Hung-Min Sun,Mu-En Wu

2005-01-01

Abstract:Based on the Chinese Remainder Theorem (CRT), Quisquater and Couvreur proposed an RSA variant, RSA-CRT, to speed up RSA decryption. Then, Wiener suggested another RSA variant, Rebalanced RSA-CRT, to further accelerate RSA-CRT decryption by shifting decryp- tion cost to encryption cost. However, such an approach makes RSA encryption very time- consuming because the public exponent e in Rebalanced RSA-CRT is of the same order of magnitude as φ(N). In this paper we study the following problem: does there exist any secure variant of Rebalanced RSA-CRT, whose public exponent e is much shorter than φ(N) ?W e solve this problem by designing two variants of Rebalanced RSA-CRT, Scheme A and Scheme B. In Scheme A, we focus on designing a variant in which dp and dq are of 160 bits, and e =2 567 +1. Thus the encryption time is reduced to about 1 2.7 of the time required by the original Rebalanced RSA-CRT. Scheme B is a variant in which dp and dq are of 198 bits, and e =2 511 +1 .T hus its encryption is about 3 times faster than that of Rebalanced RSA-CRT, but the decryption is a little slower than that of Rebalanced RSA-CRT.

Hung-Min Sun,Mu-En Wu,M. Jason Hinek,Cheng-Ta Yang,Vincent S. Tseng

DOI: https://doi.org/10.1016/j.jss.2009.04.001

2009-01-01

Abstract:In 1982, Quisquater and Couvreur proposed an RSA variant, called RSA-CRT, based on the Chinese Remainder Theorem to speed up RSA decryption. In 1990, Wiener suggested another RSA variant, called Rebalanced-RSA, which further speeds up RSA decryption by shifting decryption costs to encryption costs. However, this approach essentially maximizes the encryption time since the public exponent e is generally about the same order of magnitude as the RSA modulus. In this paper, we introduce two variants of Rebalanced-RSA in which the public exponent e is much smaller than the modulus, thus reducing the encryption costs, while still maintaining low decryption costs. For a 1024-bit RSA modulus, our first variant (Scheme A) offers encryption times that are at least 2.6 times faster than that in the original Rebalanced-RSA, while the second variant (Scheme B) offers encryption times at least 3 times faster. In both variants, the decrease in encryption costs is obtained at the expense of slightly increased decryption costs and increased key generation costs. Thus, the variants proposed here are best suited for applications which require low costs in encryption and decryption.

Hung-Min Sun,Mu-En Wu

2005-01-01

Abstract:Based on the Chinese Remainder Theorem (CRT), Quisquater and Couvreur proposed an RSA variant, RSA-CRT, to speedup RSA decryption. According to RSA-CRT, Wiener sug- gested another RSA variant, Rebalanced RSA-CRT, to further speedup RSA-CRT decryption by shifting decryption cost to encryption cost. However, such an approach will make RSA en- cryption very time-consuming because the public exponent e in Rebalanced RSA-CRT will be of the same order of magnitude as φ(N). In this paper we study the following problem: does there exist any secure variant of Rebalanced RSA-CRT, whose public exponent e is much shorter than φ(N)? We solve this problem by designing a variant of Rebalanced RSA-CRT with dp and dq of 198 bits. This variant has the public exponent e =2 511 +1such that its encryption is about 3 times faster than that of the original Rebalanced RSA-CRT.

ZHOU Yi,SHEN Hai-bin,FAN Jun-feng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2006.06.015

2006-01-01

Abstract:RSA is a time-consumed algorithm and is always implemented by using Montgomery multiplication algorithm.The paper develops a two-stage Montgomery multiplication algorithm and presents a high speed scalable hardware implementation based on the algorithm described for the RSA computation.High-radix,2~(64) is used in the algorithm.Compared with other Montgomery multiplication algorithm,the performance of RSA algorithm is highly improved.In hardware area,based on three pipelined 64×64 bit multiplier,five pipelined process unit is designed.Its architecture gives enough freedom to select the operand length to be used.It can implement multi RSA operation such as 1 024 bit,2 048 bit.In the 1 024 bit condition,its encrypt speed can reach 8 800 times per second.The system simulation and tapeout is based on SIMC0.18 technology.

Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

Hung-Min Sun,Cheng-Ta Yang,Mu-En Wu

DOI: https://doi.org/10.1587/transfun.e92.a.912

2009-01-01

Abstract:In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However. in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order Of magnitude as phi(N). Sun et al. devised three RSA variants Using unbalanced prime factors p and q to lower the computational cost. Unfortunately. Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances With Unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the Security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, We provide the security analysis and feasibility analysis of the proposed schemes.

Hung-Min Sun,Cheng-Ta Yang

DOI: https://doi.org/10.1007/978-3-540-30580-4_14

2005-01-01

Abstract:In typical RSA, it is impossible to create a key pair (e,d) such that both are simultaneously much shorter than φ (N). This is because if d is selected first, then e will be of the same order of magnitude as φ (N), and vice versa. At Asiacrypt'99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N0.25 and N0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bit-length $\frac{1}{2}\log _{2}N+56$. The third RSA variant is constructed by such a method that allows a trade-off between the lengths of d and e. Unfortunately, at Asiacrypt'2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a trade-off between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolen-secret attack is presented.

Yuyang Pan,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2019.8754007

2019-01-01

Abstract:RSA is a secure, high quality, asymmetric key algorithm which is widely used today. To realize high performance and high flexibility at the same time, measures of hardware/software co-design are taken. Four schemes of RSA algorithm based on different partition of software and hardware are implemented: flexibility-orientated, performance-orientated, balanced one and pure hardware implementation. Some optimization attempts are taken. The bottleneck of SOS algorithm is analyzed and accelerated by ASM language to reach 75.9% running time reduction. The performance-orientated scheme put computation-intensive parts into hardware and communication part into software to take the advantage of each one. It is even faster than pure hardware scheme in decryption. The cycle of the this scheme is less than 2% of the pure software scheme.

M Wu,XY Zeng,J Han,YX Ma,YY Wu,GQ Zhang

DOI: https://doi.org/10.1360/crad20060411

2006-01-01

Abstract:In this paper, the authors present a VLSI design and ASIC implementation of a low cost RSA cryptosystem based on the modified Montgomery algorithm and the Chinese Remainder Theory (CRT), as well as a new scheduling scheme. The CRT technique improves data throughput, and the new scheduling scheme reduces hardware complexity. As a result, a 1024-bit modular exponentiation calculation can be performed in about 1.2 mega cycles, and the core size is less than 54K gates. With 40MHz system clock, a signature rate over 33kbps can be achieved. Using the SMIC 0.25um CMOS process, the clock frequency can be up to 125MHz and in sequence the signature rate to 100kbps.

Yang Deshan,Lu Kuijun

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.072

2007-01-01

Abstract:The computing speed of RSA encryption algorithm is studied.Some new methods of modular exponentiation,modular multiplication and square for large integer are proposed to improve the efficiency of RSA encryption.Finally,the algorithm is tested in simulative environment.

Wen PANG,Jun-sheng WU

DOI: https://doi.org/10.3969/j.issn.1671-654X.2006.02.035

2006-01-01

Abstract:RSA is the most widely used arithmetic in the field of digital signature at present.Giving a detailed account of the arith-principle and arithmetic process of RSA,analyzed the leak and defect on the aspect of security matter,and formulated a series suggestion on the safety concern of how to enhancing the parameter selective program and avoiding attacked solution.Finally,the developing tend of RSA is prospected.

ZHANG Hong,LIU Fang-yuan

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.15.012

2010-01-01

Abstract:The contradictory between the RSA algorithm of the key,s length and execution efficiency is the bottleneck of the further development of the RSA algotithm.In order to balance the cost of the computation of the canadia decipher,the four prime number RSA algorithm mentioned in the article is the way of fast relization decipher based on four short keys to be divided into four modules ciphertext and the use of Chinese Remainder Theorem.can make large number of high-power operation mode into a low wide of the number of relatively small computing modular exponentiation.

