Presentation is loading. Please wait.

Presentation is loading. Please wait.

Area-Time-Efficient Montgomery Modular Multiplication

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Area-Time-Efficient Montgomery Modular Multiplication"— Presentation transcript:

1 Area-Time-Efficient Montgomery Modular Multiplication
Manfred Schimmler, Viktor Bunimov, Boris Tolg Institute for Computer Engineering and Communication Networks, Technical University of Braunschweig, Germany

2 Modular Multiplication
Montgomery Multiplication: Same Idea as Interleaved Molular Multiplication: Reduce length of intermediate result Avoid Comparisons with M by operating LSB-first Y Y X P + xi*Y if LSB(sum)=1 then add(M) sum M + shift left new sum new P

3 Montgomery Multiplication
Y X Montgomery Multiplication 0111 0111 * 1011 0111 0111 0111 1 1 1 0000 0111 0111 1 P0=1? 1101 10100 1010 div 2 0111 10001 1 P0=1? P = 0 For i = 0 to n-1 do P = P + xi*Y if P0=1 then P = P + M P = P div 2 If P > M then P = P - M Result = P 1101 1111 11110 div 2 0000 1111 1 P0=1? 1101 11100 1110 div 2 0111 10101 1 P0=1? 1101 10001 100010 div 2 >M? -1101 ____ 0100 X*Y*16-1 mod M = 0

4 Montgomery Multiplication
Needs precomputing of 162 mod M and a second pass through the same algorithm Temp = X*Y*16-1 mod M = 0 P = Temp*162*16-1 mod M = X*Y mod M

5 Carry Save Addition 3 Operands X, Y, Z 2 Results S, C S+2*C = X+Y+Z Z:
Y: FA X: S: C:

6 Carry Save Addition 3 Operands X, Y, Z 2 Results S, C S+2*C = X+Y+Z
Advantage: no carry propagation addition in O(1) time Disadvantage: difficult to compare results even difficult to compare to 0

7 Algorithm for fast Montgomery Multiplication with using Carry Save Addition
Inputs: X,Y,M with 0  X,Y < M Output: P = (X  Y  (2n)-1) mod M n: number of bits in X, xi : ith bit of X s0: LSB of S 1. S := 0; C := 0; 2. for i:=0 to k-1 do 3. S,C := S + C + xi*Y; 4. S,C := S + C + s0*M; 5. S := S div 2; C := C div 2; 6. P := S + C 7. if P  M then P := P ­ M;

8 Implementation of Algorithm for fast Montgomery Multiplication

9 Algorithm for new Montgomery Multiplication with using Carry Save Addition
Inputs: X,Y,M with 0  X,Y < M Output: P = (X  Y  (2n)-1) mod M n: number of bits in X, xi : ith bit of X s0 : LSB of S, c0 : LSB of C, y0 : LSB of Y R: precomputed value of Y+M 1. S := 0; C := 0; 2. for i:=0 to k-1 do 3. if (s0 = c0) and not x0 then I := 0; 4. if (s0  c0) and not x0 then I := M; 5. if not(s0  c0  y0) and x0 then I := Y; 6. if (s0  c0  y0) and x0 then I := R; 7. S,C := S + C + I; 8. S := S div 2; C := C div 2; 9. P := S + C 10. if P  M then P := P ­ M;

10 Implementation of Algorithm for new Montgomery Multiplication

11 Complexity Montgomery fast Version: Area: 2 n-Bit-Adders
Time: 2*n loops, each of time 2 AT: 8*n2 Montgomery new Version: Area: 1 n-Bit-Adders Time: n loops, each of time 1 AT: 2*n2

12 Conclusion The new Method is + time efficient + area efficient
+ energy efficient + simple ++ superior to the methods currently used!

