Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

Yi’er Jin,Haibin Shen,Huafeng Chen,Xiaolang Yan

DOI: https://doi.org/10.1007/s11767-006-0257-4

2008-01-01

Abstract:A new structure of bit-parallel Polynomial Basis (PB) multiplier is proposed, which is based on a fast modular reduction method. The method was recommended by the National Institute of Standards and Technology (NIST). It takes advantage of the characteristics of irreducible polynomial, i.e., the degree of the second item of irreducible polynomial is far less than the degree of the polynomial in the finite fields GF(2 m ). Deductions are made for a class of finite field in which trinomials are chosen as irreducible polynomials. Let the trinomial be x m + x h +1, where 1 ≤ k ≤ [m/1]. The proposed structure has shorter critical path than the best known one up to date, while the space requirement keeps the same. The structure is practical, especially in real time cryptographic applications.

WANG Long,BAI Guo-qiang

2008-01-01

Abstract:RSA and ECC are two prevailing public-key crypto-systems.In order to demonstrate the feasibility of using an RSA coprocessor to accelerate the ECC algorithm,we presented a new method for implementing modular inversion which is required by the ECC algorithm.The new method is based on the Montgomery multiplication algorithm and the Montgomery inversion algorithm.We proposed a modification to the Montgomery inversion algorithm and improved the RSA coprocessor.With regard to performance and hardware cost,the new method compares favorably with other methods for modular inversion.The new method is 2.2 times and 7.2 times faster than the implementations based on the extended Euclidean algorithm and those based on Fermat's little theorem,respectively.

T Zhou,XJ Wu,GQ Bai,HY Chen

DOI: https://doi.org/10.1109/icccas.2002.1179061

2002-01-01

Abstract:Modular inversion is one of the kernel arithmetic operations in public key cryptosystems, so the design of low-cost and high-speed hardware implementation is absolutely necessary. In this paper, an improved algorithm for prime fields is presented for hardware facilitation and optimization. The hardware-oriented algorithm involves only ordinary addition/subtraction, and does not need any modular operations or multiplication and division. All of the arithmetic operations in the algorithm can be accomplished by only one adder. These features make it very suitable for fast small VLSI implementation. The VLSI implementation of the algorithm is also given and shows the high performance and low silicon penalty.

Jian Wang,Anping Jiang,Shimin Sheng

2007-01-01

Abstract:The finite field arithmetic is the base of cryptography and modular inversion is the kernel arithmetic operation. The authors present a dual field modular inversion algorithm. The 256-bit inversion circuit based on the proposed algorithm can be used at the 167 MHz clock frequency. It also has an improvement in area complexity compared with other designs.

Chengliang Tian,Jia Yu,Hanlin Zhang,Haiyang Xue,Cong Wang,Kui Ren

DOI: https://doi.org/10.1109/tsc.2019.2937486

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:In cryptography and algorithmic number theory, modular inversion is viewed as one of the most common and time-consuming operations. It is hard to be directly accomplished on resource-constrained clients (e.g., mobile devices and IC cards) since modular inversion involves a great amount of operations on large numbers in practice. To address the above problem, this paper proposes a novel unimodular matrix transformation technique to realize secure outsourcing of modular inversion. This technique makes our algorithm achieve several amazing properties. First, to the best of our knowledge, it is the first secure outsourcing computation algorithm that supports arbitrary and variable modulus, which eliminates the restriction in previous work that the protected modulus has to be a fixed composite number. Second, our algorithm is based on the single untrusted program model, which avoids the non-collusion assumption between multiple servers. Third, for each given instance of modular inversion, it only needs one round interaction between the client and the cloud server, and enables the client to verify the correctness of the results returned from the cloud server with the (optimal) probability 1. Furthermore, we propose an extended secure outsourcing algorithm that can solve modular inversion in multi-variable case. Theoretical analysis and experimental results show that our proposed algorithms achieve remarkable local-client's computational savings. At last, as two important and helpful applications of our algorithms, the outsourced implementations of the key generation of RSA algorithm and the Chinese Reminder Theorem are given.

computer science, information systems, software engineering

周涛,吴行军,白国强,陈弘毅

DOI: https://doi.org/10.3321/j.issn:1000-0054.2003.01.037

2003-01-01

Abstract:Modular inversion is one of the key arithmetic operations in public key cryptosystems, so low-cost, high-speed hardware implementation is absolutely necessary. This paper presents an algorithm for prime fields for hardware implementation. The algorithm involves only ordinary addition/subtraction and does not need any modular operations, multiplications or divisions. All of the arithmetic operations in the algorithm can be accomplished by only one adder, so it is very suitable for fast very large scale integration (VLSI) implementation. The VLSI implementation of the algorithm is also given with good performance and low silicon penalty.

XU Ci-wen

2009-01-01

Abstract:This paper improve a modular inverse algorithm on finite fields for Elliptic curve cryptosystem,that is built on Extended Euclid algorithm.The new algorithm not only runs faster than the old ones,but it can be used in two kinds of finite fields,which are Galois fields GF(p) and GF(2m).Furthermore more,it provides a great convenience for hardware realization.

