## A Sublinear-Time Parallel Algorithm for Integer Modular Exponentiation (1999)

Citations: | 8 - 0 self |

### BibTeX

@MISC{Sorenson99asublinear-time,

author = {Jonathan P. Sorenson},

title = {A Sublinear-Time Parallel Algorithm for Integer Modular Exponentiation},

year = {1999}

}

### Years of Citing Articles

### OpenURL

### Abstract

The modular exponentiation problem is, given integers x; a; m with m ? 0, compute x a mod m. Let n denote the sum of the lengths of x, a, and m in binary. We present a parallel algorithm for this problem that takes O(n= log log n) time on the common CRCW PRAM using O(n 2+ffl ) processors. This algorithm is based on Bernstein's Explicit Chinese Remainder Theorem combined with a fast method for parallel prefix summation. We also present a linear time algorithm for the EREW PRAM. 1 Introduction. In this paper we present a new parallel algorithm for the modular exponentiation problem. This problem is, given integers x; a and a positive integer m, compute x a mod m. Applications for this problem are quite numerous, and include primality testing, integer factoring, the discrete logarithm problem, and cryptographic protocols based on these problems such as RSA. It is not an overstatement to say that modular exponentiation is a fundamentally important problem, and fast algorithms for t...

### Citations

2466 | S.: Handbook of Applied Cryptography
- Menezes, Oorschot, et al.
- 1996
(Show Context)
Citation Context ...ols based on these problems such as RSA. It is not an overstatement to say that modular exponentiation is a fundamentally important problem, and fast algorithms for this problem are of great interest =-=[2, 14, 15, 17]-=-. A classical analysis of the well-known binary algorithm for this problem yields a running time of O(n 3 ), where n is the number of bits in x, a, and m [2, Section 5.4]. By using FFT multiplication,... |

847 | An Introduction to the Theory of Numbers - Hardy, Wright - 1980 |

296 |
Approximate formulas for some functions of prime numbers
- Rosser, Schoenfeld
- 1962
(Show Context)
Citation Context ... Because b is a power of two, the a j s can be read off directly from the binary expansion of a. This can be done in O(1) time using O(n) processors. Step 2. For xs41, P px log psx(1 \Gamma 1= log x) =-=[20]-=-. Thus, for xs41, P px log psx=2. From this, we have that log P = P s i=1 log p is4b log 2m and Ps2(m 4b )s2( P p i m 2 ) b for m sufficiently large. We will use this later for the explicit Chinese Re... |

285 | Parallel Algorithms for Shared-Memory Machines - Karp, Ramachandran - 1990 |

255 | The Art of Computer Programming, Seminumerical Algorithms Volume 2, third edition - Knuth - 1998 |

192 |
A Course in Number Theory and Cryptography
- Koblitz
- 1994
(Show Context)
Citation Context ...ols based on these problems such as RSA. It is not an overstatement to say that modular exponentiation is a fundamentally important problem, and fast algorithms for this problem are of great interest =-=[2, 14, 15, 17]-=-. A classical analysis of the well-known binary algorithm for this problem yields a running time of O(n 3 ), where n is the number of bits in x, a, and m [2, Section 5.4]. By using FFT multiplication,... |

154 | A survey of fast exponentiation methods
- Gordon
- 1998
(Show Context)
Citation Context ...an be reduced to O(n 2 log n log log n) bit operations [21]. Research into speeding modular exponentiation has focused on ideas such as addition chains, window methods, and precomputation; see Gordon =-=[8]-=- for a recent survey of such techniques. The parallel complexity of modular exponentiation is an open problem. Like for the GCD problem, it is not known whether modular exponentiation is in the parall... |

147 | Synthesis of Parallel Algorithms - Reif - 1993 |

117 |
Log-depth circuits for division and related problem
- Beame, Cook, et al.
- 1986
(Show Context)
Citation Context ... Computing bx=yc and x mod y takes either O(log n log log n) time and O(n log n log log n) processors (logspace-uniform circuits) [19] or O(log n) time and O(n 1+ffl ) processors (P-uniform circuits) =-=[3]-=-, both on the EREW PRAM. ffl Computing x y where 0sy = O(n) takes O(log n) time and polynomial number of processors [3] on the EREW PRAM. In our description of the sublinear algorithm is Section 5, we... |

