Yifan Zhao,Ruiqi Xie,Guozhu Xin,Jun Han

DOI: https://doi.org/10.1109/tcsi.2022.3162593

2022-01-01

Abstract:The 5G edge computing infrastructure should be empowered with quantum attack resistance by implementing post-quantum cryptography (PQC). Among various PQC schemes, lattice-based cryptography (LBC) based on learning with error (LWE) has attracted much attention because of its performance efficiency and security guarantee. In LWE-based LBCs, the Module-LWE-based schemes gain advantage over the others benefiting from the unique polynomial matrix and vector structure. To provide a high-performance implementation of Module-LWE applications for the edge computing paradigm, we propose a domain-specific processor based on a matrix extension of RISC-V architecture. This custom extension encapsulates the matrix-based ring operations with a high-level functional abstraction. A 2-D systolic array with configurable functionality is proposed to perform matrix-based number theoretic transform (NTT) and other arithmetic operations, achieving high data-level parallelism with support for the variable-sized polynomial matrix and vector structure. As this structure of Module-LWE involves no data dependency between different inner elements, an out-of-order mechanism is further developed to exploit the instruction-level parallelism. We implement the proposed architecture under TSMC 28nm technology. The evaluation results show that our implementation can achieve up to and improvement in cycle count respectively in Kyber and Dilithium, compared to the state-of-the-art crypto-processor counterparts.

Paresh Baidya,Swagata Mondal,Rourab Paul

2024-05-14

Abstract:Ring Learning With Error (RLWE) algorithm is used in Post Quantum Cryptography (PQC) and Homomorphic Encryption (HE) algorithm. The existing classical crypto algorithms may be broken in quantum computers. The adversaries can store all encrypted data. While the quantum computer will be available, these encrypted data can be exposed by the quantum computer. Therefore, the PQC algorithms are an essential solution in recent applications. On the other hand, the HE allows operations on encrypted data which is appropriate for getting services from third parties without revealing confidential plain-texts. The FPGA based PQC and HE hardware accelerators like RLWE is much cost-effective than processor based platform and Application Specific Integrated Circuit (ASIC). FPGA based hardware accelerators still consume more power compare to ASIC based design. Near Threshold Computation (NTC) may be a convenient solution for FPGA based RLWE implementation. In this paper, we have implemented RLWE hardware accelerator which has 14 subcomponents. This paper creates clusters based on the critical path of all 14 subcomponents. Each cluster is implemented in an FPGA partition which has the same biasing voltage $V_{ccint}$. The clusters that have higher critical paths use higher Vccint to avoid timing failure. The clusters have lower critical paths use lower biasing voltage Vccint. This voltage scaled, partitioned RLWE can save ~6% and ~11% power in Vivado and VTR platform respectively. The resource usage and throughput of the implemented RLWE hardware accelerator is comparatively better than existing literature.

Cryptography and Security,Hardware Architecture

Jiming Xu,Yujian Wang,Juan Liu,Xin'an Wang

DOI: https://doi.org/10.1109/asid50160.2020.9271722

2020-01-01

Abstract:Ring learning with errors (RLWE) is a commonly-used primitive in the construction of lattice-based cryptography, which is widely adopted in the design of post-quantum cryptographic algorithms and homomorphic encryption schemes. The cryptosystems based on RLWE are usually defined on a polynomial quotient ring with addition and multiplication operations. The polynomial multiplication is expensive in both time and space, hence optimizations are needed in order to achieve practical RLWE implementations. Number theoretic transform (NTT) is a technique widely used to speed up polynomial multiplications. In this paper we propose a general-purpose NTT algorithm that can support different RLWE parameters. Unlike the NTT optimizations which need significant amount of space to store the NTT parameters for each different RLWE setting, this algorithm trades a small amount of time for the elimination of most pre-computed NTT parameters. This is particularly helpful for implementations which have tight area or storage budget. For the Fan-Vercauteren fully-homomorphic encryption scheme with 192-bit classical security, our implementation of all the NTT components requires 612 bytes of read-only data on a STM32 microcontroller, while a conventional implementation requires 96 KB.

