KR100836737B1 - Apparatus and method for modular multiplication using chhinese remainder theorem and carry save adder - Google Patents

Abstract

비트 최종 가산기를 사용하여 두 개의 n비트 입력 A, B에 대한 곱셈을

클롤 사이클만에 수행하고, 또한 캐리 저장 가산기를 기반으로 하나의 n 비트 모듈러 곱셈 연산과 두 개의 n/2 비트 모듈러 곱셈 연산을 선택적으로 처리할 수 있어 중국인 나머지 정리를 이용한 RSA 복호화 연산을 효율적으로 처리할 수 있는 효과가 있다. The present invention relates to a modular multiplication apparatus and method based on the Chinese Residual Theorem (CRT) and carry storage addition, and more particularly, to implement a Rivest-Shamir-Adleman (RSA) public key cryptography used for data encryption / decryption. The present invention relates to a fast modular multiplication method and a modular multiplication apparatus and method applicable to the Chinese Remainder Theorem (CRT) technique. Modular multiplication according to the present invention utilizes the Boot Encoding technique.

Multiply two n-bit inputs A and B using the bit final adder

It can perform in a crawl cycle only, and can optionally handle one n-bit modular multiplication operation and two n / 2-bit modular multiplication operations based on the carry storage adder to efficiently handle RSA decoding operations using the Chinese remainder theorem. It can work.

Montgomery Modular Multiplication, Carry Storage Adder, Booth Coding, Chinese Rest Theorem

Description

Modular Multiplication Apparatus and Method Based on Chinese Remnant Theorem (CRT) and Carry Storage Addition {APPARATUS AND METHOD FOR MODULAR MULTIPLICATION USING CHHINESE REMAINDER THEOREM AND CARRY SAVE ADDER}

BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a diagram showing a configuration of a modular multiplication apparatus based on Chinese residual theorem (CRT) and carry storage addition according to the present invention;

2 is a detailed view showing data input / output of the first carry storage adder according to the present invention;

3 is a detailed view showing data input / output of a second carry storage adder according to the present invention;

4 is a view illustrating a configuration of a booth recording (BR) unit according to the present invention;

5 is a diagram showing the configuration of a 2-bit adder for calculating the Montgomery reduction number according to the present invention;

6 is a view showing a configuration of a reduction table (RT) unit according to the present invention;

7 is a diagram illustrating a 2-bit adder for carry calculations carried in the next round according to the present invention.

<Explanation of symbols for the main parts of the drawings>

110: first carry storage adder 120: second carry storage adder

130: multiplier storage register 140: booth recording (BR) section

150: 2-bit carry propagation adder 160: reduction table (RT) unit

170: 2-bit carry propagation adder 180: w-bit carry propagation adder

190: Multiplexer

The present invention relates to an encryption technique, and more particularly, to a modular multiplication apparatus and method based on Chinese residual theorem (CRT) and carry storage addition capable of rapidly implementing RSA public key cryptography used for data encryption / decryption. .

The encryption / decryption and digital signature of the RSA public key system use modular exponential power, which is calculated through an iterative operation of modular multiplication. Therefore, when implementing a fast RSA public key cryptosystem, it is important to implement a fast modular multiplication operation. The most widely used algorithm for implementing modular multiplication is the Montgomery multiplication algorithm, which is suitable for hardware implementation because it can replace the division operation required for modular operation with addition and shift operations.

Algorithm 1. Radix-2 Montgomery Multiplication Method

There are two ways to implement a modular multiplier using the Montgomery multiplication algorithm: design a systolic-array structure and use a Carry Save Adder (CSA) to avoid carry propagation delays. The design of the systolic-array structure is to use the 1-bit full adder as the basic structure to expand it by the size of the input value and to increase the clock speed by designing the multiplier with the pipeline structure to eliminate the carry propagation delay. Has advantageous features. However, when designing a high-radix multiplier that handles multiple bits every clock, the latency is caused by the pipeline structure, which complicates the control and degrades the performance. On the other hand, the design using the carry storage adder is suitable for processing thousands of bits of input values at high speed since the carry propagation delay time does not increase even if the input value increases. Both of the above methods increase the number of partial sums that can occur when using the high-radix method for fast multiplication, which causes an increase in the hardware area for calculating (or storing) the subtotals. Power consumption is increased.

비트 최종 가산기를 사용할 경우 두 개의 n비트 입력 A, B에 대한 곱셈을

클록 사이클만에 처리하는 모듈러 곱셈 방법과 하나의 n비트 모듈러 곱셈 연산과 두개의 n/2비트 모듈러 곱셈 연산을 선택적으로 처리할 수 있는 곱셈 장치를 제안하여 RSA암호 시스템 구현의 핵심기술인 모듈러 곱셈기의 고속 구현을 실현함과 동시에 적은 면적(게이트 수)과 적은 전력소모를 갖는 중국인 나머지 정리(CRT)와 캐리 저장 가산 기반의 모듈러 곱셈 장치 및 방법을 제공하는 것을 목적으로 한다. Therefore, the present invention is made to solve the problems of the prior art as described above, the object of the present invention is

Multiply two n-bit inputs A and B when using the bit final adder

We propose a modular multiplication method that handles only clock cycles, and a multiplying device that can selectively process one n-bit modular multiplication operation and two n / 2-bit modular multiplication operations. The aim is to provide a modular multiplication apparatus and method based on the remainder of theorem (CRT) and carry storage addition, which has a small area (gate count) and low power consumption while realizing the implementation.

)을 더하는 연산을 수행하는 제 2 캐리 저장 가산기로 포함하여 구성되는 캐리 저장 가산부, 상기 제 2 캐리 저장 가산기로부터 출력된 CARRY를 저장하고

비트씩 우측 쉬프트할 수 있는 C 레지스터(C_reg), SUM을 저장하고

비트씩 우측 쉬프트할 수 있는 S 레지스터(S_reg), 캐리의 발생 여부를 계산하여 다음 연산 라운드에 반영해주는 2비트 가산기, 모듈러스 입력 (Q,P)를 입력받아, 상기 2비트 가산기에 의한

와 sel_crt의 조건에 따라 1비트 값

와 n+6비트 값 (Q, P)를 출력하는 리덕션 테이블(RT)부, 입력 신호 sel_crt에 따라 1비트 입력값을 제어하는 복수의 다중화기, 상기 캐리 저장 가산부의 중간 결과값으로부터 최종 결과값을 계산하는데 사용되는 두 개의

비트 가산기를 포함하여 이루어지는 것을 특징으로 한다.In order to achieve the above object, the Chinese residual theorem (CRT) and carry storage addition-based modular multiplication apparatus of the present invention includes: a multiplier storage register for storing a multiplier and right shifting according to radix, and information input from the multiplier storage register. And a booth recording (BR) unit for outputting a multiplier determined according to the condition of sel_crt using the multiplicand information, and performing an operation of adding a multiplier output by the booth recording (BR) unit to SUM and CARRY of a previous round. Modulus partial sum by reduction table (RT) part which adds to SUM and CARRY which are the calculation result value of 1 carry storage adder and said 1st carry storage adder (

A carry storage adder configured to include a second carry storage adder for performing an operation of adding a) and a CARRY output from the second carry storage adder.

