A method of generating and verifying a cryptographic digital signature using joint sparse expansion by a signer first selecting a field, an elliptic curve over the field, a point P of order q on the elliptic curve, w, k. Next, generating W=wP and K=kP. Next, transforming K to K*. Next, combining K*, W, and a message M to produce h. Next, combining K*, W, and M to produce c. Next, generating, s by either s=hw+ck (mod q), s=(hw+c)/k (mod q), or s=(hk+c)/w (mod q). Next, forming the digital signature as (K*,s). Next, a verifier acquires the field, the elliptic curve, P, W, M, and (K*,s). Next, computing h and c. Next, selecting (n.sub.0, n.sub.1) as either (sc.sup.-1 (mod q), -hc.sup.-1 (mod q)), (cs.sup.-1 (mod q), hs.sup.-1 (mod q)) or (-ch.sup.-1 (mod q), sh.sup.-1 (mod q)). Next, generating binary expansions of n.sub.0 and n.sub.1 in joint sparse form. Next, computing, Q=n.sub.0P+n.sub.1W via twin multiplication and a double-add-subtract method with the binary expansions in joint sparse form. Next, transforming, Q to Q*. Lastly, verifying, the digital signature if Q*=K*.Method of elliptic curve digital signature using expansion in joint sparse form702455904/04/200628/06/200220061,376Solinas; Jerome A.US Patent and Trademark OfficeGoogle Patent Searchpatentimages.storage.googleapis.com/US7024559B1/US07024559-20060404-D00000.pngUniquemodjoint sparse formelliptic curvedigital signaturenextfieldbinary expansionsjoint sparse expansioncryptographic digital signatureexpansion