Efficient Algorithms for Modular Exponentiation by Block Method in Sparse Form

Jian, Wan-Rong

21 June 2009

Computing A^X mod n or A^XB^Y mod n for large X, Y, and n is very important in many ElGamal-like public key cryptosystems. In this paper, we proposed using block method in sparse form to improve the performance of modular exponentiation and analyzing the computational cost by state transition diagram. We also extended the concept of Block Method and make it more general. This method is suitable for some devices with limited storage space, such as smart card.

Sparse Form

Modular Exponentiation

Block Method

High-performance Low-power Configurable Montgomery Multiplier for RSA Cryptosystems

Chang, Kai-cheng

03 August 2010

The communication technology is changing rapidly every day, and the internet has played a very important role in our lives. Through specific protocols, people transform the data into 0¡¦s and 1¡¦s as digital signals and transfer them from sender to receiver via the network. Unfortunately, data transfer through the internet is open to the public, and too much exposure of private data may be a serious risk. To avoid this situation, we can encrypt the data before transmission to guarantee data confidentiality and privacy. The RSA encryption system is a simple and highly secure public key cryptosystem, but the encryption and decryption process requires a lot of exponentiation operations and division operations. In order to improve the reliability of the encrypted data, the operands are usually larger than 512 bits. If software is used to perform encryption and decryption, real time application will not be sufficed, since software lacks performance. For this reason, the RSA must be implemented in hardware. Since then, many methods of refining the effectiveness of the RSA encryption and decryption hardware have began to be developed. This research proposes a new Modular Multiplier architecture similar to the original Montgomery Modular Multiplier and the RSA encryption system, which is composed by simple adders, shifting registers and multiplexers. What¡¦s more, we¡¦ve also proposed new concepts including the Quotient Lookahead and the Superfluous Operation Elimination to further enhance the performance. The test results show that our design can reduce the total cycle count by 19%, and also save the overall energy consumption. Due to the features of high performance and energy saving, the proposed design is suitable for portable devices which have low power requirements.

Modular Exponentiation Algorithm

RSA Cryptosystems

Montgomery Modular Multiplier

High-performance Low-power Montgomery Modular Multiplier for RSA Cryptosystems

Hsu, Huan-Wei

29 July 2011

The explosive growth in the data communications industry has positioned the internet to hold very important roles in our lives. Sending or receiving data on an open network is an invitation for unauthorized users to obtain your personal information. In order to avoid compromising sensitive information while transferring data, the data needs to be encrypted before transmission to ensure that the information remains safe and confidential. RSA is the most widely used public-key cryptosystem. An RSA operation is a modular exponentiation, which is usually achieved by repeated modular multiplications. For security reasons, RSA operand sizes need to be 512 bits or greater. It would be difficult to achieve real time transmission on the internet by running software programs on typical processors. For this reason, we believe it is necessary to implement RSA by hardware circuit in order to speed up RSA operations. Modular exponentiation is the only operation in RSA cryptosystem and it can be done through repeated modular multiplications. The Montgomery multiplication algorithm is widely recognized as the most efficient modular multiplication algorithm. In order to improve the speed of RSA operation, many papers have proposed ways to refine the Montgomery Algorithm and its architecture. In this thesis, we focus on further improving the performance and power consumption of RSA cryptosystems. This research presents an improved Montgomery multiplier and RSA cryptosystem architecture using only one carry saver adder to significantly reduce the delays of conventional multipliers. We also proposed a low power shift register to reduce power consumption of shift register in Montgomery multiplier. Experimental results show that the proposed RSA cryptosystem not only runs with higher performance but also consumes less power, leading to this system more competitive and suitable for implementations in portable electronic products.