Save the C register (C_reg), SUM that can be shifted right by bit

S register (S_reg), which can shift right by bit, receives a 2-bit adder and modulus input (Q, P) that calculates whether or not a carry is generated and reflects it in the next operation round.

And 1-bit value according to the condition of sel_crt

And a reduction table (RT) unit for outputting n + 6 bit values (Q, P), a plurality of multiplexers for controlling a 1-bit input value according to the input signal sel_crt, and a final result value from an intermediate result value of the carry storage adder unit. Are used to calculate

And a bit adder.

와

를 출력하는 것을 특징으로 한다.In this case, the multiplier storage register may store n + 1 bit multiplier input and may shift right by 2 bits. In particular, the multiplier storage register stores n + 4 bit multiplier input and n according to the condition of the sel_crt signal. 3-bit information, shifted right by 2 bits in units of +4 or n / 2 + 2 bits

Wow

It characterized in that the output.

를 입력받아 상기 승수 저장 레지스터로부터 입력된 3비트 정보

,

과 sel_crt의 조건에 따라 1비트 값

와 n+4비트 값

를 출력하는 것을 특징으로 하고, 특히, 부스 레코딩(BR)부는 입력 신호 sel_crt가 0일때는

를 하나의 n+2비트 피승수로 취급하여

의 조건에 따라

와 피승수의 배수값을

로 출력하고 sel_crt이 1일 때는

을 두 개의 n/2+1비트 피승수 B', B로 각각 취급하여

와

의 조건에 따라

의 각 배수값을

로 출력하는 것을 특징으로 한다.In addition, the booth recording (BR) unit is multiplier information

3-bit information received from the multiplier storage register

,

And 1-bit value according to the condition of sel_crt

And n + 4 bit values

In particular, when the input signal sel_crt is 0, the booth recording part BR is 0.

Is treated as a single n + 2 bit multiply

Under the terms of

And the multiple of the multiplicand

When sel_crt is 1

Are treated as two n / 2 + 1 bit multipliers B 'and B, respectively.

Wow

Under the terms of

Each multiple of

It characterized in that the output to.

, 그리고 캐리 입력에 대한 덧셈을 수행하여

를 계산하는 2비트 가산기와 SUM의 상위 n/2+3비트

의 최하위 2비트

, 그리고 캐리 입력에 대한 덧셈을 수행하여

를 계산하는 2비트 가산기를 포함하여 이루어지는 것을 특징으로 한다.Further, the 2-bit adder 1 is the least significant 2 bits of the lower n / 2 + 3 bits S of the intermediate result value SUM of the carry storage addition according to claim 4.

, And by doing addition on the carry input

2-bit adder that computes the upper n / 2 + 3 bits of the SUM

Least significant 2 bits of

, And by doing addition on the carry input

It characterized in that it comprises a 2-bit adder for calculating the.

와 N의 최하위 비트 조건에 따라

과 N의 배수값을

로 출력하고 sel_crt가 1일 때는 (Q, P)를 두 개의 n/2비트 모 듈러스 Q와 P로 각각 취급하여

와 Q와 P의 각 최하위 비트 조건에 따라

와 Q, P의 각 배수값을

로 출력하는 것을 특징으로 한다.In addition, when the input signal sel_crt is 0, the reduction table RT treats (Q, P) as one n-bit modulus N.

According to the least significant bit condition of and N

And multiples of N

When sel_crt is 1, (Q, P) is treated as two n / 2-bit modulus Q and P respectively.

And according to each least significant bit condition of Q and P

And each multiple of Q and P

It characterized in that the output to.

비트씩 우측 쉬프트할 수 있는 것을 특징으로 하고, S 레지스터(S_reg)는 sel_crt신호의 조건에 따라 n+4비트 단위 또는 n/2+2비트 단위로

비트씩 우측 쉬프트할 수 있는 것을 특징으로 한다. In addition, the C register C_reg is in n + 4 bit units or n / 2 + 2 bit units depending on the condition of the sel_crt signal.

The bit can be shifted right by bit, and the S register (S_reg) is in n + 4 bit units or n / 2 + 2 bit units depending on the condition of the sel_crt signal.

It is characterized by the ability to shift right by bit.

(여기서

)의 몽고메리 곱셈 연산에 있어서,On the other hand, the modular multiplication method based on the Chinese residual theorem (CRT) and carry storage addition of the present invention, for n + 1-bit input A, B and n-bit modulus N

