JP3321416B2 - Arithmetic device with correction processing and program recording medium therefor - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention is applied to, for example, a modulo operation device in information security. In particular, an operation in which the most significant digit (bit) is limited to a variable M input of 1 and the bit length of the variable M cannot be arbitrarily selected. In the device, the variable M
The present invention relates to an arithmetic unit with a correction process that can execute an arithmetic process even when a parameter N having a shorter bit length is input, and a program recording medium thereof.

[0002]

2. Description of the Related Art In an arithmetic device in which the range of a variable M is limited by a power of 2 such that R / 2 < M <R, R = 2 ^m (R is determined when M is given), N is R / 2. < M <R M
If N <R / 2, which does not satisfy the condition that can be substituted into N, the value of 2 is S = 2 ⁿ and the range of N can be expressed as S / 2 < N <S, the correction processing is performed by a simple bit shift Specifically, r = R / S = 2 ^mn and M = Nr
It was common to make some corrections. Therefore, for example, the arithmetic unit is a division unit, and the range of the variable M is R / 2.
A / N for those limited to < M <R, R = 2 ^m
If it is desired to obtain a result, M is substituted for N, Ar is substituted for A, and the result A obtained by the division device is obtained.
The result A / N was obtained by r / M. In general, M
Is only limited in range, and a specific value is determined by N.

For example, if N = 7 and m = 4, n = 3
S = 8 = 2 ³ , R = 16 = 2 ⁴ , and r = 2 ⁴⁻³ = 2
Thus, M = 14. The arithmetic unit is a remainder unit,
If it is desired to obtain a result Amod N, M is substituted for N, and the result Amod M obtained by the remainder device is further modified by mod N
Amod N was obtained by performing some correction processing. At this time, if the computing device taking mere remainder, but no sense since correction processing after an arithmetic unit inside the processing is the same as the extension, the remainder of performing A ^B mod M, the computation of such ABMOD M efficient when using a device, the correction for obtaining a remainder by further modulo N the results obtained are shown as post-treatment, what they really want a ^B mod N, was getting ABMOD N. Therefore, the method of correcting by shifting the method is effective.

[0004] However, in the case of the remainder device, the input M often has a certain limit. For example, for speeding up, RNS (Residue Num) using the Chinese remainder theorem
ber System), an operation to assemble with a remainder system, and a Montgomery Reduction
There is a high-speed processing of the remainder operation using. Therefore, multiplying or dividing by a power of 2 by shifting data is often used as a speed-up technique. However, if the factor of 2 is included in M as an intermediate operation, M
Since r of = Nr is a factor of 2, the operation itself does not hold, that is, the greatest common divisor gcd (2, M) of 2 and M may not be allowed.

[0005] For example, in the case of a Montgomery arithmetic unit that wants to execute XR ^-1 mod M, X mod MR = (XM ^-1 mod R) M
In order to utilize the so-called Chinese Remainder Theorem of + (XR ^-1 mod M) R, M and R must be disjoint. Therefore, the XR ^-1 mod is obtained by a shift by 2 power of ((Xmod MR)-(XM ^-1 mod R) M) / R and a remainder operation of 2 power.
Although the operation of M is configured, R cannot be a factor of 2 because R is power of 2. Therefore, it is difficult to correct M with the above-mentioned power-of-two correction term r to generate M.

[0006]

SUMMARY OF THE INVENTION An object of the present invention is to correct a parameter N having a bit length shorter than an input M of a given arithmetic unit by multiplying it by r to make the bit length an allowable bit length of the arithmetic unit. Another object of the present invention is to provide an arithmetic unit with correction processing, and another object of the present invention is to provide an arithmetic unit with correction processing having means for selecting a correction term r that does not include a factor that the arithmetic unit cannot accept, such as a factor of 2. is there.

[0007]

[MEANS FOR SOLVING THE PROBLEMS] R / 2 < M <R, R = 2
^In an arithmetic device in which the range of the input variable M is limited by a value of 2 to ^m , when N is N <R / 2 that does not satisfy the input condition of R / 2 < M <R, When the range of N is expressed as S / 2 < N <S when the value of 2 is S = 2 ⁿ , 3S / 4 and N are compared in magnitude and classified into cases.
The present invention is characterized by giving r a selection range other than 2 powers. That is, if 3S / 4 < N <S, the necessary and sufficient condition for M = Nr to be R / 2 < M <R is R / 2 < 3.
Since Sr / 4 and Sr < R, 2 ^{m−n +} 1/3 < r <
An integer in the range of 2 ^mn can be used as the correction term r. On the other hand, S /
If 2 < N <3S / 4, the necessary and sufficient conditions for R / 2 < M <R are R / 2 < Sr / 2 and 3Sr / 4 < R, so that 2 ^mn < r < 2 ^m− an integer of ^{n + 2/3} scope can correction term r.

