GB2353447A - Multiple-Precision arithmetic method - Google Patents
Multiple-Precision arithmetic method Download PDFInfo
- Publication number
- GB2353447A GB2353447A GB9919518A GB9919518A GB2353447A GB 2353447 A GB2353447 A GB 2353447A GB 9919518 A GB9919518 A GB 9919518A GB 9919518 A GB9919518 A GB 9919518A GB 2353447 A GB2353447 A GB 2353447A
- Authority
- GB
- United Kingdom
- Prior art keywords
- code
- generating
- coding
- operand
- word
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/38—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
- G06F7/48—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
- G06F7/52—Multiplying; Dividing
- G06F7/523—Multiplying only
- G06F7/527—Multiplying only in serial-parallel fashion, i.e. one operand being entered serially and the other in parallel
- G06F7/5272—Multiplying only in serial-parallel fashion, i.e. one operand being entered serially and the other in parallel with row wise addition of partial products
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/38—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
- G06F7/48—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
- G06F7/52—Multiplying; Dividing
- G06F7/535—Dividing only
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/535—Indexing scheme relating to groups G06F7/535 - G06F7/5375
- G06F2207/5352—Non-restoring division not covered by G06F7/5375
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/723—Modular exponentiation
Abstract
A method for performing multiple-precision arithmetic, particularly multiplication and modulo division, by electronic arithmetic means, wherein the method evaluates a function and the evaluation of the function comprises a number of iterations, each iteration comprising two operands, and the method comprises the steps of generating a set of word arrays from a first operand, each word array comprising a shifted copy of the first operand, and generating coding wholly or at least in part in response to the second operand, the coding being operative to utilise the appropriate word arrays in performing an iteration and at least a substantial proportion of iterations being performed as respective sections of in-line code. The method is particularly advantageous since it eliminates those time-consuming operations not directly involved in the arithmetic process. A specific application of the method is for the evaluation of the RSA algorithm for public key cryptography by encryption and decryption apparatus for portable record carriers such as smart cards.
Description
2353447 MULTIPLE-PRECISION ARITHMETIC METHOD This invention relates to
methods for performing multiple -precision arithmetic by arithmetic means such as a microprocessor or computing logic such as a programmable gate array and in particular, but not exclusively, to the evaluation of the RSA algorithm for public key cryptography.
Multiple-precision arithmetic is concerned with manipulating large numbers by representing them as a series of smaller numbers. When the operands involved in such arithmetic are very large the calculation time can be considerable. Such operands are typically between 512 and 4096 bits of significance. It is therefore an aim of the present invention to optimise the time taken by arithmetic means to perform such arithmetic operations. This is achieved to a large extent by seeking to eliminate those time-consuming operations not directly involved in the arithmetic process which are normally necessary because of the awkwardness involved by having to represent large numbers as a collection of smaller ones. Of particular importance are calculations involving large numbers of iterations of multiplication and modulo division, for example in public key cryptography. Also of importance are calculations requiring a high degree of precision, for example in chaos theory which is employed in some weather forecasting systems.
According to a first aspect of the invention there is provided a method for performing multiple-precision arithmetic by arithmetic means, wherein the method evaluates a function and the evaluation of the function comprises a number of iterations, each iteration comprising two operands, and the method comprises the steps of generating a set of word arrays from a first operand, each word array comprising a shifted copy of 2 the first operand, and generating coding wholly or at least in part in response to the second operand, the coding being operative to utilise the appropriate word arrays in performing an iteration and at least a. substantial proportion of iterations being performed as respective sections 5 of in-line code.
Preferably said respective sections of in-line code are executed in an associated RAM.
The function may be the RSA algorithm.
The evaluation of the function may comprise a number of successive multiplication operations.
The evaluation of the function may comprise a number of successive modulo division operations.
The evaluation of the function may comprise a number of successive division operations.
According to a second aspect of the invention, there is provided a method for performing multiple precision arithmetic by arithmetic means, wherein the method evaluates the RSA algorithm and the evaluation of the RSA algorithm comprising alternate iterations of multiplication and modulo division; the method comprising generating a set of shifted word arrays derived from a multiplicand and generating addition coding derived from a multiplier, and the addition coding being operative to sum the appropriate shifted word arrays of the multiplicand; and the method further comprising generating modulo division coding at least in part in response to the divisor and generating a set of shifted word arrays of the dividend, and the modulo division coding being operative to use the 3 appropriate shifted word arrays of the dividend, and at least a substantial proportion of multiplication and modulo division iterations being performed as respective sections of in-line code.
The invention according to a third aspect comprises apparatus for encrypting a code on a portable record carrier, such as a smart card, the apparatus being configured to utilise the method of the first or second aspects of the invention in encrypting a code, and then being arranged to write the encrypted code to the portable record carrier.
The invention according to a fourth aspect comprises apparatus for decrypting a code from a portable record carrier, such as a smart card, the apparatus being configured to utilise the method of the first or second aspect of the invention in decrypting the code, and then being arranged to output the decrypted code to an output means.