(here

In Montgomery multiplication

와 피승수 B를 이용하여 부스 레코딩한 결과로 부호 정보인

와 B의 배수값인

를 출력하는 1 단계, 상기 출력된

를 중간 결과값 CARRY와 SUM에 캐리 저장 가산을 취하는 2 단계, 상기 1단계와 2 단계에 의해 출력된 SUM의 최하위 2비트

, 그리고 이전 반복 연산의 결과로 저장된 캐리 입력값인

에 대해 2비트 덧셈을 수행하여 2비트 정보

를 계산하는 3 단계, 상기 계산된 2비트 정보

와 모듈러스 N을 이용하여 부호 정보인

과 N의 배수값인

를 결정하는 4 단계, 상기 결정된

를 중간 결과값 CARRY와 SUM에 캐리 저장 가산을 취하는 5 단계, 다음 반복 연산을 위해 SUM의 최하위 2비트

, 그리고 이전 반복 연산의 결과로 저장된 캐리 입력값인

에 대해 2비트 덧셈을 수행하여 캐리 출력값으로

을 갱신하는 6 단계, 상기 캐리 저장 가산에 의한 CARRY와 SUM을 각각 2비트씩 우측 쉬프트시키는 7 단계, 상기 일련의 과정을

번 반복한 다음 CARRY와 SUM을 더해서 최종 결과값을 출력하는 8 단계를 포함하여 이루어지는 것을 특징으로 한다.
본 명세서에서 사용되고 있는 기호들은 아래와 같이 정의된다.
- A : 승수 정보, 입력신호 sel_crt가 '0'인 경우, 승수 정보 레지스터(A_reg)에 n+2 비트 정보로 저장되고, 반면 sel_crt가 '1'인 경우는 A_reg의 하위 n/2+1 비트 위치에 저장됨
- A' : 승수 정보, 입력신호 sel_crt가 '1'인 경우에 승수 정보 레지스터(A_reg)의 상위 n/2+1 비트에 저장되는 정보
- B : 피승수 정보, 입력신호 sel_crt가 '0'인 경우 피승수 정보 레지스터(B_reg)에 n+2 비트 정보로 저장되고, 반면 sel_crt가 '1'인 경우는 B_reg의 하위 n/2+1 비트 위치에 저장됨
- B' : 피승수 정보 레지스터(B_reg)의 상위 n/2+1 비트에 저장되는 정보
-

: sel_crt가 '0'인 경우는 A_reg의 n+2비트 정보를, sel_crt가 '1'인 경우는 A_reg의 하위 n/2+1 비트 정보를 i번째 부스 레코딩에 사용하는 3비트 입력
-

: sel_crt가 '1'인 경우에 A_reg의 상위 n/2+1 비트 정보(A')를 i번째 부스 레코딩에 사용하는 3비트 입력
-

: 입력신호 sel_crt가 '0'인 경우, B_reg의 전체 정보에 대한 부스 레코딩 결과 중 크기 정보. sel_crt가 '1'인 경우는 B_reg의 하위 n/2+1비트 정보에 대한 부스 레코딩 결과 중 크기 정보
-

: 입력신호 sel_crt가 '1'인 경우는 B_reg의 상위 n/2+1비트 정보에 대한 부스 레코딩 결과 중 크기 정보
-

: 입력 신호 sel_crt가 '0'인 경우, B_reg의 전체 정보에 대한 부스 레코딩 결과 중 부호 정보. sel_crt가 '1'인 경우는 B_reg의 하위 n/2+1비트 정보에 대한 부스 레코딩 결과 중 부호 정보
-

: 입력 신호 sel_crt가 '1'인 경우는 B_reg의 상위 n/2+1비트 정보에 대한 부스 레코딩 결과 중 부호 정보
- S : 캐리저장 가산의 결과 합. 입력신호 sel_crt가 '0'인 경우 S_reg에 n+4 비트 정보로 저장, 반면 sel_crt가 '1'인 경우는 S_reg의 하위 n/2+2 비트 위치에 저장됨
- S' : 캐리저장 가산의 결과 합. sel_crt가 '1'인 경우는 S_reg의 상위 n/2+2 비트 위치에 저장
- C : 캐리저장 가산의 결과 합. 입력신호 sel_crt가 '0'인 경우 C_reg에 n+4 비트 정보로 저장, 반면 sel_crt가 '1'인 경우는 C_reg의 하위 n/2+2 비트 위치에 저장됨
- C' : 캐리저장 가산의 결과 합. sel_crt가 '1'인 경우는 C_reg의 상위 n/2+2 비트 위치에 저장
-

: 캐리저장 결과 합(S)의 i번째 비트.

는 S의 최하위 비트,

는 S의 하위 1번째 비트
-

: 캐리저장 결과 합(S')의 i번째 비트.

는 S'의 최하위 비트,

는 S'의 하위 1번째 비트
-

: 캐리저장 결과 합(C)의 i번째 비트.

는 C의 최하위 비트,

는 C의 하위 1번째 비트
-

: 캐리저장 결과 합(C')의 i번째 비트.

는 C'의 최하위 비트,

는 C'의 하위 1번째 비트
-

: 캐리저장 중간결과 S, C와

및

를 덧셈한 결과 중 하위 2비트.

는 최하위 비트,

는 하위 1번째 비트
-

: sel_crt가 '1'인 경우, 캐리저장 중간결과 S, C와

및

를 덧셈한 결과 중 하위 2비트.

는 최하위 비트,

는 하위 1번째 비트Lower 3 bits of multiplier A

And booth recording using multiplicand B

Is a multiple of and B

Step 1 to output, the output

(2) taking the carry storage addition to the intermediate result values CARRY and SUM, the least significant 2 bits of the SUM output by steps 1 and 2

, And the carry input stored as a result of the previous iteration

2-bit information by performing 2-bit addition to

3 steps of calculating the information, the calculated 2-bit information

Using modulus N and modulus N

Is a multiple of and N

4 steps to determine, determined

Step 5 to carry the carry storage addition to the intermediate result CARRY and SUM, the least significant 2 bits of the SUM for the next iteration

, And the carry input stored as a result of the previous iteration

Performs a 2-bit addition to the carry output

In step 6 of updating, 7 steps of right shifting each of the CARRY and SUM by the carry storage addition by 2 bits, the series of processes

Repeating once and adding the CARRY and SUM characterized in that it comprises the eight steps to output the final result.
Symbols used in the present specification are defined as follows.
-A: multiplier information, if the input signal sel_crt is '0', it is stored as n + 2 bit information in the multiplier information register (A_reg), whereas, if sel_crt is '1', the lower n / 2 + 1 bit of A_reg Saved to location
A ': multiplier information, information stored in the upper n / 2 + 1 bits of the multiplier information register A_reg when the input signal sel_crt is'1'
-B: Multiplicand information, when the input signal sel_crt is '0', it is stored as n + 2 bit information in the multiplicand information register (B_reg), whereas when sel_crt is '1', the lower n / 2 + 1 bit position of B_reg Saved to
B ': Information stored in the upper n / 2 + 1 bits of the multiplicand information register (B_reg)
-

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'
-

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1'
-

: When the input signal sel_crt is '0', size information among booth recording results for the entire information of B_reg. If sel_crt is '1', size information among booth recording results for lower n / 2 + 1 bit information of B_reg
-

: If input signal sel_crt is '1', size information among booth recording results for upper n / 2 + 1 bit information of B_reg
-

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg
-

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg
-S: Sum of result of carry storage addition. If the input signal sel_crt is '0', it is stored as n + 4 bit information in S_reg, whereas if sel_crt is '1', it is stored in the lower n / 2 + 2 bit position of S_reg.
-S ': Sum of the result of the carry storage addition. If sel_crt is '1', it is stored in the upper n / 2 + 2 bit position of S_reg.
-C: Sum of result of carry storage addition. When the input signal sel_crt is '0', it is stored as n + 4 bit information in C_reg, whereas when sel_crt is '1', it is stored in the lower n / 2 + 2 bit position of C_reg.
-C ': Sum of the result of the carry storage addition. If sel_crt is '1', it is stored in the upper n / 2 + 2 bit positions of C_reg.
-

: I-th bit of the carry result sum (S).