45 |
Unbounded fan-in circuits and associative functions
- CHANDRA, FORTUNE, et al.
- 1985
(Show Context)
Citation Context ...forming comparisons takes O(log n) time and O(n) processors on the EREW PRAM. ffl Computing x \Sigma y and performing comparisons takes O(1) time and O(n log log n) processors on the common CRCW PRAM =-=[5]-=-. ffl Computing xy takes O(log n) time and O(n log n log log n) processors on the EREW PRAM (using FFT methods) [21]. ffl Computing bx=yc and x mod y takes either O(log n log log n) time and O(n log n... |

39 |
Limits to Parallel Computation
- Greenlaw, Hoover, et al.
- 1995
(Show Context)
Citation Context ... chosen is not known beforehand. Of the three CRCW PRAM models, the priority model has the most power, and the common and arbitrary models are equal in power (up to a constant factor in running time) =-=[9]-=-. Thus, any program for the EREW PRAM will run on a CREW PRAM, and any program for the CREW PRAM will run on a CRCW PRAM of any flavor. We use only the common/arbitrary flavor of the CRCW PRAM model i... |

24 |
Two Fast GCD Algorithms
- Sorenson
- 1994
(Show Context)
Citation Context ... total time of O(log s log n) time using O(n 1+ffi log n log log n) processors for each i. Dividing each P i by p i falls within this complexity bound, as does the GCD computation to compute inverses =-=[22]-=- (we could even do the GCD computation sequentially for each i). Dividing each P i by m takes O(log n log log n) time and O(n 1+ffi log n log log n) processors for each i. This takes a total of O(log ... |

19 |
Algorithmic Number Theory - Volume 1
- Bach, Shallit
- 1996
(Show Context)
Citation Context ...ols based on these problems such as RSA. It is not an overstatement to say that modular exponentiation is a fundamentally important problem, and fast algorithms for this problem are of great interest =-=[2, 14, 15, 17]-=-. A classical analysis of the well-known binary algorithm for this problem yields a running time of O(n 3 ), where n is the number of bits in x, a, and m [2, Section 5.4]. By using FFT multiplication,... |

17 |
Using smoothness to achieve parallelism
- Adleman, Kompella
- 1988
(Show Context)
Citation Context ...en problem. Like for the GCD problem, it is not known whether modular exponentiation is in the parallel complexity class NC. Previous work on parallel algorithms includes that of Adleman and Kompella =-=[1]-=-, who gave a probabilistic parallel algorithm that takes O(log 3 n) time using exp[O( p n log n)] processors. Von zur Gathen proved that if the modulus m is sufficiently smooth (that is, composed enti... |

15 |
Schnelle multiplikation groer zahlen
- Schnhage, Strassen
- 1971
(Show Context)
Citation Context ...this problem yields a running time of O(n 3 ), where n is the number of bits in x, a, and m [2, Section 5.4]. By using FFT multiplication, this can be reduced to O(n 2 log n log log n) bit operations =-=[21]-=-. Research into speeding modular exponentiation has focused on ideas such as addition chains, window methods, and precomputation; see Gordon [8] for a recent survey of such techniques. The parallel co... |

14 | Efficient Algorithms for Computing the Jacobi Symbol - EIKENBERRY, SORENSON - 1996 |

11 | Optimal size integer division circuits
- Reif, Tait
- 1990
(Show Context)
Citation Context ...n log log n) processors on the EREW PRAM (using FFT methods) [21]. ffl Computing bx=yc and x mod y takes either O(log n log log n) time and O(n log n log log n) processors (logspace-uniform circuits) =-=[19]-=- or O(log n) time and O(n 1+ffl ) processors (P-uniform circuits) [3], both on the EREW PRAM. ffl Computing x y where 0sy = O(n) takes O(log n) time and polynomial number of processors [3] on the EREW... |

9 |
The parallel complexity of exponentiating polynomials over finite fields
- Fich, M
- 1985
(Show Context)
Citation Context ...revious work on parallel algorithms for modular inverses, exponentiation in finite fields, and exponentiation of polynomials includes that of Fich and Supported in part by NSF grant CCR-9626877 Tompa =-=[7]-=-, von zur Gathen and Nocker [25], and Mnuk [16]. Recently, von zur Gathen and Shparlinski gave a lower bound of\Omega\Gamma/20 n) for the parallel time of modular inverse on the CREW PRAM [26]. As any... |