Jingqi Zhang,Yujie Jiang,An Wang

DOI: https://doi.org/10.1109/iscas58744.2024.10558204

2024-01-01

Abstract:The inversion over GF(2 m ) is crucial for elliptic curve cryptography algorithms such as ECDSA and SM2. The Itoh-Tsujii’s Algorithm (ITA) can compute inversions in a sequential procedure by utilizing multiplications and exponentiations. This paper proposes a series of novel low-latency architectures with Cascaded Exponentiation Blocks (CEBs) and then derives the estimated clock cycle latency. The complexity of CEBs is evaluated by the matrix weight. We also employ a movable internal pipeline stage to optimize the critical path. Experiments on the Virtex-7 FPGA show the optimal exponentiation blocks for GF(2 163 ), GF(2 283 ) and GF(2 571 ), respectively. Compared with existing works, both the performance and latency of our proposed architecture with OEBs are at the cutting edge.

Xiaodong Yan,Shuguo Li

DOI: https://doi.org/10.1109/icasic.2007.4415574

2007-01-01

Abstract:This paper proposes a new, efficient algorithm for modular inversion in Galois field GF(p). This algorithm reduces the number of operations cycles required by 31% when compared with previous algorithms reported in the literature. The 256 bit modular inversion circuit based on the proposed algorithm is implemented in 0.18 mum CMOS standard cell technology. The synthesis result shows a significant speed-up in the same area complexity.

Jinpeng Lu,Shuguo Li

DOI: https://doi.org/10.1109/iscas51556.2021.9401795

2021-01-01

Abstract:Modular inverse calculation has critical influence on the efficiency of public-key cryptographic algorithms such as RSA and elliptic curve cryptography. In this work, based on the original single bit left-shift modular inverse algorithm, a multibit left-shift modular inverse hardware algorithm and its implementation are proposed. Our proposed algorithm makes the operands able to be left-shifted by at most 8 bits within one clock cycle as depending on the output bits of the leading zero counting module. This can produce a reduction on the average computation cycles and absolute execution time. Simulations show that the proposed algorithm can reduces to 0.8n cycles from original 2n cycles for two n-bit operands and gains a 40% decrease in execution time, compared with the original algorithm.

Ping Luo,Yiqi Dai

2004-01-01

Abstract:A modular multiplication is one of the most important operations in public-key cryptography like RSA cryptosystem. This paper is just devoted to a practical method and construction of speeding up such operation. Furthermore, the modular multiplication expansions are given and based on these expansions the fast modular multiplication and parallel algorithms axe proposed.

T Zhou,XJ Wu,GQ Bai,HY Chen

DOI: https://doi.org/10.1049/el:20020472

2002-01-01

Electronics Letters

Abstract:A new, efficient algorithm for modular inversion in Galois field GF(p) is presented. Very large scale integration (VLSI) implementation of the algorithm is described and the high performance and low silicon penalty is demonstrated.

Anay Aggarwal,Manu Isaacs

2024-09-12

Abstract:We present a fast algorithm for modular exponentiation when the factorization of the modulus is known. Let $a,n,m$ be positive integers and suppose $m$ factors canonically as $\prod_{i=1}^k p_i^{e_i}$. Choose integer parameters $t_i\in [1, e_i]$ for $1\le i\le k$. Then we can compute the modular exponentiation $a^n\pmod{m}$ in $O(\max(e_i/t_i)+\sum_{i=1}^k t_i\log p_i)$ steps (i.e., modular operations). We go on to analyze this algorithm mathematically and programmatically, showing significant asymptotic improvement in specific cases. Specifically, for an infinite family of $m$ we achieve a complexity of $O(\sqrt{\log m})$ steps, much faster than the Repeated Squaring Algorithm, which has complexity $O(\log m)$. Additionally, we extend our algorithm to matrices and hence general linear recurrences. The complexity is similar; with the same setup we can exponentiate matrices in $GL_d(\mathbb{Z}/m\mathbb{Z})$ in less than $O(\max(e_i/t_i)+d^2\sum_{i=1}^k t_i\log p_i)$ steps. This improves Fiduccia's algorithm and the results of Bostan and Mori in the case of $\mathbb{Z}/m\mathbb{Z}$. We prove analogous results for $\mathbb{Z}/p^k\mathbb{Z}$ ring extensions.

Number Theory

Bing Li,Bingjie Lei,Yunlong Zhang,Shaochong Lei

DOI: https://doi.org/10.1109/tcsii.2018.2867618

2018-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:In this brief, we present a novel and high-performance modular squaring scheme with low complexity and a small hardware area for elliptic curve cryptography over GF(p). First, we develop a method to reduce half of partial products in a squaring operation by using the proposed same items merging and logic combination. Second, we propose the modular squaring scheme that can compress the partial products based on the method above and accomplish accumulation and reduction simultaneously. Third, we devise the implementation circuits for the proposed modular squaring scheme and then simplify the circuits by using the property of the prime number. Finally, we implement the circuits on different platform and the 0.13-mu m CMOS ASIC implementation demonstrates that our design can perform a 256-bit modular squaring in 0.36-mu s with 17 200 gates, which achieves a desirable balance between hardware resource and performance.