Is the least significant bit of S,

Is the lower 1st bit of S
-

: I th bit of the carry result sum (S ').

Is the least significant bit of S ',

Lower 1st bit of S '
-

: I th bit of the carry result sum (C).

Is the least significant bit of C,

Is the lower 1st bit of C
-

: I th bit of the carry result sum (C ').

Is the least significant bit of C ',

Is the lower 1st bit of C '
-

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit
-

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

는 항상 0이므로 mod 2 연산은 CSA 출력SUM의 최하위비트

에 의해 결정되며 나누기 2 연산은 SUM과 CARRY를 1비트 우측 쉬프트시킴으로써 손쉽게 구현이 가능하기 때문이다. 하지만 radix-4 곱셈의 경우에는 SUM과 CARRY를 직접 더하기 전에는 mod 4나 나누기 4 연산을 처리하기 곤란한 문제가 발생한다. 따라서 본 발명은 2비트 가산기를 이용하여 SUM과 CARRY의 최하위 2비트를 더하는 방식을 이용하는 radix-4 몽고메리 모듈러 곱셈 방법을 제안한다. 두 개의 n+1 비트 입력 A, B 그리고 n비트 모듈러 스(modulus) N에 대해 제안하는 radix-4 몽고메리 모듈러 곱셈 알고리즘은 다음과 같은 방법으로 동작한다.The radix-2 multiplication method, such as Algorithm 1 described above, is very efficient when implemented using CSA. Because least significant bit of CSA output CARRY

Is always 0, so the mod 2 operation is the least significant bit of the CSA output SUM.

This is because the division 2 operation can be easily implemented by shifting SUM and CARRY 1 bit to the right. However, in the case of radix-4 multiplication, it is difficult to handle mod 4 or division 4 operations before adding SUM and CARRY directly. Therefore, the present invention proposes a radix-4 Montgomery modular multiplication method using a method of adding the least two bits of SUM and CARRY using a 2-bit adder. The proposed radix-4 Montgomery modular multiplication algorithm for two n + 1 bit inputs A, B and n bit modulus N works in the following way.

은 0이고,

는 B나 2B의 값을 가지며, 음의 배수의 경우에는

는 1이고,

는 B나 2B 비트별 역원인 -B나 -2B이 된다. 과정 5에서는 두 개의 2비트 입력과 1비트 캐리 입력에 대한 2비트 덧셈이 수행되며 그 결과값인

과 N의 두번째 최하위 비트

를 이용하여 다음 과정의 연산에 필요한

과

를 결정하게 된다. 먼저

은 과정 6과 같이 결정되며

는 표 2와 같은 규칙으로 결정되게 된다. 또한 과정 6에서의

C의 최하위 비트를

으로 대체함으로써 손쉽게 처리된다. 과정 16에서는 또 하나의 2비트 덧셈이 수행되며 이때 나누기 4는 2비트 덧셈의 출력 캐리만 다음 반복 연산을 위해 저장하고 나머지 2비트 결과를 버림으로써 간단히 처리된다. 다시 과정 17에서는 C과 S에 대해서 2비트씩 우측 쉬프트시켜 나누기 4를 수행한다. 이러한 일련의 과정을

번 수행함으로써 캐리저장 형태의 모듈러 곱셈 결과값이 C과 S에 저장되며 이로부터 최종 결과값을 얻기 위해 두 값을 더해주는 작업이 과정 19에서 수행된다. Where (C, S) = CSA (X, Y, Z) represents the carry storage addition for the three inputs X, Y, and Z. Unlike the conventional carry propagation adder, the carry storage adder does not have a separate carry input. Therefore, it is not simple to perform arithmetic on two's complement of input B or N using carry storage adder. Therefore, Booth Recording (BR) in Algorithm 2 is a block in charge of booth encoding, which is processed as shown in Table 1. In other words, if you output a positive multiple of B

Is 0,

Has a value of B or 2B, and for negative multiples

Is 1,

Becomes B or 2B bitwise inverse -B or -2B. In step 5, 2-bit addition is performed on two 2-bit and 1-bit carry inputs.

Least significant bit of and N

Required for the operation of

and

Will be determined. first

Is determined as in process 6

Is determined by the rules shown in Table 2. Also in course 6

The least significant bit of C

It is easily handled by replacing it with. In step 16, another two-bit addition is performed, where division 4 is simply handled by storing only the output carry of the two-bit addition for the next iteration and discarding the remaining two-bit result. In step 17, division 4 is performed by right shifting by 2 bits for C and S. This series of processes

By doing this, the result of the carry stored modular multiplication is stored in C and S, and the operation of adding the two values to obtain the final result is performed in step 19.

Table 1 Radix-4 Booth Recording Rules for Algorithm 2

Table 2 Reduction Table of Algorithm 2 (RT)

은 CRT를 이용하여 다음과 같이 두 부분으로 분리되어서 계산이 가능하다.RSA decryption or signature operations can be implemented at high speed using the Chinese Remainder Theorem (CRT). n-bit modulus N is the product of two n / 2-bit primes P and Q, that is, N = P x Q, so n-bit modular exponential power

Can be calculated by dividing into two parts using CRT as follows.

Algorithm 3. RSA Decoding Using CRT

와

를 계산하며, 과정 3~4에서는 리덕션된 암호문

와

, 각각에 대한 모듈러 지수승을 수행하고, 과정 5~6에서는 이전 과정에서 생성된 메시지,

와

를 가지고 최종 메시지M을 재조합하게된다. 이러한 일련의 과정 중 가장 연산량이 많이 필요한 부분은 과정 3~4의 n/2비트 모듈러 지수승 연산이라는 점을 쉽게 파악할 수 있다. 따라서 CRT를 이용한 RSA연산의 고속화를 위해서는 n비트 모듈러 곱셈 장치가 두 개의 n/2단위로 독립적으로 동작하는 기능이 요구된다. 알고리즘 2와 같이 캐리 저장 가산을 사용하는 방법의 경우, 인접 비트간의 캐리 전파가 발생하지 않기 때문에 n/2비트 단위로 독립적으로 컨트롤하기에 매우 유리하다는 장점을 가진다. 따라서 본 발명은 알고리즘 2를 기반으로 하고 CRT 적용이 가능한 모듈러 곱셈 장치를 제안한다. In steps 1 and 2, n-bit ciphertext C is reduced to produce two n / 2-bit ciphertexts.