The invention according to a fifth aspect of the invention comprises a 15 record carrier, the record carrier carrying software adapted to implement the method of the first or second aspect of the invention.
The invention will now be further described, by way of example only, with reference to the RSA cryptography algorithm.
The use of smart cards for secure credit and electronic purse transactions 20 demands the evaluation of the following equations in the course of encryption, decryption and digital signature generation and verification.
Y = X" mod n for encryption and signature generation X = Ye mod n for decryption and signature verification where:
4 X represents the plain data Y represents the encrypted data d is the Private Key e is the Public Key n is the Public Modulus The complexity of the calculations is determined by n. Typically n consists of 1024 bits but values up to 2048 bits are becoming more likely.
n determines the size of the multiple precision variables used.
It is obviously impractical to complete the exponentiation first and then perform the modulus, e.g. a 1000-bit number raised to the power of 1 million produces a number 1 gigabit long.
Because of a property of modulus arithmetic we can reduce each intermediate result modulo n to yield the same result as doing the whole calculation and then reducing the end result modulo n. The modulo n operation keeps each intermediate result down to a manageable size.
The process is therefore a number of iterations of the two operations:
X x X if X is 1024 bits, answer is 2048 bits Result modulo n answer now in 1024 bits For example, 51 mod 7 would be calculated as follows:
x 5 = 25, 25 mod 7 = 4 4 x 5 = 20, 20 mod 7 = 6 6 x 5 = 30, 30 mod 7 = 2 Result = 2 A large number of smart card schemes require only signature verification to be performed in the smart card terminal or associated PC. In order to minimise the workload on the processor and achieve an acceptable transaction time from the card-owner's perspective, it is common to use 5 small or easy values of the Public Key. Common values in use are:
2, 3 and 2 16 + 1 In these cases advantage can be taken in the construction of the algorithm by knowing what these values are.
There are other contexts where much larger values of the Public Key are deployed. These areas include Signature Generation, Encryption and Decryption of Data Files, and it is use of the inventive method with the larger values of the Public Key which is particularly advantageous.
Samples of assembler instruction code for the Toshiba - 900 are given to illustrate the technique in the most important areas. However, the technique is not restricted to any particular microprocessor or computing logic and further development may cause the details of implementation to change.
It is the number of bits in the modulus which determines the precision with which the calculations take place (commonly called the 'key length'): a 1024 bit modulus means that all operands will be restricted to this length. So as to allow for the use of any key length and any type of microprocessor the following symbols are defined for use in the specification:
B The number of bits defining the precision of the operands to be used 6 L The number of bits defining the precision of the microprocessor registers: the 'Word Length' W The number of words used to hold one operand Hence W = B 1 L Y The number of 8-bit bytes in one word Hence Y = L/8 Example:
B = 768 L = 32 W = 24 Y = 4 If our multiple-precision operand requires 768 bits and the word length of the microprocessor registers is 32 bits, we require 24 words to represent one operand.
7 MULTIPLICATION ALGORITHM The basic principle is to add shifted copies of the multiplicand to a double-length accumulator depending on the presence of the related bit in the multiplier. All operands are positive values.
For Example:
Multiplicand 1001 Multiplier 0101 1001 from multiplier 0101 1001 from multiplier 0101 Product -- 00101101 Thus when it is required to calculate the product of two operands, one operand is transformed into a set of word arrays, each word array containing a shifted copy of the original. The other operand is then read so as to generate code, which when executed will sum the appropriate word arrays.
In summary the steps in the process are:
1) Prepare a set of word arrays from the multiplicand containing 20 shifted copies of the original 2) Generate code to perform the additions in the RAM of the microprocessor 3) Execute this code 8 MODULUS ALGORITHM The principle here is to perform a division in which the quotient is ignored and only the remainder retained. The process involves successive subtraction of the divisor from the dividend. At each stage there is a bit test on the dividend to avoid an unnecessary subtraction.
If the result of a subtraction produces a borrow, the subtracted value is added back.
It is a property of the modulus value used in RSA procedures that the 10 most significant bit is 1.
For example,
Dividend 01001010 Divisor 1101 01001010 Most sig. bit 0 1101 No subtraction ---------- 1001010 Most sig. bit 1 1101 Subtract --------1100010 Borrow results 1101 Add back --------- 1001010 No need for bit test 1101 Subtract --------- 10110 Most sig. bit 1 1101 Subtract ---------- 11100 Borrow results 1101 Add back 10110 No need for bit test 1101 Subtract 9 1001 Remainder In summary the steps in the process are as follows:
1) Prepare a set of word arrays from the divisor containing shifted copies of the original 2) Generate code to perform the bit test, additions and subtractions in the RAM of the microprocessor 3) Execute this code In the general case RSA algorithm the divisor is constant for a given 10 calculation.
A more detailed explanation of the program steps involved in performing the multiplication and modulo division algorithms is now given.
Generate Multiplicand Arrays A total of L arrays of (W + 1) words is generated as follows.
