplication implemented using redundant numeral systems. As the operation is one of the bottleneck operation of elliptic curve cryptography, there are many methods proposed for finding its average computation time. However, having a different computation time for a different input is prone to be weak against side channel attacks. To prevent the attack, we need to make the computation time for all inputs as slow as the worst case, and the worst case computation time can be a better tool for evaluating the operation in this situation. This paper propose a method for finding the worst case computation time for several numeral systems. The method is based on our AJHW Markov chain and the maximum mean cycle algorithm on sparse graph. The algorithm works efficiently for the numeral systems with digit set D_S = {0, ±1, ±3, ..., ±(2h + 1)}, which is practically used in elliptic curve cryptography. As a result, we can evaluate the numeral systems of single integer for 0 ≤ h ≤ 513, and the numeral systems of integer pair for 0 ≤ h ≤ 5.