Hung‐Min Sun,Cheng‐Ta Yang,Vincent S. Tseng

2009-01-01

Abstract:—A digital multisignature is a normal digital signature of a message generated by multiple signers with knowledge of multiple private keys. In this paper, we point out that two CRTequations can be totally independent in Rebalanced-RSA. This means that we can choose different public exponents when using Rebalanced-RSA. From this point of view, we proposed the new multisignature-like scheme based on RSA with CRT-Exponents.

LiDong Han,XiaoYun Wang,GuangWu Xu

DOI: https://doi.org/10.1007/s11432-010-4029-2

2010-01-01

Science China Information Sciences

Abstract:This paper concerns the RSA system with private CRT-exponents. Since Chinese remainder rep- resentation provides efficiency in computation, such system is of some practical significance. In this paper, an existing attack to small private CRT-exponents is analyzed. It is indicated that this attack makes nice use of lattice in RSA analysis, but some argument does not hold in general. Several counterexamples are constructed. Refinements and more precise statements of the attack are given.

Mengce Zheng,Noboru Kunihiro,Honggang Hu

DOI: https://doi.org/10.1007/978-3-319-89339-6_15

2018-01-01

Abstract:The standard RSA scheme provides the key equation (edequiv 1pmod {varphi (N)}) for (N=pq), where (varphi (N)=(p-1)(q-1)) is Euler quotient (or Euler’s totient function), e and d are the public and private keys, respectively. It has been extended to the following variants with modified Euler quotient (omega (N)=(p^2-1)(q^2-1)), which in turn indicates the modified key equation is (edequiv 1pmod {omega (N)}).

L. Sreenivasulu Reddy

DOI: https://doi.org/10.1080/09720529.2020.1734292

2020-05-07

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:The RSA public key cryptographic strength (either security of encryption and decryption schemes or efficiency of algorithms) depends upon the complexity in factorizing the largest integer into odd primes. For every chosen integer, the RSA's strength varies. RSA key generation space is the group of non-negative integers relatively prime to ϕ(n) and encryption, decryption spaces are both equal to the group of integers relatively prime to n. Operational time and data storage are two of its efficiency aspects. To reduce the operational time along with reduction data storage is a difficult task in RSA public key cryptography. In addition that the Security of RSA public key cryptography for an adversary with polynomial bounds computations is another biggest task. In this paper, we are going to propose a new kind of public key cryptographic system, nearly four times more efficient in data storage and operational time to that of RSA and probably one fourth of security complexity of RSA. This new crypto system is possible only based on one of the strong pseudo prime test :Rabin-Miller test. So, name it as RM-RSA. In this way,we are going to compare the efficiency of that RM-RSA and previously our proposed S-RSA in "Solovay-Strassen test in a RSA Pubic key Cryptosystem".

Hanlin Zhang,Jia Yu,Chengliang Tian,Le Tong,Jie Lin,Linqiang Ge,Huaqun Wang

DOI: https://doi.org/10.1109/JIOT.2020.2970499

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Rivest-Shamir-Adleman (RSA) is one of the widely deployed public-key algorithms. Yet, its decryption facet is very time consuming for resource-constrained Internet-of-Thing (IoT) devices, as it is based on the modular exponentiation of a large number. Although several variants of RSA have been designed to accelerate decryption, the outcomes have been far from satisfactory. Therefore, it is of imminent importance to investigate how to securely outsource RSA decryption to computational powerful parties as an alternative solution. In this article, we introduce the first efficient and secure outsourcing scheme for RSA decryption in IoT. Though RSA decryption is achieved via modular exponentiation, existing secure outsourcing schemes for modular exponentiation either assume the modulus to be prime and are not applicable to RSA or incur massive computation costs and are heavy laden in practice. To address these issues, we have designed our scheme based on the Chinese remainder theorem (CRT). In our scheme, the private keys (including the exponent and the modulus) and the plaintext are concealed concurrently, and the proposed scheme is highly efficient for both client and cloud. In addition, our scheme enables the client to detect any misbehavior of the cloud server with a probability of 99.17%. To validate the effectiveness of our proposed scheme, we provide rigorous proofs of security and verifiability, as well as efficiency analysis. The effectiveness and efficiency of our scheme are further confirmed based on experimental results.

