## Long Modular Multiplication for Cryptographic Applications (2004)

Venue: | CHES 2004, Misprinted: LNCS 3156 |

Citations: | 10 - 1 self |

### BibTeX

@INPROCEEDINGS{Hars04longmodular,

author = {Laszlo Hars},

title = {Long Modular Multiplication for Cryptographic Applications},

booktitle = {CHES 2004, Misprinted: LNCS 3156},

year = {2004},

pages = {44--61},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

Abstract. A digit-serial, multiplier-accumulator based cryptographic coprocessor architecture is proposed, similar to fix-point DSP's with enhancements, supporting long modular arithmetic and general computations. Several new “column-sum ” variants of popular quadratic time modular multiplication algorithms are presented (Montgomery and interleaved division-reduction with or without Quisquater scaling), which are faster than the traditional implementations, need no or very little memory beyond the operand storage and perform squaring about twice faster than general multiplications or modular reductions. They provide similar advantages in software for general purpose CPU's.

### Citations

2925 | A Method for Obtaining Digital Signatures and Public-Key - Rivest, Shamir, et al. - 1978 |

683 |
The Art of Computer Programming, Volume 2: Seminumerical Algorithms, third ed
- Knuth
- 1998
(Show Context)
Citation Context ...iplications with reciprocals. The reciprocals are calculated with only a small constant number of digit-operations. In our test system linear approximations were followed by 3 or 4 Newton iterations. =-=[9]-=-s4 Laszlo Hars Traditional modular multiplication algorithms We assume m = {mn−1 mn−2…m0} is normalized, that is d ≤ mn−1 < d or d n−1 ≤ m < d n . It is normally the case with RSA moduli. If not, ... |

416 |
Modular multiplication without trial division
- Montgomery
- 1985
(Show Context)
Citation Context ..., digit serial applications (smart card, secure co-processors, consumer electronics, etc.): Interleaved row multiplication and reduction, Montgomery, Barrett and Quisquater multiplications. [1], [3], =-=[12]-=-, [13]. We present algorithmic and HW speedups for them, so we have to review their basic versions first. Montgomery multiplication It is simple and fast, utilizing right-to-left divisions (sometimes ... |

93 | Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a - Barrett - 1987 |

34 | Survey of Hardware Implementations of RSA - Brickell - 1990 |

27 | Comparison of three modular reduction functions
- Bosselaers, Govaerts, et al.
- 1994
(Show Context)
Citation Context ...ained, digit serial applications (smart card, secure co-processors, consumer electronics, etc.): Interleaved row multiplication and reduction, Montgomery, Barrett and Quisquater multiplications. [1], =-=[3]-=-, [12], [13]. We present algorithmic and HW speedups for them, so we have to review their basic versions first. Montgomery multiplication It is simple and fast, utilizing right-to-left divisions (some... |

26 | Minimum weight modified signed-digit representations and fast exponentation - Jedwab, Mitchell - 1989 |

19 |
S.Vanstone, Handbook of Applied Cryptography
- Menezes
- 1996
(Show Context)
Citation Context ... The traditional Montgomery multiplication calculates the product in “row order”, but it still can take advantage of a speedup for squaring. (This is commonly believed not to be the case, see e.g. in =-=[11]-=-, Remark 14.40, but the trick of Fig. 7 works here, too.) The main disadvantage is that the numbers have to be converted to a special form before the calculations and fixed at the end, that is, signif... |

17 | Faster modular multiplication by operand scaling - Walter - 1991 |

15 | R.: Efficient Multiprecision Floating Point Multiplication with Exact Rounding - Krandick, Johnson |

6 |
Recent Results on Modular Multiplications for Smart Cards
- Dhem, Quisquater
- 2000
(Show Context)
Citation Context ...essary, and the corresponding MS-half division becomes trivial. The conversion steps and the calculation with longer modulus could offset the time savings, but in many cases this algorithm is faster. =-=[5]-=- Interleaved row-multiplication and reduction Long division (modular reduction) steps can be interleaved with the multiplication steps. The advantage is that we don't need to store 2n-digit full produ... |

4 |
Theorie der algebraische Zahlen
- Hensel
- 1908
(Show Context)
Citation Context ...speedups for them, so we have to review their basic versions first. Montgomery multiplication It is simple and fast, utilizing right-to-left divisions (sometimes called exact division or odd division =-=[7]-=-). In this direction there are no problems with carries (which propagate away from the processed digits) or with estimating the quotient digit wrong, so no correction steps are necessary. This gives i... |

2 |
presentation at the rump session of Eurocrypt’90
- Quisquater
(Show Context)
Citation Context ...t serial applications (smart card, secure co-processors, consumer electronics, etc.): Interleaved row multiplication and reduction, Montgomery, Barrett and Quisquater multiplications. [1], [3], [12], =-=[13]-=-. We present algorithmic and HW speedups for them, so we have to review their basic versions first. Montgomery multiplication It is simple and fast, utilizing right-to-left divisions (sometimes called... |