Jinnan Ding,Shuguo Li

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.353

2017-01-01

Abstract:Elliptic curve cryptography (ECC) is widely used in the field of cyber security such as TLS protocol. Compared with symmetric cryptography, the computation of ECC is much slower. In this paper, a reconfigurable high-speed processor supporting all currently used NIST primes on FPGA platform is constructed. The modular addition and substraction is eliminated in our design by applying lazy reduction strategy. Throughput of modular multiplication is improved significantly with Karatsuba algorithm and compact pipeline schedule. The latency of modular inverse is tactfully avoided by pipeline coverage at the level of scalar multiplication. Furthermore, Montgomery-ladder algorithm and base-point randomization is applied to resist side-channel and timing attacks. Most of these techniques can also be used in software designs. Compared with previous works, our FPGA design outperforms times of others in term of scalar multiplication performance, while the hardware cost remains moderate, which makes it suitable for computation-intensive applications.

Jean-Guillaume Dumas,Laurent Fousse,Bruno Salvy

DOI: https://doi.org/10.1016/j.jsc.2010.08.015

2008-08-30

Abstract:We present algorithms to perform modular polynomial multiplication or modular dot product efficiently in a single machine word. We pack polynomials into integers and perform several modular operations with machine integer or floating point arithmetic. The modular polynomials are converted into integers using Kronecker substitution (evaluation at a sufficiently large integer). With some control on the sizes and degrees, arithmetic operations on the polynomials can be performed directly with machine integers or floating point numbers and the number of conversions can be reduced. We also present efficient ways to recover the modular values of the coefficients. This leads to practical gains of quite large constant factors for polynomial multiplication, prime field linear algebra and small extension field arithmetic.

Symbolic Computation,Number Theory

Guoqiang Yang,Fanyu Kong,Qiuliang Xu

DOI: https://doi.org/10.1109/trustcom50675.2020.00043

2020-01-01

Abstract:Elliptic curve cryptosystem has been widely applied in a lot of fields, such as finance, E-commerce and E-government. In this paper, we propose an optimized FPGA implementation of elliptic curve cryptosystem over 256-bit prime fields, which has high computational performance and low resource consumption. Specifically, we design a novel modular multiplier supporting four-level pipelining, which only needs 7 clock cycles to complete a single modular multiplication. It can process 4 modular multiplication operations (4 MMPO) simultaneously. We further design, on the basis of 4MMPO, a parallel architecture to efficiently implement point doubling and point addition operation. Finally, we testify the validity of our ECC processor on Xilinx's Virtex-7 FPGA platform. The result shows that it takes only 0.15ms for an elliptic curve point multiplication, the maximum frequency of the processor is about 123.27Mhz and the resource only needs 22938 look-up tables (LUTs).

Yuxuan Zhang,Hua Guo,Chen Chen,Yewei Guan,Xiyong Zhang,Zhenyu Guan

2024-07-18

Abstract:Montgomery modular multiplication is widely-used in public key cryptosystems (PKC) and affects the efficiency of upper systems directly. However, modulus is getting larger due to the increasing demand of security, which results in a heavy computing cost. High-performance implementation of Montgomery modular multiplication is urgently required to ensure the highly-efficient operations in PKC. However, existing high-speed implementations still need a large amount redundant computing to simplify the intermediate result. Supports to the redundant representation is extremely limited on Montgomery modular multiplication. In this paper, we propose an efficient parallel variant of iterative Montgomery modular multiplication, called DRMMM, that allows the quotient can be computed in multiple iterations. In this variant, terms in intermediate result and the quotient in each iteration are computed in different radix such that computation of the quotient can be pipelined. Based on proposed variant, we also design high-performance hardware implementation architecture for faster operation. In the architecture, intermediate result in every iteration is denoted as three parts to free from redundant computations. Finally, to support FPGA-based systems, we design operators based on FPGA underlying architecture for better area-time performance. The result of implementation and experiment shows that our method reduces the output latency by 38.3\% than the fastest design on FPGA.

Cryptography and Security

Haibo Yi,Shaohua Tang,Ranga Vemuri

DOI: https://doi.org/10.1093/comjnl/bxw009

2016-01-01

The Computer Journal

Abstract:Inversions in small finite fields are playing a key role in many areas. We present techniques to exploit binary trees for fast inversions in GF(2n) and GF(p), where n is a positive integer and p is a prime number. The non-pipelined versions of our design in GF(2n) and GF(p) have the execution time of (n -1)(TAND + TXOR) and [log2 p] (TAND + TXOR), where TAND and TXOR are delays of AND and XOR gates, respectively. The pipelined version of our design has a throughput rate of one result per TAND (or TXOR). The latency is the greater value between TAND and TXOR. In other words, the time complexities of non-pipelined and pipelined versions are O(n)(or O(log2p)) and O(1), respectively. Experimental results and comparisons show that our design provides significant reductions in both the execution time and time-area product, e. g. the execution time of inversion in GF(212) is reduced by 73% and time-area product of inversion in GF(26) is reduced by 77%.