1. Lecture 11-12 Implementations

2. The efficiency of a particular cryptographic scheme based on any one of the algebraic structures will depend on a number of factors, such as parameter size, time- memory tradeoffs, processing power available, software and/or hardware optimization, and mathematical algorithms. This lecture is concerned primarily with mathematical algorithms for efficiently carrying out computations in the underlying algebraic structure.

3. The algorithms described in this lecture are those which, for the most part, have received considerable attention in the literature. Although some attempt is made to point out their relative merits, no detailed comparisons are given.

4. Outline  Prime Number Issue  Exponentiation  Exponent Recoding  Multi-Exponentiation  Chinese Remainder Theorem for RSA  Montgomery Reduction Method

5. 1 Prime Number Issue

6. 1.1 Miller-Rabin Test

7. 1.1 Miller-Rabin Test (Continued)

14. 1.2 Prime Number Generation Prime number generation differs from primality testing as before, but may and typically does involve the latter. The former allows the construction of candidates of a fixed form which may lead to more efficient testing than possible for random candidates.

15. 1.2.1 Random Search for Probable Primes

16. 1.2.1 Random Search for Probable Primes (Continued)

20. 1.2.2 Strong Primes

21. 1.2.2 Strong Primes (Continued)

23. 1.2.3 Generating DSA Primes

24. 1.2.3 Generating DSA Primes (Continued)

28. 2 Exponentiation

30. 2.1 Problem Model 2.1.1 Addition Chains

31. 2.1.2 Addition–Subtraction Chains

32. 2.1.3 Addition Sequences and Vector Addition Chains

33. 2.1.3 Addition Sequences and Vector Addition Chains (Continued)

35. 2.2 Techniques for General Exponentiation 2.2.1 The Binary Method

36. 2.2.1 The Binary Method (Continued)

42. 2.2.2 k-ary Method

43. 2.2.2 k-ary Method (Continued)

47. 2.2.3 Sliding-Window Exponentiation

48. 2.2.3 Sliding-Window Exponentiation (Continued)

49. 2.3 Fixed-Exponent Exponentiation Algorithms There are numerous situations in which a number of exponentiations by a fixed exponent must be performed. Examples include RSA encryption and decryption, and ElGamal decryption.

50. 2.3 Fixed-Exponent Exponentiation Algorithms (Continued)

53. 2.4 Fixed-Base Exponentiation Algorithms

54. 2.4.1 Fixed-Base Windowing Method

55. 2.4.1 Fixed-Base Windowing Method (Continued)

57. 2.4.2 Fixed-Base Euclidean Method

58. 2.4.2 Fixed-Base Euclidean Method (Continued)

61. 3 Exponent Recoding Another approach to reducing the number of multiplications in the basic binary method is to replace the binary representation of the exponent e with a representation which has fewer non-zero terms. Since the binary representation is unique, finding a representation with fewer non-zero components necessitates the use of digits besides 0 and 1. Transforming an exponent from one representation to another is called exponent recoding.

62. 3.1 Signed-Digit Representation

63. 3.1 Signed-Digit Representation (Continued)

64. Table look-up for the non-adjacent form exponent recoding.

65. 3.1 Signed-Digit Representation (Continued)

66. 3.2 The Binary Method Using NAF

67. 4 Multi-Exponentiation There are a number of situations which require computation of the product of several exponentials with distinct bases and distinct exponents, for example, verification of ElGamal signatures. Rather than computing each exponential separately, we consider the method to do them simultaneously.

68. 4.1 Shamir Trick

69. 4.1 Shamir Trick (Continued)

71. 4.2 Extended Shamir Trick

72. 5 Chinese Remainder Theorem for RSA

73. 5 Chinese Remainder Theorem for RSA (Continued)

76. 6 Montgomery Reduction Method

77. 6.1 Montgomery Multiplication

78. 6.1 Montgomery Multiplication (Continued)

80. 6.2 Montgomery Exponentiation

81. 6.2 Montgomery Exponentiation (Continued)

82. Thank you!