Modular Exponentiation Algorithm

RSA Cryptosystems

Montgomery Modular Multiplier

High-performance Radix-4 Montgomery Modular Multiplier for RSA Cryptosystem

Hsu, Hong-Yi

30 August 2011

Thanks to the development of the Internet in recent years, we can see more and more applications on E-commerce in the world. At the same time, we have to prevent our personal information to be leaked out during the transaction. Therefore, topic on researching network security becomes increasingly popular. It is well-known that an encryption system can be applied to consolidate the network security. RSA encryption algorithm is a special kind of asymmetric cryptography, commonly used in public key encryption system on the network, by using two prime numbers as the two keys to encrypt and decrypt. These two keys are called public key and private key, and the key length is at least 512 bits. As a public key encryption, the only way to decrypt is using the private key. As long as the private key is not revealed, it is very difficult to get the private key from the public key even using the reverse engineering. Therefore, RSA encryption algorithm can be regarded as a very safe encryption and decryption algorithm. As the minimum key length has to be greater than 512 bits to ensure information security, using software to execute RSA encryption and decryption will be very slow so that the real time requirement may not be satisfied. Hence we will have to implement RSA encryption system with a hardware circuit to meet the real time requirement on the network. Modular exponentiation (i.e., ME mod N) in RSA cryptosystem is usually achieved by repeated modular multiplications on large integers. A famous approach to implement the modular multiplication into hardware circuits is based on the Montgomery modular multiplication algorithm, which replaces the trial division by modulus with a series of addition and shift operations. However, a large amount of clock cycle is still required to complete a modular multiplication. For example, Montgomery multiplication algorithm will take 512 clock cycles to complete an A․B mod N. As a result, performing one modular exponentiation ME mod N in RSA cryptosystm will need 512․512 clock cycles. To counter the above disadvantage, we employ radix-4 algorithm to reduce 50% of clock cycle number for each A•B mod N. In addition, we also modify the architecture of conventional in order to achieve the radix-4 algorithm to reduce its critical path delay so that the performance can be improved further. Experimental results show that the proposed 1024-bit radix-4 modular multiplier (Our-Booth-Radix-4) before performing as pipeline is 70% faster than the radix-2 multiplier with 24% area overhead. Furthermore, it is 20% faster than traditional radix-4 modular multiplier with 12% area reduction. Therefore, its AT is smaller than the previous architectures.

Modular Exponentiation Algorithm

RSA Cryptosystems

Montgomery Modular Multiplier

Modular Exponentiation on Reconfigurable Hardware

Blum, Thomas

03 September 1999

"It is widely recognized that security issues will play a crucial role in the majority of future computer and communication systems. A central tool for achieving system security are cryptographic algorithms. For performance as well as for physical security reasons, it is often advantageous to realize cryptographic algorithms in hardware. In order to overcome the well-known drawback of reduced flexibility that is associated with traditional ASIC solutions, this contribution proposes arithmetic architectures which are optimized for modern field programmable gate arrays (FPGAs). The proposed architectures perform modular exponentiation with very long integers. This operation is at the heart of many practical public-key algorithms such as RSA and discrete logarithm schemes. We combine two versions of Montgomery modular multiplication algorithm with new systolic array designs which are well suited for FPGA realizations. The first one is based on a radix of two and is capable of processing a variable number of bits per array cell leading to a low cost design. The second design uses a radix of sixteen, resulting in a speed-up of a factor three at the cost of more used resources. The designs are flexible, allowing any choice of operand and modulus. Unlike previous approaches, we systematically implement and compare several versions of our new architecture for different bit lengths. We provide absolute area and timing measures for each architecture on Xilinx XC4000 series FPGAs. As a first practical result we show that it is possible to implement modular exponentiation at secure bit lengths on a single commercially available FPGA. Secondly we present faster processing times than previously reported. The Diffie-Hellman key exchange scheme with a modulus of 1024 bits and an exponent of 160 bits is computed in 1.9 ms. Our fastest design computes a 1024 bit RSA decryption in 3.1 ms when the Chinese remainder theorem is applied. These times are more than ten times faster than any reported software implementation. They also outperform most of the hardware-implementations presented in technical literature."