Since the correction term has a certain range, as a result, in response to a request not to include the factor of 2 in r, for example,
By selecting the value of r, a desired correction term can be determined.

[0009]

Embodiments of the present invention will be described below in detail with reference to the drawings. In the following embodiment, the arithmetic unit 30 determines that the input variable M is R / 2 < M <R, R = 2 ^m
It is assumed that the input value N is limited to the range of a power of 2 and that the input value N can be expressed in the range of S / 2 < N <S with the value of the power of 2 S = 2 ⁿ . First Embodiment An input value N is input by input means 10 such as a register. The first correction processing means 20 performs the following correction processing on the input value N. First, N >
It is determined whether or not 3S / 4, and if 3S / 4 < N <S,
If the integer selecting means 22 selects an integer in the range of ^{2m −n +} 1/3 < r < ^2mn as the correction term r, while the determining means 22 determines that S / 2 < N <3S / 4 The integer selection means 23 selects an integer in the range of 2 ^mn < r < 2 ^{m−n +} 2/3 as the correction term r. For the selection of r, for example, if a value with a small number of 1s is selected in binary notation, the number of shifts can be reduced in the calculation of Nr. Thus, for example, r is automatically selected so as to be convenient for the calculation processing. What should I do? Correction corresponding to N with r selected by the integer selection means 22 or 23 by the correction means 24 is made as Nr, and M = N
It is input to the arithmetic unit 30 as r. The arithmetic unit 30 performs an arithmetic operation on the M.

As a specific example, a division device that divides A is assumed as the arithmetic device 30, and Ar is output to the input A according to a correction term r determined by the correction processing.
At 0, Ar / M is executed, and the result is input to the output means (for example, a register) 40 as a result of A / N. The input A is assumed to be in the arithmetic unit 30, but may be input from the outside. Second Embodiment As an arithmetic unit 30, an input M is a modulo, and a processing result is modulo M
In the case where the present invention is applied to a remainder operation device characterized by taking a remainder by the following formula, parts corresponding to those in FIG. 1 are denoted by the same reference numerals. That is, the input value N is selected by the first correction processing means 20 in the same manner as in the case of FIG. 1, an integer r is selected, correction is made on N, and the correction value Nr is input to the remainder arithmetic unit 30 as M. In this case, the remainder arithmetic unit 30
The correction processing is performed by the second correction processing means 50 which takes the remainder of the result A obtained from the above by the modulus N. The principle is Amod M =
From the Chinese remainder theorem of (AN ^-1 mod r) N + (Ar ^-1 mod N) r, taking these two sides as a remainder by N, (A mod
M) Mod N = A mod N is used.

[0011] At this time, if the computing device taking mere remainder, but no sense since correction processing after the computation device is the same as the variation, A ^B mod M, ABmod
When using a modular device for performing calculation of M effectively, as a post-processing, what they really want only correction for obtaining a remainder by results obtained are modulo N A ^B mod N, the benefit in that ABMOD N is obtained large. Although not shown in FIG. 2, A and B are also input to the arithmetic unit 30. Arithmetic unit 30 in the third embodiment the second embodiment, in place of the ^{XR -1 mod M, Xmod MR =} (XM -1 mod R) M + (XR -1
mod M) Utilizing the so-called Chinese Remainder Theorem,
When the operation ((Xmod MR)-(XM ^-1 mod R) M) / R is a Montgomery arithmetic device constituted by a power-of-two shift and a power-of-two remainder, a limiting condition of gcd (2, M) = 1 On the other hand, when N is similarly restricted under the restriction condition of gcd (2, N) = 1, the condition of gcd (2, r) = 1 as shown in FIG. It is added to the integer selection means 22 and 23 in one correction processing means 20. In choosing r
Since the condition of gcd (2, M) = 1 is set, factors that the arithmetic unit 30 cannot tolerate, such as the factor of 2, are not included. Fourth Embodiment The selection range of r is further limited by the integer selection units 22 and 23 in the first correction processing unit 20 of the third embodiment.
If 3S / 4 < N <S as shown in FIG.
2, r = 2 ^mn −1, and if S / 2 < N <3S / 4, r = 2 ^mn +1 by the integer selection unit 23 and Nr = 2 ^mn N−N when M is obtained by the correction unit 24. Or Nr
= 2 ^mn N + N. Fifth Embodiment In the first correction processing means 20 of the first embodiment, as processing equivalent to the condition determination regarding 3S / 4 < N <S or S / 2 < N <3S / 4 regarding N, As shown in FIG. 5, the integer selecting means 22 or 23 may perform the integer selection by the determining means 21 depending on whether the second bit from the most significant digit of N is 1 or 0. 3S / 4 < N <S or S / 2
When the condition determination of < N <3S / 4 is displayed in a binary number, FIG.
The condition determination shown in FIG. The condition determination shown in FIG. 5 can be used instead of the condition determination N> 3S / 4 in FIGS. 2, 3, and 4.