13 Future work Improving the new method by higher-radix-techniques
Modular squaring Modular exponentiation Implementation of applications (like RSA)

Download ppt "Area-Time-Efficient Montgomery Modular Multiplication"

Similar presentations

AKS Implementation of a Deterministic Primality Algorithm

AKS Implementation of a Deterministic Primality Algorithm
Modular Arithmetic Several important cryptosystems make use of modular arithmetic. This is when the answer to a calculation is always in the range 0 –

Modular Arithmetic Several important cryptosystems make use of modular arithmetic. This is when the answer to a calculation is always in the range 0 –
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
1 ECE 4436ECE 5367 Computer Arithmetic I-II. 2 ECE 4436ECE 5367 Addition concepts 1 bit adder –2 inputs for the operands. –Third input – carry in from.

1 ECE 4436ECE 5367 Computer Arithmetic I-II. 2 ECE 4436ECE 5367 Addition concepts 1 bit adder –2 inputs for the operands. –Third input – carry in from.
ECE2030 Introduction to Computer Engineering Lecture 13: Building Blocks for Combinational Logic (4) Shifters, Multipliers Prof. Hsien-Hsin Sean Lee School.

ECE2030 Introduction to Computer Engineering Lecture 13: Building Blocks for Combinational Logic (4) Shifters, Multipliers Prof. Hsien-Hsin Sean Lee School.
Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.

Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000 CHES 2000 Data Integrity in Hardware for Modular Arithmetic Colin Walter Computation Department,

C. Walter, Data Integrity for Modular Arithmetic, CHES 2000 CHES 2000 Data Integrity in Hardware for Modular Arithmetic Colin Walter Computation Department,
1 EFFICIENT ADDERS TO SPEEDUP MODULAR MULTIPLICATION FOR CRYPTOGRAPHY Adnan Gutub Hassan Tahhan Computer Engineering Department KFUPM, Dhahran, SAUDI ARABIA.

1 EFFICIENT ADDERS TO SPEEDUP MODULAR MULTIPLICATION FOR CRYPTOGRAPHY Adnan Gutub Hassan Tahhan Computer Engineering Department KFUPM, Dhahran, SAUDI ARABIA.
MD5 Message Digest Algorithm CS265 Spring 2003 Jerry Li Computer Science Department San Jose State University.

MD5 Message Digest Algorithm CS265 Spring 2003 Jerry Li Computer Science Department San Jose State University.
Lecture 14 Go over midterm results Algorithms Efficiency More on prime numbers.

Lecture 14 Go over midterm results Algorithms Efficiency More on prime numbers.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Code and Decoder Design of LDPC Codes for Gbps Systems Jeremy Thorpe Presented to: Microsoft Research 2002.11.25.

Code and Decoder Design of LDPC Codes for Gbps Systems Jeremy Thorpe Presented to: Microsoft Research
Computer ArchitectureFall 2008 © August 25, 2008 www.qatar.cmu.edu/~msakr/15447-f08/ CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (1)

Computer ArchitectureFall 2008 © August 25, CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (1)
An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.

An Expandable Montgomery Modular Multiplication Processor Adnan Abdul-Aziz GutubAlaaeldin A. M. Amin Computer Engineering Department King Fahd University.
Arithmetic-Logic Units CPSC 321 Computer Architecture Andreas Klappenecker.

Arithmetic-Logic Units CPSC 321 Computer Architecture Andreas Klappenecker.
CSC 3323 Notes – Introduction Algorithm Analysis.

CSC 3323 Notes – Introduction Algorithm Analysis.
Montgomery’s Multiplication Technique: How to make it Smaller and Faster Colin D. Walter Computation Department, UMIST, UK www.co.umist.ac.uk.

Montgomery’s Multiplication Technique: How to make it Smaller and Faster Colin D. Walter Computation Department, UMIST, UK
ECE 301 – Digital Electronics

ECE 301 – Digital Electronics
M. Interleaving Montgomery High-Radix Comparison Improvement Adders CLA CSK Comparison Conclusion Improving Cryptographic Architectures by Adopting Efficient.

M. Interleaving Montgomery High-Radix Comparison Improvement Adders CLA CSK Comparison Conclusion Improving Cryptographic Architectures by Adopting Efficient.

Similar presentations

Ads by Google