public-key cryptography

FPGA

Montgomery multiplication

Modular Exponentiation

RSA

Reconfigurable Hardware

Cryptography

Gate array circuits

Design and implementation of high-speed algorithms for public-key cryptosystems

Joseph, George

09 June 2005

The aim of this dissertation is to improve computational efficiency of modular exponentiation-based public-key cryptosystems. The operational speed of these public-key cryptosystems is largely determined by the modular exponentiation operation of the form A = ge mod m where g is the base, e is the exponent and m is the modulus. The required modular exponentiation is computed by a series of modular multiplications. Optimized algorithms are required for various platforms, especially for lower-end platforms. These require the algorithms to be efficient and consume as little resources as possible. In these dissertation algorithms for integer multiplication, modular reduction and modular exponentiation, was developed and implemented in software, as required for public-key cryptography. A detailed analysis of these algorithms is given, as well as exact measurement of the computational speed achieved by each algorithm. This research shows that a total speed improvement of 13% can be achieved on existing modular exponentiation based public-key cryptosystems, in particular for the RSA cryptosystem. Three novel approaches are also presented for improving the decryption speed efficiency of the RSA algorithm. These methods focus on the selection of the decryption exponent by careful consideration of the difference between the two primes p and q. The resulting reduction of the decryption exponent improves the decryption speed by approximately 45%. / Dissertation (MEng (Electronics))--University of Pretoria, 2006. / Electrical, Electronic and Computer Engineering / unrestricted

Modular multiplication

Modular reduction

Rsa decryption

Montgomery reduction

Karatsuba-ofman multiplication

Addition chains

Chinese remainder theorem

Public-key cryptosystems

Rsa

Modular exponentiation

UCTD

Método de multiplicação de baixa potência para criptosistema de chave-pública. / Low-power multiplication method for public-key cryptosystem.

João Carlos Néto

07 May 2013

Esta tese estuda a utilização da aritmética computacional para criptografia de chave pública (PKC Public-Key Cryptography) e investiga alternativas ao nível da arquitetura de sistema criptográfico em hardware que podem conduzir a uma redução no consumo de energia, considerando o baixo consumo de potência e o alto desempenho em dispositivos portáteis com energia limitada. A maioria desses dispositivos é alimentada por bateria. Embora o desempenho e a área de circuitos consistem desafios para o projetista de hardware, baixo consumo de energia se tornou uma preocupação em projetos de sistema críticos. A criptografia de chave pública é baseada em funções aritméticas como a exponenciação e multiplicação módulo. PKC prove um esquema de troca de chaves autenticada por meio de uma rede insegura entre duas entidades e fornece uma solução de grande segurança para a maioria das aplicações que devem trocar informações sensíveis. Multiplicação em módulo é largamente utilizada e essa operação aritmética é mais complexa porque os operandos são números extremamente grandes. Assim, métodos computacionais para acelerar as operações, reduzir o consumo de energia e simplificar o uso de tais operações, especialmente em hardware, são sempre de grande valor para os sistemas que requerem segurança de dados. Hoje em dia, um dos mais bem sucedidos métodos de multiplicação em módulo é a multiplicação de Montgomery. Os esforços para melhorar este método são sempre de grande importância para os projetistas de hardware criptográfico e de segurança em sistemas embarcados. Esta pesquisa trata de algoritmos para criptografia de baixo consumo de energia. Abrange as operações necessárias para implementações em hardware da exponenciação e da multiplicação em módulo. Em particular, esta tese propõe uma nova arquitetura para a multiplicação em módulo chamado \"Parallel k-Partition Montgomery Multiplication\" e um projeto inovador em hardware para calcular a exponenciação em módulo usando o sistema numérico por resíduos (RNS). / This thesis studies the use of computer arithmetic for Public-Key Cryptography (PKC) and investigates alternatives on the level of the hardware cryptosystem architecture that can lead to a reduction in the energy consumption by considering low power and high performance in energy-limited portable devices. Most of these devices are battery powered. Although performance and area are the two main hardware design goals, low power consumption has become a concern in critical system designs. PKC is based on arithmetic functions such as modular exponentiation and modular multiplication. It produces an authenticated key-exchange scheme over an insecure network between two entities and provides the highest security solution for most applications that must exchange sensitive information. Modular multiplication is widely used, and this arithmetic operation is more complex because the operands are extremely large numbers. Hence, computational methods to accelerate the operations, reduce the energy consumption, and simplify the use of such operations, especially in hardware, are always of great value for systems that require data security. Currently, one of the most successful modular multiplication methods is Montgomery Multiplication. Efforts to improve this method are always important to designers of dedicated cryptographic hardware and security in embedded systems. This research deals with algorithms for low-power cryptography. It covers operations required for hardware implementations of modular exponentiation and modular multiplication. In particular, this thesis proposes a new architecture for modular multiplication called Parallel k-Partition Montgomery Multiplication and an innovative hardware design to perform modular exponentiation using Residue Number System (RNS).