Wow

In Steps 3 to 4, the reduced ciphertext

Wow

, The modular exponent for each, and in steps 5-6, the message generated in the previous step,

Wow

To recombine the final message M. It is easy to see that the most demanding part of the sequence is the n / 2-bit modular exponential operation of steps 3-4. Therefore, in order to speed up the RSA operation using the CRT, a function of operating an n-bit modular multiplier independently in two n / 2 units is required. In the case of using the carry storage addition as in Algorithm 2, the carry propagation between adjacent bits does not occur, which is very advantageous to independently control in units of n / 2 bits. Accordingly, the present invention proposes a modular multiplication apparatus based on Algorithm 2 and applicable to CRT.

1 is a view showing the configuration of the Chinese multiplication theorem (CRT) and carry storage addition based modular multiplication apparatus according to the present invention.

Modular multiplication apparatus based on the Chinese residual theorem (CRT) and carry storage addition according to the present invention, the multiplier storage register 130, which stores the multiplier (A) and shifts right according to the radix, to be added with reference to the lower constant bit of the multiplier Booth recording (BR) section 140 for outputting an appropriate multiplicand (B) value, a carry storage adder (110, 120) for performing addition of intermediate values, appropriate bits to be added according to the low order bits and modulus of the intermediate values Reduction Table (RT) part that outputs modulus value, 2-bit adder (150, 170) that calculates whether Carry is generated and reflects it in the next round of operation, and is used to add the intermediate value of carry storage type before the final data output. And an adder 180 of size w bits.

을 더하는 연산을 수행한다. 도 2는 제 1 캐리 저장 가산기의 데이터 입출력을 나타내는 상세도로 (n+4)개의 병룔로 연결된 전가산기로 구성된다. 각 개별 가산기의 첫번째 입력과 두번째 입력은 이전 라운드 연산 결과값 중 SUM과 CARRY부이며, 몽고메리 리덕션이 수행된 즉 각각 2비트씩 좌로 쉬프트된 SUM과 CARRY가 입력되도록 구성된다. CRT연산이 아닌 n비트 연산 모드인 경우 연산기에 입력되는

가

중 하나의 값이며 n+2비트의 크기를 가지므로, 전체 n+4개의 가산기중 n+2개가 연산에 사용된다. CRT 모드인 경우 두개의 (n/2+2)비트수가 각각 입력되며 이 경우 전체

개의 연산기가 사용된다. The first carry storage adder 110 subsumes the multiplier determined by the booth recording (BR) unit according to the multiplier bit in the SUM and CARRY of the previous round.

Perform the operation of adding. FIG. 2 is a detailed view showing data input / output of the first carry storage adder, and is composed of (n + 4) parallel adders. The first input and the second input of each individual adder are the SUM and CARRY part of the previous round operation result value, and are configured such that Montgomery reduction is performed, that is, SUM and CARRY shifted left by 2 bits, respectively. In case of n-bit operation mode, not CRT operation,

end

Is a value of n + 2 bits, and n + 2 of the total n + 4 adders are used for the calculation. In CRT mode, two (n / 2 + 2) bits are input, respectively

Operators are used.

을 더하는 연산을 수행한다. 도 3은 제 2 캐리 저장 가산기(120)의 데이터 입출력을 나타내는 상세도로 제 1 캐리 저장 가산기(110)에 의해 계산된 SUM과 CARRY는 각각 n+2, n+3비트의 크기를 가지며, 이 값은 또 다른 n+2비트 입력

과 함께 더해지게 된다. 따라서 CRT연산 모드가 아닌 경우 n+3개의 연산기가 사용되며, CRT모드인 경우에는 총 n+6개의 연산기가 절반씩 사용되게 된다.The second carry storage adder 120 is a sum of modulus generated in the reduction table unit 160 in SUM and CARRY, which are the result of the calculation of the first carry storage adder 110.

Perform the operation of adding. 3 is a detailed diagram illustrating data input and output of the second carry storage adder 120. The SUM and CARRY calculated by the first carry storage adder 110 have sizes of n + 2 and n + 3 bits, respectively. Is another n + 2 bit input

Will be added together. Therefore, n + 3 operators are used in the non-CRT operation mode, and n + 6 operators in half are used in the CRT mode.

의 저장공간으로 사용된다. 승수 저장 레지스터(130)는 도 1에서 보여지는 바와 같이 CRT모드에 따라 n+1비트의 승수를 저장하거나 혹은 두 개의 (n/2+1)비트 승수를 저장하며 한 클록 주기동안 2비트 우측 쉬프트하며, 각 하위 3개 비트 출력은 부스 레코딩(BR)부(140)의 입력으로 인가된다. Multiplier storage register 130 is a multiplier input

Used as a storage space for. The multiplier storage register 130 stores n + 1 bit multipliers or two (n / 2 + 1) bit multipliers according to the CRT mode as shown in FIG. Each lower 3 bit output is applied to the input of the booth recording (BR) unit 140.

혹은

을 위쪽 비트 영역의 부스 레코더로 입력한다. 부스 레코딩(BR)부(140)는 입력되는 3비트에 따라 각 다중화기(142,143)의 제어신호를 발생한다. 상단부의 다중화기(142)는 피승수를 입력으로 받아 B와 2B중에 적절한 값을 출력하며, 비트별 역원기(bit-wise inverter) 회로(145)에서는 2의 보수 음수출력을 위한 예비 연산을 수행한다. 하단부의 다중화기(143)은 비트별 반전된 값과 반전되지 않은 값들 중에 적절한 값을 부스 레코딩된 결과값에 따라 선택하여 출력한다.The booth recording (BR) unit 140 is a circuit for outputting a multiplicand determined according to two 3-bit inputs applied from the multiplier register 130. 4 is a diagram illustrating a configuration of a booth recording (BR) unit. The multiplexer 141 for selecting a CRT mode is based on the sel_crt bit.

or

Enter into the booth recorder in the upper beat area. The booth recording (BR) unit 140 generates control signals of the multiplexers 142 and 143 according to the input 3 bits. The multiplexer 142 in the upper part receives a multiplicand as an input and outputs an appropriate value among B and 2B, and the bit-wise inverter circuit 145 performs a preliminary operation for a two's complement negative output. . The lower multiplexer 143 selects and outputs an appropriate value among the inverted and uninverted values for each bit according to the bus-recorded result.