Jose L. Imana,Pengzhou He,Tianyou Bao,Yazheng Tu,Jiafeng Xie

DOI: https://doi.org/10.1109/tcsi.2022.3169471

2022-07-29

Abstract:Ring learning-with-errors (RLWE)-based encryption scheme is a lattice-based cryptographic algorithm that constitutes one of the most promising candidates for Post-Quantum Cryptography (PQC) standardization due to its efficient implementation and low computational complexity. Binary Ring-LWE (BRLWE) is a new optimized variant of RLWE, which achieves smaller computational complexity and higher efficient hardware implementations. In this paper, two efficient architectures based on Linear-Feedback Shift Register (LFSR) for the arithmetic used in Inverted Binary Ring-LWE (InvBRLWE)-based encryption scheme are presented, namely the operation of over the polynomial ring . The first architecture optimizes the resource usage for major computation and has a novel input processing setup to speed up the overall processing latency with minimized input loading cycles. The second architecture deploys an innovative serial-in serial-out processing format to reduce the involved area usage further yet maintains a regular input loading time-complexity. Experimental results show that the architectures presented here improve the complexities obtained by competing schemes found in the literature, e.g., involving 71.23% less area-delay product than recent designs. Both architectures are highly efficient in terms of area-time complexities and can be extended for deploying in different lightweight application environments.

Paresh Baidya,Swagata Mandal,Rourab Paul

DOI: https://doi.org/10.1109/access.2024.3401235

IF: 3.9

2024-05-22

IEEE Access

Abstract:The Ring Learning With Error (RLWE) algorithm plays a crucial role in Post Quantum Cryptography (PQC) and Homomorphic Encryption (HE). The security of existing classical crypto algorithms is reduced in quantum computers. The adversaries can store all encrypted data and once quantum computers become available, they can potentially expose this encrypted data. Researchers and cryptographers are actively developing and exploring quantum-resistant cryptographic algorithms like RLWE to address this emerging threat. On the other hand, the HE allows operations on encrypted data, which is appropriate for getting services from third parties without revealing confidential plain-texts. Field Programmable Gate Array (FPGA) based Post-Quantum Cryptography (PQC) and Homomorphic Encryption (HE) hardware accelerators, such as Ring Learning With Error (RLWE), offer a much cost-effective alternative to processor-based platforms and Application-Specific Integrated Circuits (ASIC). However, FPGA based hardware accelerators still consume more power compared to ASIC based design. Near Threshold Computation (NTC) may be a convenient solution for FPGA based RLWE implementation. This paper implements a low-power RLWE hardware accelerator in an FPGA, operating at near-threshold biasing voltage. Instead of applying uniform biasing voltage to all 14 subcomponents of RLWE, this paper applies different near-threshold biasing voltages to the different subcomponents of proposed RLWE. Based on the longest design path or critical path of the 14 subcomponents of the proposed RLWE, the entire RLWE is partitioned into different clusters where each cluster is implemented in an FPGA partition. All the subcomponents placed in the same FPGA partition use the same biasing voltage . The clusters that have higher critical paths use higher to avoid timing failure. The clusters that have lower critical paths use lower biasing voltage . The proposed RLWE uses a voltage calibration algorithm to calculate the biasing voltage required for a certain amount of average critical path of a FPGA partition. Any timing error caused by NTC can be detected by the Razor flip-flop used in each subcomponent of RLWE. This voltage scaled, partitioned RLWE can save ~6% and ~11% power in and platforms, respectively. Although low-power RLWE is the primary focus, the resource usage and throughput of the implemented RLWE hardware accelerator are competitive with existing literature.

computer science, information systems,telecommunications,engineering, electrical & electronic

Y Fan,XY Zeng,Z Zhang,A Chen,QL Zhang

DOI: https://doi.org/10.1109/isspa.2005.1580257

2006-01-01

Abstract:This paper proposes a novel architecture for highspeed RSA crypto-processor with reconfigurable architecture. Through analysing and comparing between the original algorithms with modified Modular exponentiation and Montgomery multiplication algorithm, a nested pipelined RSA crypto-processor architecture is presented. Based on this architecture, we can easily design a RSA crypto-processor with various speed & key length, it is very flexible to design an encrypt IP core in the SOC platform. As an example, a 1024-bit, 5Mbps RSA cryptoprocessor is implemented. The result shows that the architecture proposed by this paper is practical and efficient.