Aritmética de alta performance

Baixa potência

Base numérica alta

Criptografia

Sistema numérico por resíduos

Tolerante a falhas

Cryptography

Fault-tolerant

High-radix

High-speed arithmetic

Low-power

Residue number system

Método de multiplicação de baixa potência para criptosistema de chave-pública. / Low-power multiplication method for public-key cryptosystem.

Néto, João Carlos

07 May 2013

Esta tese estuda a utilização da aritmética computacional para criptografia de chave pública (PKC Public-Key Cryptography) e investiga alternativas ao nível da arquitetura de sistema criptográfico em hardware que podem conduzir a uma redução no consumo de energia, considerando o baixo consumo de potência e o alto desempenho em dispositivos portáteis com energia limitada. A maioria desses dispositivos é alimentada por bateria. Embora o desempenho e a área de circuitos consistem desafios para o projetista de hardware, baixo consumo de energia se tornou uma preocupação em projetos de sistema críticos. A criptografia de chave pública é baseada em funções aritméticas como a exponenciação e multiplicação módulo. PKC prove um esquema de troca de chaves autenticada por meio de uma rede insegura entre duas entidades e fornece uma solução de grande segurança para a maioria das aplicações que devem trocar informações sensíveis. Multiplicação em módulo é largamente utilizada e essa operação aritmética é mais complexa porque os operandos são números extremamente grandes. Assim, métodos computacionais para acelerar as operações, reduzir o consumo de energia e simplificar o uso de tais operações, especialmente em hardware, são sempre de grande valor para os sistemas que requerem segurança de dados. Hoje em dia, um dos mais bem sucedidos métodos de multiplicação em módulo é a multiplicação de Montgomery. Os esforços para melhorar este método são sempre de grande importância para os projetistas de hardware criptográfico e de segurança em sistemas embarcados. Esta pesquisa trata de algoritmos para criptografia de baixo consumo de energia. Abrange as operações necessárias para implementações em hardware da exponenciação e da multiplicação em módulo. Em particular, esta tese propõe uma nova arquitetura para a multiplicação em módulo chamado \"Parallel k-Partition Montgomery Multiplication\" e um projeto inovador em hardware para calcular a exponenciação em módulo usando o sistema numérico por resíduos (RNS). / This thesis studies the use of computer arithmetic for Public-Key Cryptography (PKC) and investigates alternatives on the level of the hardware cryptosystem architecture that can lead to a reduction in the energy consumption by considering low power and high performance in energy-limited portable devices. Most of these devices are battery powered. Although performance and area are the two main hardware design goals, low power consumption has become a concern in critical system designs. PKC is based on arithmetic functions such as modular exponentiation and modular multiplication. It produces an authenticated key-exchange scheme over an insecure network between two entities and provides the highest security solution for most applications that must exchange sensitive information. Modular multiplication is widely used, and this arithmetic operation is more complex because the operands are extremely large numbers. Hence, computational methods to accelerate the operations, reduce the energy consumption, and simplify the use of such operations, especially in hardware, are always of great value for systems that require data security. Currently, one of the most successful modular multiplication methods is Montgomery Multiplication. Efforts to improve this method are always important to designers of dedicated cryptographic hardware and security in embedded systems. This research deals with algorithms for low-power cryptography. It covers operations required for hardware implementations of modular exponentiation and modular multiplication. In particular, this thesis proposes a new architecture for modular multiplication called Parallel k-Partition Montgomery Multiplication and an innovative hardware design to perform modular exponentiation using Residue Number System (RNS).