값을 결정하기 위해서는 일정 하위비트의 SUM과 CARRY를 더하여 실제 연산결과값을 계산해 내야 한다. Radix-4 곱셈기의 경우, 하위 2비트의 덧셈 결과 값에 따라

값이 결정되므로, 2비트 전가산기를 통해 상기 언급한 덧셈 연산이 수행된다. 2비트 가산기 블록(150)의 자세한 도면은 도 5와 같다. 가산기로 입력되는 제 2 캐리 저장 가산기(120)의 CARRY출력의 경우 에는 이미 제 1 캐리 저장 가산기(110)에서 1비트 좌측 쉬프트되어 출력되므로, 최하위 비트는 늘 0값을 가지게 된다. 따라서 부스 레코딩(BR)부(140)에서 음수

가 발생한 경우 부스 레코딩(BR)부는 2의 보수형태가 아닌 비트별 반전된 값만을 발생하고,

신호를 발생하여 본 2비트 가산기(120)의 CARRY 입력 최하위 비트에 인가하여 반영하도록 구성되어 있다. 또한 최하위 비트 가산기의 최초 캐리 입력으로는 제 2 캐리 저장형 가산기(120) 다음에 위치한 2비트 가산기(170)의 carry_reg(171) 출력을 입력으로 받는다.Since the operation output value of the first carry storage adder 110 is expressed in the form of SUM and CARRY, according to the lower bit of the output value,

To determine the value, SUM and CARRY of a certain lower bit must be added to calculate the actual operation result. In the case of the Radix-4 multiplier,

Since the value is determined, the above-mentioned addition operation is performed through a 2-bit full adder. A detailed view of the 2-bit adder block 150 is shown in FIG. In the case of the CARRY output of the second carry storage adder 120 that is input to the adder, the first carry storage adder 110 is shifted by one bit to the left, and thus the least significant bit always has a value of zero. Therefore, the negative number in the booth recording (BR) unit 140

When the booth recording (BR) unit generates only the inverted value of each bit, not the two's complement form,

It is configured to generate and apply a signal to the least significant bit of the CARRY input of the 2-bit adder 120. In addition, as the first carry input of the least significant bit adder, the carry_reg 171 output of the 2-bit adder 170 located after the second carry storage adder 120 is received as an input.

값을 선택한다. 도 6은 리덕션 테이블(Reduction Table:RT)부의 구성을 나타내는 도면으로 상기 기술한 2비트 가산기(150)의 결과값 2비트와 모듈러스 N을 입력으로 하며,

값을 발생한다.

값은 상기의 표 2와 같은 규칙에 따라 발생한다. The reduction table (RT) unit 160 is suitable for applying Montgomery reduction.

Select a value. FIG. 6 is a diagram showing the configuration of a reduction table (RT) unit, and inputs two bits of the resultant value of the two-bit adder 150 and modulus N described above.

Generates a value.

Values are generated according to the rules shown in Table 2 above.

The multiplexer 161 selects one of four possible values of modulus (N) value (0, + N, -N, 2N). In addition, as described above, the CRT mode is supported, and in the case of n / 2-bit mode, P and Q, which are n / 2-bit modulus numbers, are respectively input, and in the case of n-bit mode, P and Q are the upper half and the lower half of modulus N. Corresponds. The multiplexer 162 selects a control signal of the multiplexer 161 that controls the upper bit string according to the CRT mode.

값을 더한 연산값의 하위 2비트 모두 0이어야 하지만, 본 제안에서는 캐리 저장 가산기를 사용하므로,

,의 경우와 같이 실제 연산 결과값은 2비트 모두 0이지만 캐리 저장 형식으로 0이 아닌 경우가 발생할 수 있다. 따라서 이러한 경우 2비트를 좌측 쉬프트하여 레지스터에 입력할 경우 하위 2비트의 정보를 잃어버릴 수 있다. 이를 보상하기 위해 2비트 가산기(170)가 사용된다. 도 7과 같이 2비트 가산기는 제 2 캐리 저장 가산기(120) 출력의 하위 2비트와

신호를 더하여, 3번째 비트 위치로의 캐리가 발생할 경우 이를 1비트 레지스터에 저장한 후 다음 라운드 반복 연산에 2비트 가산기(150)의 캐리 입력으로 반영한다. 본 2비트 가산기(150) 역시 CRT모드 지원을 위해 두 개의 2비트 가산기로 구성되며 그 동작은 상기 기술한 바와 같다.After completing the second carry storage adder 120, the SUM and CARRY values are shifted left two bits to perform Montgomery reduction. According to Montgomery's rules of operation, the proper

The lower 2 bits of the operation plus the value must be 0, but since this proposal uses a carry storage adder,

As in the case of,, the actual operation result value is 0 in both bits, but it may occur in the carry storage format. Therefore, in this case, if two bits are left-shifted and input to the register, the lower two bits of information may be lost. To compensate for this, a 2-bit adder 170 is used. As shown in FIG. 7, the 2-bit adder includes the lower 2 bits of the output of the second carry storage adder 120.

When the carry to the third bit position occurs by adding a signal, it is stored in a 1-bit register and reflected as a carry input of the 2-bit adder 150 in the next round iteration operation. The 2-bit adder 150 is also composed of two 2-bit adders to support the CRT mode, and the operation thereof is as described above.

비트 크기의 가산기(180)가 사용된다. 본 가산기는 성능/면적의 조건에 따라 임의 비트 단위로 덧셈을 수행할 수 있다. 최하위 비트 위치의

비트부터 덧셈 연산이 수행되며, 약

싸이클 후에 n비트 CARRY와 SUM의 덧셈이 완료되면 최종 연산 결과값인

(여기서

)이 출력된다.After completing all round iterations, in order to convert the result value separated into a carry storage form of SUM and CARRY form into the final result value

Bit size adder 180 is used. The adder can perform addition in arbitrary bit units according to the performance / area condition. Of least significant bit position

Add operation is performed from bit, and

After adding the n-bit CARRY and SUM after the cycle, the final operation result is

(here

) Is output.

Although the present invention has been described in more detail with reference to some embodiments, the present invention is not necessarily limited to these embodiments, and various modifications can be made without departing from the spirit of the present invention.

As described above, the present invention is based on the Chinese residual theorem (CRT) and carry storage addition based modular multiplication apparatus and method is a radix-4 Montgomery multiplication method based on the carry storage addition and modular applicable to the CRT technique using the same By presenting a multiplying device, it is possible to implement a public key cryptography RSA cryptosystem with high speed hardware and to reduce the area and power consumption.

