Abstract
Montgomery’s modular multiplication algorithm has enabled considerable progress to be made in the speeding up of RSA cryptosystems. Perhaps the systolic array implementation stands out most in the history of its success. This article gives a brief history of its implementation in hardware, taking a broad view of the many aspects which need to be considered in chip design. Among these are trade-offs between area and time, higher radix methods, communications both within the circuitry and with the rest of the world, and, as the technology shrinks, testing, fault tolerance, checker functions and error correction. We conclude that a linear, pipelined implementation of the algorithm may be part of best policy in thwarting differential power attacks against RSA.
Chapter PDF
Similar content being viewed by others
KeyWords
References
T. Blum & C. Paar,“Montgomery Modular Exponentiation on Reconfigurable Hard-Ware”, Proc. 14th IEEE Symp. on Computer Arithmetic,Adelaide, 14-16 April 1999,IEEE Press (1999) 70–77
D. Boneh, R. DeMillo & R. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults”, Eurocrypt x2019;97, Lecture Notes in Computer Science, vol. 1233, Springer-Verlag (1997) 37–51
R. P. Brent & H. T. Kung,“The Area-Time Complexity of Binary Multiplication”, J.ACM 28 (1981) 521–534
R. P. Brent & H. T. Kung, “A Regular Layout for Parallel Adders”, IEEE Trans. Comp. C-31 no. 3 (March 1982) 260–264
E. F. Brickell,“A Fast Modular Multiplication Algorithm with Application to Two Key Cryptography”, Advances in Cryptology-CRYPTO’ 82, Chaum et al. (eds.),New York, Plenum (1983) 51–60
S. E. Eldridge, “A Faster Modular Multiplication Algorithm”, Intern. J. Computer Math. 40 (1991) 63–68
S. E. Eldridge & C. D. Walter, “Hardware Implementation of Montgomery’s Mo-dular Multiplication Algorithm”, IEEE Trans. Comp. 42 (1993) 693–699
G. Gerwig & M. Kroener, “Floating Point Unit in Standard Cell Design with 116 bit Wide Dataflow”, Proc. 14th IEEE Symp. on Computer Arithmetic, Adelaide, 14-16 April 1999, IEEE Press (1999) 266–273
D. E. Knuth, The Art of Computer Programming, vol. 2, Seminumerical Algorithms, 2nd Edition, Addison-Wesley (1981) 441–466
N. Koblitz, A Course in Number Theory and Cryptography, Graduate Texts in Mathematics 114, Springer-Verlag (1987)
Ç. K. Koç, T. Acar & B. S. Kaliski, “Analyzing and Comparing Montgomery Multiplication Algorithms”, IEEE Micro 16 no.3 (June 1996) 26–33
P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”, Advances in Cryptology,Proc Crypto 96, Lecture Notes in Computer Science 1109, N. Koblitz editor, Springer-Verlag (1996) 104–113
P. Kocher, J. Jaffe & B. Jun, Introduction to Differential Power Analysis and Related Attacks at http://www.cryptography.com/dpa
P. Kornerup,“A Systolic, Linear-Array Multiplier for a Class of Right-Shift Algo-rithms”, IEEE Trans. Comp. 43 no. 8 (1994) 892–898
W. K. Luk & J. E. Vuillemin, “Recursive Implementation of Optimal Time VLSI Integer Multipliers”, VLSI’ 83, F. Anceau & E.J. Aas (eds.), Elsevier Science (1983) 155–168
K. Mehlhorn & F. P. Preparata, “Area-Time Optimal VLSI Integer Multiplier with Minimum Computation Time”, Information & Control 58 (1983) 137–156
P. L. Montgomery, “Modular Multiplication without Trial Division”, Math. Computation 44 (1985) 519–521
S. F. Obermann, H. Al-Twaijry & M. J. Flynn, “The SNAP Project: Design of Floating Point Arithmetic Units”, Proc. 13th IEEE Symp. on Computer Arith., Asilomar, CA, USA, 6–9 July 1997, IEEE Press (1997) 156–165
F. P. Preparata & J. Vuillemin, “Area-Time Optimal VLSI Networks for computing Integer Multiplication and Discrete Fourier Transform”, Proc. ICALP, Haifa, Israel, 1981, 29–40
R. L. Rivest, A. Shamir & L. Adleman, “A Method for obtaining Digital Signatures and Public-Key Cryptosystems”, Comm. ACM 21 (1978) 120–126
A. van Someren & C. Attack, The ARM RISC Chip: a programmer’s guide, Addison-Wesley (1993)
J. Vuillemin, P. Bertin, D. Roncin, M. Shand, H. Touati & P. Boucard, “ Pro-grammable active memories: Reconfigurable systems come of age”,, IEEE Trans. on VLSI Systems 5 no. 2 (June 1997) 211–217
C. S. Wallace, “A Suggestion for a Fast Multiplier”, IEEE Trans.Electronic Com-puters EC-13 no. 2 (Feb. 1964) 14–17
C. D. Walter, “Fast Modular Multiplication using 2-Power Radix”, Intern. J.Computer Maths. 39 (1991) 21–28
C. D. Walter, “Faster Modular Multiplication by Operand Scaling”, Advances in Cryptology-CRYPTO’ 91, J. Feigenbaum (ed.), Lecture Notes in Computer Science 576, Springer-Verlag (1992) 313–323
C. D. Walter, “Systolic Modular Multiplication”, IEEE Trans. Comp. 42 (1993) 376–378
C. D. Walter, “Space/Time Trade-offs for Higher Radix Modular Multiplication using Repeated Addition”, IEEE Trans. Comp. 46 (1997) 139–141
C. D. Walter, “Exponentiation using Division Chains”, IEEE Trans. Comp. 47 no.7 (July 1998) 757–765
C. D. Walter, “Moduli for Testing Implementations of the RSA Cryptosystem”, Proc. 14th IEEE Symp. on Computer Arithmetic, Adelaide, 14-16 April 1999, IEEE Press (1999) 78–85
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Walter, C.D. (1999). Montgomery’s Multiplication Technique: How to Make It Smaller and Faster. In: Koç, Ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems. CHES 1999. Lecture Notes in Computer Science, vol 1717. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48059-5_9
Download citation
DOI: https://doi.org/10.1007/3-540-48059-5_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66646-2
Online ISBN: 978-3-540-48059-4
eBook Packages: Springer Book Archive