Aritmética de alta performance

Baixa potência

Base numérica alta

Criptografia

Cryptography

Fault-tolerant

High-radix

High-speed arithmetic

Low-power

Residue number system

Sistema numérico por resíduos

Tolerante a falhas

ARQUITETURAS DE CRIPTOGRAFIA DE CHAVE PÚBLICA: ANÁLISE DE DESEMPENHO E ROBUSTEZ / PUBLIC-KEY CRYPTOGRAPHY ARCHITECTURES: PERFORMANCE AND ROBUSTNESS EVALUATION

Perin, Guilherme

15 April 2011

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Given the evolution of the data communication field, and the resulting increase of the information flow in data, networks security became a major concern. Modern cryptographic methods are mathematically reliable. However their implementation in hardware leaks confidential information through side-channels like power consumption and electromagnetic emissions. Although performance issues are crucial for a hardware design, aspects of robustness against attacks based on side-channel informations have gained much attention in recent years. This work focuses on hardware architectures based on the RSA public-key algorithm, originally proposed in 1977 by Rivest, Shamir and Adleman. This algorithm has the modular exponentiation as its main operation and it is performed through successive modular multiplications. Because the RSA involves integers of 1024 bits or more, the inherent division of modular multiplications became the main concern. The Montgomery algorithm, proposed in 1985, is a largely used method for hardware designs of modular multiplications, because it avoids divisions and all operations are performed in a multiple-precision context with all terms represented in a numerical base, generally, a power of two. This dissertation proposes a systolic architecture able to perform the Montgomery modular multiplication with multiple-precision arithmetic. Following, an improvement to the systolic architecture is presented, through an architecture that computes the Montgomery multiplication by multiplexing the multi-precision arithmetic processes. The multiplexed architecture is employed in the left-to-right square-and-multiply and square-and-multiply always modular exponentiation methods and is subjected to SPA (Simple Power Analysis) and SEMA (Simple Electromagnetic Analysis) side-channel attacks and robustness aspects are analysed. Different word sizes (numerical bases) are applied as well as different input operands. As an improvement to SPA and SEMA attacks, the power consumption and electromagnetic traces are demodulated in amplitude to eliminate the clock harmonics influence in the acquired traces. Finally, interpretations, conclusions and countermeasure propositions to the multiplexed architecture against the implemented side-channel attacks are presented. / Com a expansão da área de comunicação de dados e o consequente aumento do fluxo de informações, a segurança tem se tornado uma grande preocupação. Apesar dos métodos criptográficos modernos serem matematicamente seguros, sua implementação em hardware tende a apresentar fugas de informações confidenciais por canais laterais, tais como consumo de potência e emissões eletromagnéticas. Embora questões de desempenho sejam cruciais para um projeto de hardware, aspectos de robustez contra ataques baseados em fugas de informações por canais laterais tem ganhado maior atenção nos últimos anos. Neste trabalho, explora-se arquiteturas em hardware voltadas para o algoritmo de chave pública RSA, originalmente proposto em 1977 por Rivest, Shamir e Adleman. Este algoritmo possui como principal operação a exponenciação modular, e esta é calculada através de sucessivas multiplicações modulares. Sendo que o RSA envolve números inteiros da ordem de 1024 bits ou mais, a operação de divisão inerente em multiplicações modulares torna-se o principal problema. O algoritmo de Montgomery, proposto em 1985, é um método bastante utilizado na implementação da multiplicação modular em hardware, pois além de evitar divisões, trabalha em um contexto de precisão múltipla com termos representados por bases numéricas, geralmente, potências de dois. Dentro deste contexto, propõe-se inicialmente uma arquitetura sistólica, baseada nas propriedades de aritmética de precisão múltipla do Algoritmo de Montgomery. Em seguida, apresenta-se uma melhoria para a arquitetura sistólica, através de uma arquitetura que realiza a multiplicação modular de Montgomery voltada à multiplexação dos processos aritméticos. A arquitetura multiplexada é empregada nos métodos de exponenciação modular left-to-right square-and-multiply e square-and-multiply always e é submetida a ataques por canais laterais SPA (Simple Power Analysis) e SEMA (Simple Electromagnetic Analysis) e aspectos de robustez da arquitetura multiplexada são analisados para diversos tamanhos de palavras (base numérica do algoritmo de Montgomery). Como proposta de melhoria aos ataques por canais laterais simples, os traços de consumo de potência e emissão eletromagnética são demodulados em amplitude de modo a eliminar a influência das harmônicas do sinal de clock sobre os traços coletados. Por fim, interpretações e conclusões dos resultados são apresentados, assim como propostas de contra-medidas para a arquitetura multiplexada com relação aos ataques por canais laterais realizados.