Tao Wu,ShuGuo Li,LiTian Liu

DOI: https://doi.org/10.1007/s11432-014-5215-4

2015-01-01

Science China Information Sciences

Abstract:This paper improves the quotient-pipelined high radix scalable Montgomery modular multiplier by processing w-bit and k-bit words in carry save form instead of some(w + k)-bit length operands. It directly reduces both the critical path and the area overhead of the original processing elements. Then based on this improved high-radix scalable Montgomery modular multiplier, we propose an efficient hardware architecture for RSA decryption with Chinese Remainder Theorem. With simple configuration logics, the hardware unit works in three modes:(1) scalable modular reduction for precomputation,(2) scalable Montgomery modular multiplication for modular exponentiation, where an approximation method is developed to reduce the expanded result below the modulus, and(3) scalable multiplication for post-processing. Hardware implementation shows that the proposed architecture is optimal with reference to the literature in terms of speed, area, and frequency.A 4096-bit RSA decryption in XC2V6000-6 FPGA can be completed in 11.05 ms with 14041 slices/17409 LUTs,128 16 × 16 multipliers, and 70 kbits of block RAMs. Finally, by the use of Montogmery powering ladder the modular exponentiation unit based on the improved high radix scalable Montgomery modular multiplier can be built resistant to fault and simple power attacks. A 1024-bit modular exponentiation unit with such resistances costs about 255 K NAND2 gates in.18 μm CMOS process, and one full modular exponentiation takes about1.44 ms at 250 MHz.

MA Chang-sha,HU Ai-qun

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.10.035

2010-01-01

Abstract:RSA is the first public key algorithm for data encryption and digital signature as well,and also the most widelyused digital signature algorithm.RSA's security depends on the integer factorization,and bcause of the large-number calculation,the fastest RSA is 100 times slower than DES,either in software or hardware implementation.Thus the speed has always been its defect.Key generation,encryption and decryption speed constraints are analyzed,a kind of high-performance RSA algorithm dependent on N binary array representation of large numbers,the optimal number of primes and the Chinese Remainder Theory is proposed.And the speed measurement on PIC32 MCU is also done.

Q Liu,Fz Ma,D Tong,X Cheng

DOI: https://doi.org/10.1109/mwscas.2004.1354396

2004-01-01

Abstract:High performance VLSI implementation of the RSA algorithm using the systolic array is presented. High-speed applications of RSA systems require parallel implementations of modular multipliers. Besides using the systolic architecture which is popular in hardware-based RSA systems, a block-based scheme is used to further eliminate global signals, with a pipelined bus to convey data globally. The control signals and intermediate results used for sequential multiplications are transmitted by shift registers. All signals, except for the clock signal, are limited in one block or between two adjacent blocks. A Carry-Save-Adder structure is used for calculating the iterative step of the algorithms which contributes to speed improvement and area saving. In addition, long modular multipliers suffer from the effect of large fanout. Novel architectures are proposed to eliminate the fanout bottleneck, which reduce the achievable minimum clock period of long modular multipliers. Compared to the original modular multiplier architecture with fanout bottleneck, the proposed architectures can achieve an increase of over 7% in throughput without increase in area. The Chinese Remainder Theorem (CRT) technique increases the decryption data rate by a factor of four. Two redundant blocks are added to adapt to the on-line partition of the multiplier and the variation of the length of P and Q in CRT mode.