Yifan Zhao,Honglin Kuang,Yi Sun,Zhen Yang,Chen,Jianyi Meng,Jun Han

DOI: https://doi.org/10.1109/asap57973.2023.00014

2023-01-01

Abstract:We present a cryptography extension built on RISC-V Vector Extension for efficient application of lattice-based post-quantum cryptography, offering custom instructions that can perform vectorized operations on polynomials of variable length and data width. We use micro-operation architecture to simplify the execution of variable-latency vector instructions and propose fracturable modular arithmetic units to support operations on variable coefficient width. On this basis, a vector unit is designed, achieving significant speed-up compared to the state-of-the-art counterparts for number-theoretic-transform-based polynomial multiplication. This cryptography extension is further integrated into the gem5 simulator to evaluate CRYSTALS-Kyber and CRYSTALS-Dilithium; results outperform the state-of-the-art implementations with more than 2.3 × improvement in cycle count.

Li Wei,Zeng Xiaoyang,Dai Zibin,Nan Longmei,Chen Tao,Ma Chao

DOI: https://doi.org/10.1049/cje.2017.06.010

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:By exploring symmetric cryptographic data level and instruction-level parallelism, the reconfigurable processor architecture for symmetric ciphers is presented based on Very-long instruction word（VLIW） structure. The application-specific instruction-set system for symmetric ciphers is proposed. As for the same arithmetic operation of symmetric ciphers, eleven kinds of reconfigurable cryptographic arithmetic units are designed by the reconfigurable technology. As to the requirement of high energy-efficient design, the loop buffer structure for instruction fetching unit is proposed to reduce the power consumption significantly with the same frequency as conventional, meanwhile, the chain processing mechanism is proposed to improve the cryptographic throughput without any area overhead. It has been fabricated with 0.18μm CMOS technology. The result shows that the processor can work up to 200 MHz, and the fourteen kinds of cryptographic algorithms were mapped in the processor, the encryption throughput of AES, SNOW2.0 and SHA2 algorithm can achieve 1.19 Gbps, 1.05 Gbps, and 407 Mbps respectively.

Guozhu Xin,Jun Han,Tianyu Yin,Yuchao Zhou,Jianwei Yang,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tcsi.2020.2983185

2020-08-01

Abstract:In the 5G era, massive devices need to be securely connected to the edge of communication networks, while emerging quantum computers can easily crack the traditional public-key ciphers. Lattice-based cryptography (LBC) is one of the most promising types of schemes in all post-quantum cryptography (PQC) due to its security and efficiency. To meet the requirements of high-throughput and diverse application scenarios of 5G, we investigate the vectorization of kernel algorithms of several LBC candidates and thus present a domain-specific vector processor, VPQC, leveraging the extensible RISC-V architecture. To support the parallel computation of number theoretic transform (NTT) of different dimensions (from 64 to 2048), a vector NTT unit is implemented in VPQC. Besides, a vector sampler executing both uniform sampling and binomial sampling is also employed. Evaluated under TSMC 28nm technology, the vector coprocessor of VPQC consumes 942k equivalent logic gates and 12KB memories. Experimental results show that VPQC can speed up several typical key encapsulation mechanisms (NewHope, Kyber and LAC) by an order of magnitude compared with previous state-of-the-art hardware implementations.

Longmei Nan,Xuan Yang,Xiaoyang Zeng,Wei Li,Yiran Du,Zibin Dai,Lin Chen

DOI: https://doi.org/10.23919/jcc.2019.06.015

2019-01-01

China Communications

Abstract:As an important branch of information security algorithms, the efficient and flexible implementation of stream ciphers is vital. Existing implementation methods, such as FPGA, GPP and ASIC, provide a good support, but they could not achieve a better tradeoff between high speed processing and high flexibility. ASIC has fast processing speed, but its flexibility is poor, GPP has high flexibility, but the processing speed is slow, FPGA has high flexibility and processing speed, but the resource utilization is very low. This paper studies a stream cryptographic processor which can efficiently and flexibly implement a variety of stream cipher algorithms. By analyzing the structure model, processing characteristics and storage characteristics of stream ciphers, a reconfigurable stream cryptographic processor with special instructions based on VLIW is presented, which has separate/cluster storage structure and is oriented to stream cipher operations. The proposed instruction structure can effectively support stream cipher processing with multiple data bit widths, parallelism among stream cipher processing with different data bit widths, and parallelism among branch control and stream cipher processing with high instruction level parallelism; the designed separate/clustered special bit registers and general register heaps, key register heaps can satisfy cryptographic requirements. So the proposed processor not only flexibly accomplishes the combination of multiple basic stream cipher operations to finish stream cipher algorithms. It has been implemented with 0.18μm CMOS technology, the test results show that the frequency can reach 200 MHz, and power consumption is 310 mw. Ten kinds of stream ciphers were realized in the processor. The key stream generation throughput of Grain-80, W7, MICKEY, ACHTERBAHN and Shrink algorithm is 100 Mbps, 66.67 Mbps, 66.67 Mbps, 50 Mbps and 800 Mbps, respectively. The test result shows that the processor presented can achieve good tradeoff between high performance and flexibility of stream ciphers.