Claims (14)

A multiplier storage register for storing a multiplier and shifting right according to the radix; A booth recording unit for outputting a multiplier determined according to a condition of sel_crt by using the information input from the multiplier storage register and the multiplicand information; A reduction table to be added to SUM and CARRY which are the result of the calculation of the first carry storage adder and the first carry storage adder which perform an operation of adding the multiplicand outputted by the booth recording BR to the SUM and CARRY of the previous round ( Modulus subtotal by RT) part

A carry storage adder configured to include a second carry storage adder for performing an operation of adding a); Store the CARRY output from the second carry storage adder

Save the C register (C_reg), SUM that can be shifted right by bit

An S register S_reg capable of right shifting bit by bit; A 2-bit adder that calculates whether a carry occurs and reflects the next round of operation; Modulus inputs (Q, P)

And 1-bit value according to the condition of sel_crt

And a reduction table (RT) unit for outputting n + 6 bit values (Q, P); A plurality of multiplexers for controlling a one-bit input value according to the input signal sel_crt; Two values are used to calculate the final result from the intermediate result of the carry storage adder.

A modular multiplication apparatus based on Chinese residual theorem (CRT) and carry storage adder, comprising a bit adder. here,

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit The method of claim 1, Wherein said multiplier storage register is capable of storing n + 1 bit multiplier inputs and right shifting by 2 bits. The method of claim 2, The multiplier storage register stores an n + 4 bit multiplier input, right shifts by 2 bits in units of n + 4 bits or n / 2 + 2 bits according to the condition of the sel_crt signal, and 3-bit information.

Wow

A modular multiplication device based on the Chinese residual theorem (CRT) and carry storage addition, characterized in that for outputting. here,

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1' - The method according to any one of claims 1 to 3, The booth recording part BR multiplicative information

3-bit information received from the multiplier storage register

,

And 1-bit value according to the condition of sel_crt

And n + 4 bit values

A modular multiplication device based on the Chinese residual theorem (CRT) and carry storage addition, characterized in that for outputting. Here, B: multiplicand information, if the input signal sel_crt is '0' is stored as n + 2 bit information in the multiplicand information register (B_reg), whereas, if sel_crt is '1', the lower n / 2 + 1 bit of B_reg Saved to location B ': Information stored in the upper n / 2 + 1 bits of the multiplicand information register (B_reg)

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1'

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg

: When the input signal sel_crt is '0', size information among booth recording results for the entire information of B_reg. If sel_crt is '1', size information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If input signal sel_crt is '1', size information among booth recording results for upper n / 2 + 1 bit information of B_reg The method of claim 4, wherein When the input signal sel_crt is 0, the booth recording BR

Is treated as a single n + 2 bit multiply

Under the terms of

And the multiple of the multiplicand

When sel_crt is 1

Are treated as two n / 2 + 1 bit multipliers B 'and B, respectively.

Wow

Under the terms of

Each multiple of

Modular multiplier based on Chinese residual theorem (CRT) and carry storage addition, characterized in that the output to the output. Here, B: multiplicand information, if the input signal sel_crt is '0' is stored as n + 2 bit information in the multiplicand information register (B_reg), whereas, if sel_crt is '1', the lower n / 2 + 1 bit of B_reg Saved to location B ': Information stored in the upper n / 2 + 1 bits of the multiplicand information register (B_reg)

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1'

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg

: When the input signal sel_crt is '0', size information among booth recording results for the entire information of B_reg. If sel_crt is '1', size information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If input signal sel_crt is '1', size information among booth recording results for upper n / 2 + 1 bit information of B_reg The method of claim 5, The 2-bit adder 1 is the least significant 2 bits of the lower n / 2 + 3 bits S of the intermediate result value SUM of the carry storage addition.

, And by doing addition on the carry input

2-bit adder that computes the upper n / 2 + 3 bits of the SUM Least significant 2 bits of

, And by doing addition on the carry input

Chinese multiplication theorem (CRT) and carry storage adder based modular multiplication device, characterized in that it comprises a 2-bit adder for calculating a. here,

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg S: Sum of the result of the carry storage addition. If the input signal sel_crt is '0', it is stored as n + 4 bit information in S_reg, whereas if sel_crt is '1', it is stored in the lower n / 2 + 2 bit position of S_reg. S ': Sum of the result of the carry storage addition. If sel_crt is '1', it is stored in the upper n / 2 + 2 bit position of S_reg. C: Sum of the result of the carry storage addition. When the input signal sel_crt is '0', it is stored as n + 4 bit information in C_reg, whereas when sel_crt is '1', it is stored in the lower n / 2 + 2 bit position of C_reg. C ': Sum of the result of the carry storage addition. If sel_crt is '1', it is stored in the upper n / 2 + 2 bit positions of C_reg.

: I-th bit of the carry result sum (S).

Is the least significant bit of S,

Is the lower 1st bit of S

: I th bit of the carry result sum (S ').

Is the least significant bit of S ',

Lower 1st bit of S '

: I th bit of the carry result sum (C).

Is the least significant bit of C,

Is the lower 1st bit of C

: I th bit of the carry result sum (C ').

Is the least significant bit of C ',

Is the lower 1st bit of C '

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit The method of claim 6, When the input signal sel_crt is 0, the reduction table RT treats (Q, P) as one n-bit modulus N.

According to the least significant bit condition of and N

And multiples of N

If sel_crt is 1, treat (Q, P) as two n / 2-bit modulus Q and P, respectively.

And according to each least significant bit condition of Q and P

And each multiple of Q and P

Modular multiplier based on Chinese residual theorem (CRT) and carry storage addition, characterized in that the output to the output. here,

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit The method of claim 1, The C register C_reg is in n + 4 bit units or n / 2 + 2 bit units depending on the condition of the sel_crt signal.

A modular multiplication device based on Chinese residual theorem (CRT) and carry storage addition, which is capable of right shifting bit by bit. The method of claim 1, The S register S_reg is in n + 4 bit units or n / 2 + 2 bit units depending on the condition of the sel_crt signal.