[0012]

According to the above embodiments, the additional processing is performed on the arithmetic unit whose data length that can be handled is limited.
An arithmetic unit that can handle more general-purpose values can be provided. The apparatus of the present invention can also function by a computer reading and decoding a program.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a functional configuration of a first embodiment of the present invention.

FIG. 2 is a block diagram showing a functional configuration of a second embodiment of the present invention.

FIG. 3 is a block diagram showing a functional configuration of a third embodiment of the present invention.

FIG. 4 is a block diagram showing a functional configuration of a fourth embodiment of the present invention.

FIG. 5 is a block diagram showing a functional configuration of a fifth embodiment of the present invention.

────────────────────────────────────────────────── ─── Continued on the front page (58) Field surveyed (Int. Cl. ⁷ , DB name) G09C 1/00 650 G06F 7/552 G06F 7/72 JICST file (JOIS)

Claims (12)

(57) [Claims] 1. An input variable value M is R / 2 < M <R, R =
Use an arithmetic unit that is restricted to the range of 2 power values of 2 ^m
A range expressed by S / 2 < N <S with a power-of-two value S = 2 ⁿ and an input value N satisfying N <R / 2, and calculating by inputting: N > 3S / 4 Determination means for determining whether or not 3S / 4 < N <S;
first integer selecting means for selecting an integer r in a range of ^{m−n +} 1/3 < r < 2 ^mn; and when the determining means determines that S / 2 < N <3S / 4, 2
a second integer selecting means for selecting an integer r in a range of ^mn < r < ^{2m -n +} 2/3; and a correcting means for multiplying the input value N by the selected integer r to obtain an input M of the arithmetic unit. And an arithmetic unit with a correction process. 2. An input variable value M is R / 2 < M <R, R =
Use an arithmetic unit that is restricted to the range of 2 power values of 2 ^m
And a device for inputting and calculating an input value N satisfying a power of 2 S = 2 ⁿ and a range expressed by S / 2 < N <S, and N <R / 2. The second bit from the most significant digit is 1 or 0
Determination means for determining whether or not, and when the determination means determines 1, ^{2m−n +} 1/3 < r < 2
first integer selecting means for selecting an integer r from a range of ^mn, and when the determining means determines 0, 2 ^mn < r < 2 ^{m-n + 2}
A second integer selection means for selecting an integer r from a range of / 3, and a correction means for multiplying the input value N by the selected integer r to obtain an input M of the arithmetic device. An arithmetic unit with correction processing. 3. An input variable value M is R / 2 < M <R, R =
Using an arithmetic unit restricted to the range of 2 power values of 2 ^{m, the} input is expressed as S / 2 < N <S with a power of 2 value S = 2 ⁿ and N <R / 2. An apparatus for calculating by inputting a value N, and determining means for determining whether N > 3S / 4, and when the determining means determines 3S / 4 < N <S, r = 2
first integer selecting means for selecting an integer r of ^mn- 1; and when the determining means determines that S / 2 < N <3S / 4, r
= 2 ^mn +1. A second integer selection means for selecting an integer r, and a correction means for multiplying the input value N by the selected integer r to obtain an input M of the arithmetic unit. An arithmetic unit with processing. 4. An input variable value M is R / 2 < M <R, R =
Using an arithmetic unit restricted to the range of 2 power values of 2 ^{m, the} input is expressed as S / 2 < N <S with a power of 2 value S = 2 ⁿ and N <R / 2. A device for calculating by inputting a value N, wherein the second bit from the most significant digit of the input value N is 1 or 0
A first integer selecting means for selecting an integer r such that r = 2 ^mn -1 if the determining means determines 1; and r = 2 if the determining means determines 0. a second integer selecting means for selecting an integer r of ^mn + 1; and a correcting means for multiplying the input value N by the selected integer r to obtain an input M of the arithmetic unit. An arithmetic unit with processing. 5. The arithmetic device with correction processing according to claim 1, wherein the arithmetic device is a device in which an input M is modulo and a processing result is obtained by the remainder of the modulus M. An arithmetic unit with correction processing, comprising: a correction processing means for taking a remainder of the output result of (i) by a modulus N. 6. The arithmetic unit with correction processing according to claim 5, wherein when the arithmetic unit is R as an integer of 2 power, XR ^-1