Criptografia de chave pública

RSA

Exponenciação modular

Multiplicação modular de montgomery

Ataques por canais laterais

Public-key cryptography

RSA

Side-channel attacks

Contrer l'attaque Simple Power Analysis efficacement dans les applications de la cryptographie asymétrique, algorithmes et implantations / Thwart simple power analysis efficiently in asymmetric cryptographic applications, algorithms and implementations

Robert, Jean-Marc

08 December 2015

Avec le développement des communications et de l'Internet, l'échange des informations cryptées a explosé. Cette évolution a été possible par le développement des protocoles de la cryptographie asymétrique qui font appel à des opérations arithmétiques telles que l'exponentiation modulaire sur des grands entiers ou la multiplication scalaire de point de courbe elliptique. Ces calculs sont réalisés par des plates-formes diverses, depuis la carte à puce jusqu'aux serveurs les plus puissants. Ces plates-formes font l'objet d'attaques qui exploitent les informations recueillies par un canal auxiliaire, tels que le courant instantané consommé ou le rayonnement électromagnétique émis par la plate-forme en fonctionnement.Dans la thèse, nous améliorons les performances des opérations résistantes à l'attaque Simple Power Analysis. Sur l'exponentiation modulaire, nous proposons d'améliorer les performances par l'utilisation de multiplications modulaires multiples avec une opérande commune optimisées. Nous avons proposé trois améliorations sur la multiplication scalaire de point de courbe elliptique : sur corps binaire, nous employons des améliorations sur les opérations combinées AB,AC et AB+CD sur les approches Double-and-add, Halve-and-add et Double/halve-and-add et l'échelle binaire de Montgomery ; sur corps binaire, nous proposons de paralléliser l'échelle binaire de Montgomery ; nous réalisons l'implantation d'une approche parallèle de l'approche Right-to-left Double-and-add sur corps premier et binaire, Halve-and-add et Double/halve-and-add sur corps binaire. / The development of online communications and the Internet have made encrypted data exchange fast growing. This has been possible with the development of asymmetric cryptographic protocols, which make use of arithmetic computations such as modular exponentiation of large integer or elliptic curve scalar multiplication. These computations are performed by various platforms, including smart-cards as well as large and powerful servers. The platforms are subject to attacks taking advantage of information leaked through side channels, such as instantaneous power consumption or electromagnetic radiations.In this thesis, we improve the performance of cryptographic computations resistant to Simple Power Analysis. On modular exponentiation, we propose to use multiple multiplications sharing a common operand to achieve this goal. On elliptic curve scalar multiplication, we suggest three different improvements : over binary fields, we make use of improved combined operation AB,AC and AB+CD applied to Double-and-add, Halve-and-add and Double/halve-and-add approaches, and to the Montgomery ladder ; over binary field, we propose a parallel Montgomery ladder ; we make an implementation of a parallel approach based on the Right-to-left Double-and-add algorithm over binary and prime fields, and extend this implementation to the Halve-and-add and Double/halve-and-add over binary fields.

Cryptographie

Protocole asymétrique

Arithmétique des corps finis

Exponentiation modulaire

Opération combinée

Implantation parallèle

Échelle binaire de Montgomery

Cryptography

Asymmetric protocol

Finite field arithmetic

Modular exponentiation

Elliptic curve scalar multiplication

Opération combinée

Parallel implementation

Montgomery's binary ladder

005.8