Shaik Ahmadunnisa,Sudha Ellison Mathe

DOI: https://doi.org/10.1016/j.micpro.2024.105044

IF: 3.503

2024-03-28

Microprocessors and Microsystems

Abstract:In lattice-based cryptography, Ring Learning with Errors (RLWE) is a computationally hard cryptographic problem, comprising three basic mechanisms i.e., key generation, encryption, and decryption. Binary Ring Learning with Error (BRLWE), a new variant of RLWE has been proposed recently to reduce the key size and computational complexity compared to previous RLWE-based schemes. Based on this BRLWE scheme, efficient hardware architectures have been obtained in recent works for lightweight applications. The key operation involved in this scheme is AB+C , where A and C are integer polynomials and B is a binary polynomial. This paper proposes an efficient hardware architecture for BRLWE-based scheme targeted for lightweight applications. The architecture computes the arithmetic operation AB+C , which includes polynomial multiplication and addition over the polynomial ring Zq/(xn+1) . The proposed architecture is applied in two conditions, fixed and variable values of q . Experimental results show the architecture proposed has 50% less Area-Delay Product (ADP) and 20% less Power-Delay Product (PDP) compared to the recently reported work for n=256 .

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Xiang Feng,Shuguo Li,Sufen Xu

DOI: https://doi.org/10.1109/tcsii.2019.2917621

2020-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:Cryptography based on ring learning with error (RLWE) problem has become increasingly popular due to its resistance against quantum analysis. The most time-consuming operation in RLWE cryptosystem is polynomial multiplication. This brief presents a novel polynomial multiplier based on Stockham fast Fourier transform (FFT) algorithm. We propose a multi-lane number theoretic transform (NTT) algorithm which can achieve ${n}$ -degree polynomial multiplication in ${(nlgn)/d+2n/d}$ clock cycles with ${d}$ lanes of butterfly units. In addition, we also customize a memory addressing strategy and a round constant managing scheme for the proposed multi-lane NTT algorithm. Based on our proposed algorithm, a high-speed polynomial multiplier is accomplished on FPGA platform. Implementation results on Spantan-6 FPGA show that our proposed algorithm can achieve a speed up factor of no less than 2.7 times compared with the state of art designs.

Zhe Liu,Reza Azarderakhsh,Howon Kim,Hwajeong Seo

DOI: https://doi.org/10.1007/978-3-319-62024-4_6

2017-01-01

Abstract:ARM NEON architecture has occupied a significant share of high-end Internet of Things platforms such as mini computer, tablet and smartphone markets due to its low cost and high performance. This paper studies efficient techniques of lattice-based cryptography on ARM processor and presents the first implementation of ring-LWE encryption on ARM NEON architecture. We propose a vectorized version of Iterative Number Theoretic Transform (NTT) for high-speed computation and present a 32-bit variant of SAMS2 technique, original from Liu et al. in CHES2015, for fast reduction. Subsequently, we present a full-fledged implementation of Ring-LWE by taking advantage of proposed and previous optimization techniques. Ultimately, our ring-LWE implementation requires only 145 k clock cycles for encryption and 32.8 k cycles for decryption for $$n=256$$. These results are more than 17.6 times faster than the fastest ECC implementation on ARM NEON with same security level.