A modular multiplication device based on Chinese residual theorem (CRT) and carry storage addition, which is capable of right shifting bit by bit. for n + 1 bit input A, B and n bit modulus N

(here

In Montgomery multiplication Lower 3 bits of multiplier A

And booth recording using multiplicand B

Is a multiple of and B

Outputting the first step; Above output

Taking the carry storage addition to the intermediate result CARRY and SUM; Least significant 2 bits of the SUM output by steps 1 and 2

, And the carry input stored as a result of the previous iteration

2-bit information by performing 2-bit addition to

3 steps to calculate; The calculated 2-bit information

Using modulus N and modulus N

Is a multiple of and N

4 steps to determine; Determined above

Taking the carry storage addition to the intermediate result CARRY and SUM; Least significant 2 bits of SUM for next iteration

, And the carry input stored as a result of the previous iteration

Performs a 2-bit addition to the carry output

6 steps to update; 7 steps of right shifting each of CARRY and SUM by the carry storage addition by 2 bits; The above series of processes

And repeating the number of times and adding the CARRY and SUM to output the final result value. Here, A: multiplier information, when the input signal sel_crt is '0', it is stored as n + 2 bit information in the multiplier information register (A_reg), whereas, if sel_crt is '1', the lower n / 2 + 1 of A_reg Stored in bit position A ': multiplier information, information stored in the upper n / 2 + 1 bits of the multiplier information register A_reg when the input signal sel_crt is' 1' B: If the multiplicand information and the input signal sel_crt are '0', it is stored as n + 2 bit information in the multiplicand information register (B_reg), whereas if sel_crt is '1', it is located at the lower n / 2 + 1 bit position of B_reg. Saved B ': Information stored in the upper n / 2 + 1 bits of the multiplicand information register (B_reg)

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1'

: When the input signal sel_crt is '0', size information among booth recording results for the entire information of B_reg. If sel_crt is '1', size information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If input signal sel_crt is '1', size information among booth recording results for upper n / 2 + 1 bit information of B_reg

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg

: I-th bit of the carry result sum (S).

Is the least significant bit of S,

Is the lower 1st bit of S

: I th bit of the carry result sum (C).

Is the least significant bit of C,

Is the lower 1st bit of C

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit The method of claim 10, Booth recording of the first step is multiplier information

3-bit information received from the multiplier storage register

,

And 1-bit value according to the condition of sel_crt

And n + 4 bit values

A modular multiplication method based on Chinese residual theorem (CRT) and carry storage addition, characterized in that for outputting. Here, B: multiplicand information, if the input signal sel_crt is '0' is stored as n + 2 bit information in the multiplicand information register (B_reg), whereas, if sel_crt is '1', the lower n / 2 + 1 bit of B_reg Saved to location B ': Information stored in the upper n / 2 + 1 bits of the multiplicand information register (B_reg)

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1'

: When the input signal sel_crt is '0', size information among booth recording results for the entire information of B_reg. If sel_crt is '1', size information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If input signal sel_crt is '1', size information among booth recording results for upper n / 2 + 1 bit information of B_reg

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg The method of claim 11, The booth recording is performed when the input signal sel_crt is 0.

Is treated as a single n + 2 bit multiply

Under the terms of

And the multiple of the multiplicand

When sel_crt is 1

Are treated as two n / 2 + 1 bit multipliers B 'and B, respectively.

Wow

Under the terms of

Each multiple of

Modular multiplication method based on Chinese residual theorem (CRT) and carry storage addition, characterized in that the output. Here, B: multiplicand information, if the input signal sel_crt is '0' is stored as n + 2 bit information in the multiplicand information register (B_reg), whereas, if sel_crt is '1', the lower n / 2 + 1 bit of B_reg Saved to location B ': Information stored in the upper n / 2 + 1 bits of the multiplicand information register (B_reg)

: 3-bit input using n + 2 bit information of A_reg when sel_crt is '0' and low n / 2 + 1 bit information of A_reg when sel_crt is '1'

: 3-bit input using upper n / 2 + 1 bit information (A ') of A_reg for i th booth recording when sel_crt is'1'

: When the input signal sel_crt is '0', size information among booth recording results for the entire information of B_reg. If sel_crt is '1', size information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If input signal sel_crt is '1', size information among booth recording results for upper n / 2 + 1 bit information of B_reg

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg The method of claim 11, The third step is the least significant 2 bits of the lower n / 2 + 3 bits S of the intermediate result value SUM of the carry storage addition.

, And by doing addition on the carry input

Step and compute the upper n / 2 + 3 bits of the SUM

Least significant 2 bits of

, And by doing addition on the carry input

Chinese modular theorem (CRT) and carry storage addition based modular multiplication method comprising the step of calculating the. here,

: When the input signal sel_crt is '0', sign information among booth recording results for all information of B_reg. If sel_crt is '1', sign information among booth recording results for lower n / 2 + 1 bit information of B_reg

: If the input signal sel_crt is '1', sign information among booth recording results of upper n / 2 + 1 bit information of B_reg S: Sum of the result of the carry storage addition. If the input signal sel_crt is '0', it is stored as n + 4 bit information in S_reg, whereas if sel_crt is '1', it is stored in the lower n / 2 + 2 bit position of S_reg. S ': Sum of the result of the carry storage addition. If sel_crt is '1', it is stored in the upper n / 2 + 2 bit position of S_reg. C: Sum of the result of the carry storage addition. When the input signal sel_crt is '0', it is stored as n + 4 bit information in C_reg, whereas when sel_crt is '1', it is stored in the lower n / 2 + 2 bit position of C_reg. C ': Sum of the result of the carry storage addition. If sel_crt is '1', it is stored in the upper n / 2 + 2 bit positions of C_reg.

: I-th bit of the carry result sum (S).

Is the least significant bit of S,

Is the lower 1st bit of S

: I th bit of the carry result sum (S ').

Is the least significant bit of S ',

Lower 1st bit of S '

: I th bit of the carry result sum (C).

Is the least significant bit of C,

Is the lower 1st bit of C

: I th bit of the carry result sum (C ').

Is the least significant bit of C ',

Is the lower 1st bit of C '

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit The method of claim 11, The fourth step is to treat (Q, P) as one n-bit modulus N when the input signal sel_crt is 0.

According to the least significant bit condition of and N

And multiples of N

If sel_crt is 1, treat (Q, P) as two n / 2-bit modulus Q and P, respectively.

And according to each least significant bit condition of Q and P

And each multiple of Q and P

Modular multiplication method based on Chinese residual theorem (CRT) and carry storage addition, characterized in that the output. here,

: Carry storage intermediate results S, C and

And

The lower two bits of the result of the addition. Is the least significant bit,

Is the lower 1st bit

: If sel_crt is '1', carry save intermediate result S, C and

And

The lower two bits of the result of the addition.

Is the least significant bit,

Is the lower 1st bit

Images