To find mod M, the Chinese Remainder Theorem gives ((Xmo
d MR)-(XM ^-1 mod R) M) / R is a Montgomery arithmetic device that obtains an operation by a power-of-two shift or a remainder of power-of-two, wherein gcd (2, r) is used by the first and second integer selection means. = 1 is also a selection condition. 7. An input variable value M is R / 2 < M <R, R =
Use an arithmetic unit that is restricted to the range of 2 power values of 2 ^m
There are two Nobekine S = range 2 ⁿ is expressed by S / 2 <N <S, and N <a equipment that calculates to input R / 2 becomes the input value N, the input value N means for inputting a whether determination hand the input value is N> 3S / 4
And the step, when the determining means determines that 3S / 4 <N <S, 2
first selecting means for selecting an integer r in a range of ^{m−n +} 1/3 < r < 2 ^mn; and when the determining means determines that S / 2 < N <3S / 4, 2
a second selection means for selecting ^{mn <r <2 mn + 2} /3 Scope integer r, the input value N to an integer r multiplied selected above and means for receiving M of the arithmetic unit A computer that stores a program for causing a computer to function as an arithmetic device
Data readable recording medium. 8. An input variable value M is R / 2 < M <R, R =
Use an arithmetic unit that is restricted to the range of 2 power values of 2 ^m
There are two Nobekine S = range 2 ⁿ is expressed by S / 2 <N <S, and N <a equipment that calculates to input R / 2 becomes the input value N, the input value N Whether the second bit from the most significant digit is 1 or 0
Determination means for determining whether or not, and when the determination means determines 1, ^{2m−n +} 1/3 < r < 2
a means for selecting an integer r from the range ^mn, and when the determination means determines 0, 2 ^mn < r < 2 ^{m−n + 2}
/ 3 Scope and means for selecting an integer r, the input value N, functional competent <br/> Yuta in integers r times the above selected as a calculation device and means for receiving M of the arithmetic unit Compiling a program for
A computer-readable recording medium. 9. An input variable value M is R / 2 < M <R, R =
Using an arithmetic unit restricted to the range of 2 power values of 2 ^{m, the} input is expressed as S / 2 < N <S with a power of 2 value S = 2 ⁿ and N <R / 2. An apparatus for calculating by inputting a value N, and determining means for determining whether N > 3S / 4, and when the determining means determines 3S / 4 < N <S, r = 2
first integer selecting means for selecting an integer r of ^mn- 1; and when the determining means determines that S / 2 < N <3S / 4, r
= 2 ^mn +1 as a second integer selecting means for selecting an integer r, and a correcting means comprising a correction means for multiplying the input value N by the selected integer r to obtain an input M of the arithmetic device. A computer-readable recording medium on which a program for causing a computer to function is recorded. 10. An input variable value M is R / 2 < M <R, R
= 2 ^m , the range is expressed as S / 2 < N <S, and N <R / 2, with the power of 2 being S = 2 ⁿ , using an arithmetic device limited to the range of the value of 2 powers. A device for calculating by inputting an input value N, wherein the second bit from the most significant digit of the input value N is 1 or 0
A first integer selecting means for selecting an integer r such that r = 2 ^mn -1 if the determining means determines 1; and r = 2 if the determining means determines 0. a second integer selection means for selecting an integer r of ^mn + 1; and a correction means comprising a correction means for multiplying the input value N by the selected integer r to obtain an input M of the arithmetic device. A computer-readable recording medium on which a program for causing a computer to function is recorded. 11. The recording medium according to claim 7, wherein the arithmetic unit is a remainder arithmetic unit that takes a processing result of the input M modulo and takes a remainder according to the modulus M, and outputs the output result of the remainder arithmetic unit. , Mod N to take the remainder
Recording medium characterized in that it comprises means. 12. The recording medium according to claim 11, wherein the arithmetic unit calculates XR ⁻¹ when R is an integer of 2 power.
To find mod M, the Chinese Remainder Theorem gives ((Xmo
d MR)-(XM ^-1 mod R) M) / R is a Montgomery arithmetic device configured by a power-of-two shift and a power-of-two remainder, wherein the first and second selecting means perform gcd (2, r )
= 1 also is a selected condition recording medium characterized Rukoto.