Shaik Ahmadunnisa,Sudha Ellison Mathe

DOI: https://doi.org/10.1109/access.2024.3426990

IF: 3.9

2024-07-19

IEEE Access

Abstract:The advancement in quantum computing has led to a significant progress in the development of public-key cryptosystems, referred as Post Quantum Cryptography (PQC) which has robust security to withstand both classical and quantum attacks. Lattice-based cryptography, one of the most promising PQC candidate offers low complexity and has strong security proof relying on the hardness of Learning-with-errors (LWE) problem. A variant of LWE, Ring-learning-with-error (RLWE) performs arithmetic operations over a polynomial ring and has more efficient implementations compared to LWE. Recent works propose Binary-ring-learning-with-error (BRLWE), a new variant of RLWE which has less key size and more efficient implementations compared to both LWE and RLWE-based schemes. In this paper, an algorithm is developed for BRLWE-based scheme based on decomposing the arithmetic operation into desired number of segments. The arithmetic operation includes polynomial multiplication and addition over the ring where H and M are two integer polynomials and L is a binary polynomial. We illustrate two efficient hardware architectures Dual-LFSR (DL) and Quad-LFSR (QL) to enable parallel execution of individual segments employing LFSR structures to have a significant reduction in latency compared to the existing works. Despite of having larger area, the reduction in latency leads to an improvement in other performance metrics such as delay, Area-Delay Product (ADP), Power-Delay Product (PDP), throughput and efficiency making the proposed structures well suitable for PQC schemes. Experimental results show that the proposed architectures when compared with the recently reported work has 23% and 25% ADP improvement with DL and QL structures respectively when n = 256.

computer science, information systems,telecommunications,engineering, electrical & electronic

Uyangaa Khuchit,Liji Wu,Xiangmin Zhang,Yanzhao Yin,Altantsooj Batsukh,Bayarpurev Mongolyn,Munkhbaatar Chinbat

DOI: https://doi.org/10.1109/asid50160.2020.9271725

2020-01-01

Abstract:An ideal lattice is defined over a ring learning with errors (Ring-LWE) problem. Polynomial multiplication over the ring is the most computational and time-consuming block in lattice-based cryptography. This paper presents the first hardware design of the polynomial multiplication for LAC, one of the Round-2 candidates of the NIST PQC Standardization Process, which has byte-level modulus p=251. The proposed architecture supports polynomial multiplications for different degree n (n=512/1024/2048). For designing the scheme, we used the Vivado HLS compiler, a high-level synthesis based hardware design methodology, which is able to optimize software algorithms into actual hardware products. The design of the scheme takes 274/280/291 FFs and 204/217/208 LUTs on the Xilinx Artix-7 family FPGA, requested by NIST PQC competition for hardware implementation. Multiplication core uses only 1/1/2 pieces of 18Kb BRAMs, 1/1/1 DSPs, and 90/94/95 slices on the board. Our timing result achieved in an alternative degree n with 5.052/4.3985/5.133ns.

Wei Li,Xiaoyang Zeng,Longmei Nan,Tao Chen,Zibin Dai

DOI: https://doi.org/10.1109/ICSICT.2016.7998715

2016-01-01

Abstract:In this paper, a high-flexibility and energy-efficient reconfigurable symmetric cryptographic processor architecture is presented, which is based on very-long instruction word (VLIW) structure. By analyzing basic operations and storage characteristics of symmetric ciphers, the application-specific instruction-set system for symmetric ciphers is proposed. Eleven kinds of reconfigurable cryptographic arithmetic units are designed to support different operation modes and parameters for symmetric ciphers. It has been fabricated with 0.18 mu m CMOS technology, the test results show that the max frequency can reach 200MHz. Ten kinds of block, stream and hash ciphers were mapped in our processor. And the encryption throughput of AES, IDEA, Grain128, SNOW2.0 and SHA-2 algorithm can achieve 882Mbps, 449Mbps, 60Mbps, 840Mbps, and 287Mbps respectively. Moreover, the energy efficiency of AES implementation is 0.47nJ/bit. The result demonstrated that proposed processor outperforms other designs in terms of energy efficiency, throughput and flexibility.