8 |
Two Fast Parallel Prime Number Sieves
- Sorenson, Parberry
- 1994
(Show Context)
Citation Context ... that s = O(p s = log p s ) = O(n 1+ffi ), and finally log P = O(p s ) = O(n 1+ffi ). Finding the primes up to O(b log m) takes O(log(b log m)) time using O(b log m) processors using a parallel sieve =-=[23]-=-. We explicitly calculate P and the P i in Step 4 below. Step 3. To factor the integers up to p s , we can first find the least prime factor of each integer up to p s using Algorithm 3.1 from [23] in ... |

7 | Multidigit modular multiplication with the explicit chinese remainder theorem
- Bernstein
- 1995
(Show Context)
Citation Context ...odular exponentiation. It takes O(n= log log n) time on the CRCW PRAM using a polynomial number of processors. This algorithm makes use of Bernstein's version of the explicit Chinese Remainder Theorem=-=[4]-=- and a fast CRCW PRAM method for parallel prefix summation. We also present a simple O(n) time algorithm for the EREW PRAM, which is used as a preliminary step in obtaining our sublinear-time algorith... |

7 |
zur Gathen. Computing powers in parallel
- von
- 1987
(Show Context)
Citation Context ...is sufficiently smooth (that is, composed entirely of sufficiently small primes), then in this special case modular exponentiation takes parallel circuit depth O(log n) for P-uniform circuit families =-=[24]-=-. Previous work on parallel algorithms for modular inverses, exponentiation in finite fields, and exponentiation of polynomials includes that of Fich and Supported in part by NSF grant CCR-9626877 Tom... |

3 |
Cryptology and Computational Number Theory, volume 42
- Pomerance, editor
- 1990
(Show Context)
Citation Context |

2 |
A div (n) depth Boolean circuit for smooth modular inverse
- Mnuk
- 1991
(Show Context)
Citation Context ...r inverses, exponentiation in finite fields, and exponentiation of polynomials includes that of Fich and Supported in part by NSF grant CCR-9626877 Tompa [7], von zur Gathen and Nocker [25], and Mnuk =-=[16]-=-. Recently, von zur Gathen and Shparlinski gave a lower bound of\Omega\Gamma/20 n) for the parallel time of modular inverse on the CREW PRAM [26]. As any algorithm for modular exponentiation can be us... |

1 |
The parallel complexity of integer prefix summation
- Hagerup
- 1995
(Show Context)
Citation Context ...t i require integers of at most O(log sp 2 s ) = O(log n) bits. It should be clear that computing t i dominates the cost of the main loop. We use the fast CRCW PRAM parallel prefix circuit of Hagerup =-=[10]-=-. For fixed i, computing t i then requires O(log n= log log n) time and O(n 1+ffi ) processors. Thus, the total cost for the main loop is O(l log n= log log n) = O(n= log log n) time and O(sn 1+ffi ) ... |

1 |
zur Gathen and Micheal Nocker. Exponentiation in finite fields: theory and practice
- von
- 1997
(Show Context)
Citation Context ...thms for modular inverses, exponentiation in finite fields, and exponentiation of polynomials includes that of Fich and Supported in part by NSF grant CCR-9626877 Tompa [7], von zur Gathen and Nocker =-=[25]-=-, and Mnuk [16]. Recently, von zur Gathen and Shparlinski gave a lower bound of\Omega\Gamma/20 n) for the parallel time of modular inverse on the CREW PRAM [26]. As any algorithm for modular exponenti... |

1 |
zur Gathen and Igor Shparlinski. The CREW PRAM complexity of modular inversion
- von
- 1998
(Show Context)
Citation Context ...77 Tompa [7], von zur Gathen and Nocker [25], and Mnuk [16]. Recently, von zur Gathen and Shparlinski gave a lower bound of\Omega\Gamma/20 n) for the parallel time of modular inverse on the CREW PRAM =-=[26]-=-. As any algorithm for modular exponentiation can be used to compute inverses, this result gives a lower bound for modular exponentiation as well. For many applications in cryptography, the base x is ... |