Li Wei,Zeng Xiaoyang,Nan Longmei,Chen Tao,Dai Zibin

DOI: https://doi.org/10.1109/cc.2016.7405707

2016-01-01

China Communications

Abstract:An Efficient and flexible implementation of block ciphers is critical to achieve information security processing.Existing implementation methods such as GPP,FPGA and cryptographic application-specific ASIC provide the broad range of support.However,these methods could not achieve a good tradeoff between high-speed processing and flexibility.In this paper,we present a reconfigurable VLIW processor architecture targeted at block cipher processing,analyze basic operations and storage characteristics,and propose the multi-cluster register-file structure for block ciphers.As for the same operation element of block ciphers,we adopt reconfigurable technology for multiple cryptographic processing units and interconnection scheme.The proposed processor not only flexibly accomplishes the combination of multiple basic cryptographic operations,but also realizes dynamic configuration for cryptographic processing units.It has been implemented with0.18μm CMOS technology,the test results show that the frequency can reach 350 MHz.and power consumption is 420 mw.Ten kinds of block and hash ciphers were realized in the processor.The encryption throughput of AES,DES,IDEA,and SHA-1 algorithm is1554 Mbps,448Mbps,785 Mbps,and 424 Mbps respectively,the test result shows that our processor’s encryption performance is significantly higher than other designs.

Scott Miller,M. McGuire,M. Sima,Ambrose Chu

DOI: https://doi.org/10.1109/DSD.2008.127

2008-09-03

Abstract:The long-word and very long-word addition required in cryptography applications generally requires custom hardware support provided by ASICs or application-specific instructions in ASIPs. As an alternative to these expensive solutions, FPGAs have been used. To reduce the overhead of commercial FPGAs in implementing cryptography, CryptoRA, a cryptographically-oriented reconfigurable array, has recently been proposed. This paper presents a circuit level implementation of the CryptoRA array which provides the following results: (i) a speed-up of 1.15times to 2.1times from the LUT output to a fast-addition carry path, (ii) a speed-up greater than 1.2times for long-word addition and subtraction, and (iii) these results come at a cost of only an additional 2.5% of a computing tile's silicon area.

Computer Science,Engineering

Weizhen Wang,Jun Han,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1016/j.mejo.2021.105165

IF: 1.992

2021-01-01

Microelectronics Journal

Abstract:With the prevailing of Internet-of-Things (IoT) technology, information security for ever-growing connected devices is an inevitable issue and gaining more attention. However, implementation of cryptography algorithms on battery-powered IoT devices is challenging due to limited power-budget. In this paper, we present an energy-efficient crypto-coprocessor. This coprocessor is designed with a unified pipelined structure for cryptography primitives of 128-bit or 256-bit data path and supports cryptography algorithms including AES, ECC and SHA. Since the clock tree and the sequential circuits dissipate a large percentage of the chip power, a conditional-charged flip-flop is proposed to reduce the clock tree power. Our design is integrated with an open-sourced RISC-V core as a crypto-extension, and shows both good flexibility and high energy-efficiency. This work is implemented in 28 nm technology and the power consumption for different cryptography applications is evaluated with post-layout simulation. When simulated with NIST prime fields curve P-256 and binary fields curve K-233, the energy consumed for one base point scalar multiplication is 43.54 μJ and 20.40 μJ, respectively. The proposed design consumes 0.0568 nJ/bit and 0.0288 nJ/bit for the AES-GCM mode and the AES-CBC mode, respectively. As for SHA-256, each bit requires 0.0874 nJ. Compared with previous works, this work provides both flexibility and high energy performance.

Q Liu,Fz Ma,D Tong,X Cheng

DOI: https://doi.org/10.1109/mwscas.2004.1354396

2004-01-01

Abstract:High performance VLSI implementation of the RSA algorithm using the systolic array is presented. High-speed applications of RSA systems require parallel implementations of modular multipliers. Besides using the systolic architecture which is popular in hardware-based RSA systems, a block-based scheme is used to further eliminate global signals, with a pipelined bus to convey data globally. The control signals and intermediate results used for sequential multiplications are transmitted by shift registers. All signals, except for the clock signal, are limited in one block or between two adjacent blocks. A Carry-Save-Adder structure is used for calculating the iterative step of the algorithms which contributes to speed improvement and area saving. In addition, long modular multipliers suffer from the effect of large fanout. Novel architectures are proposed to eliminate the fanout bottleneck, which reduce the achievable minimum clock period of long modular multipliers. Compared to the original modular multiplier architecture with fanout bottleneck, the proposed architectures can achieve an increase of over 7% in throughput without increase in area. The Chinese Remainder Theorem (CRT) technique increases the decryption data rate by a factor of four. Two redundant blocks are added to adapt to the on-line partition of the multiplier and the variation of the length of P and Q in CRT mode.