1) Write a zero word into the first position of the first array and copy the W words of the multiplicand into the remaining positions.
2) Generate the next array as a copy of the previous array shifted one bit position left.
3) Repeat until L arrays have been generated.
The arrays are allocated in memory such that the last array is stored first.
The program is as follows (registers are 32-bit):
Initial conditions:
Load register XHL with Address of first array + Y(W + 1) Load register XDE with Address of first array Clear carry flag Code element:
LD XWA, (-XHL) Subtract 4 from reg. XHL Load reg. XWA with contents of address in XHL RL 1, XWA; Shift reg. XWA left 1 place Carry - > Least sig. bit Most sig. bit - > carry LD (-XDE), XWA; Subtract 4 from reg. XDE Store reg. XWA in address contained in XDE The above element is repeated (L - 1) times in fixed program. A count is used to repeat the block of code (W + 1) times.
Generate Code for Multiplier The multiplier will be constant throughout the execution of the (general case) RSA algorithm.
To perform the multiplication, the multiplier is examined one bit at a time. When a 1 bit is encountered, the appropriate multiplicand array is added to the appropriate position in the accumulator. The code to do this will previously have been generated.
The addition code block is based on the following two instructions which are repeated (W + 1) times.
11 LD XWA, GXHO; Subtract 4 from reg. XHI, Load reg. XWA with contents of address in XHI, ADC GXDE), XWA; Subtract 4 from reg. XDE Add with carry contents of reg. XWA to location specified in XDE Main Loop Accumulator Major Address = Accumulator Address + 2YW Multiplier Major Address = Multiplier Address + YW Major Iteration Count = W loop_repeatl:
Multiplier Word Loop (see next section) Accumulator Major Address - Y Multiplier Major Address - Y Major Iteration Count - 1, Go to loop_repeatl if non-zero Multiplier Word Loop 25 Note: (xxx) means 'the contents of address xxx' Accumulator Shuttle Address Accumulator Major Address Bit Test Register (Multiplier Major Address) Multiplicand Shuttle Address Multiplicand Address + Y (W + 1) Minor Iteration Count L loop_repeat2:
Multiplier Bit Procedure (see next section) Multiplicand Shuttle Address Y(W + 1) 40 Minor Iteration Count 1, Go to loop_repeat2 if non-zero 12 Multiplier Bit Procedure SRA 1,XBC Shift Bit Test Register right one place Least sig. bit - > carry JRC do-add if carry set, relative jump to do_add JP skip_add; else skip the add code do-add:
LD XHL, Multiplicand Shuttle Address; load reg. XHL LD XDE, Accumulator Shuttle Address; load reg. XDE RCF; reset carry flag LD XWA, (-XHL); Subtract 4 from reg. XHL Load reg. XWA with contents of address in XHL ADC (-XDE), XWA; Subtract 4 from reg. XDE I Add with carry reg. XWA to addr.
specified by reg. XDE 25 Code I occurs (W + 1) times skip_add:
Generate Divisor Arrays A total of L arrays of (W + 2) words is generated as follows:
1) Write a zero to the first word of the first array, copy the W words of the divisor into the first array and append a zero word.
2) Generate the next array as a copy of the previous array shifted one bit position right.
3) Repeat until L arrays have been generated.
13 The arrays are allocated in memory such that the last array is stored first.
There is a zero word just preceding the accumulator.
The program is as follows (registers are 32-bit):
Initial conditions:
Load register XHI, with: Address of first array + Y(W + 2) Load register XDE with: Address of first array Clear carry flag Code element:
LD XWA, (-XHQ Subtract 4 from reg. XHI, Load reg. XWA with contents of address in XHI, SR 1,XWA Shift reg. XWA right 1 place Carry - > Most sig. bit Least sig. bit - > carry LD (-XDE),WA Subtract 4 from reg. XDE Store reg. XWA in address contained in XDE The above element is repeated (L - 1) times in fixed program. A count 25 is used to repeat the execution of the block of code (W + 2) times.
Generate Code for Division Process The divisor will be constant throughout the execution of the (general case) RSA algorithm.
The subtraction code block is based on the following two instructions 30 which are repeated (W + 2) times.
14 Load reg. XWA with contents of address in XHI, SBC (-XDE), WA Subtract 4 from reg. XDE Subtract with carry contents of reg. WA from location specified in XDE The addition code block is based on the following two instructions which are repeated (W + 2) times.
LD WA, (-XHO Subtract 4 from reg. XHI, Load reg. WA with contents of address in XHI, ADC (-XDE), XWA; Subtract 4 from reg. XDE Add with carry contents of reg. XWA to location specified in XDE Division Major Loop Accumulator Major Address Accumulator Address + Y (W + 1) Major Iteration Count W loop_repeatl:
Division Minor Loop (see next section) Major Iteration Count - 1, Go to loop_repeatl if non-zero Division Minor Loop Bit Test Register (Accumulator Major Address) Divisor Shuttle Address Divisor Address + Y(W + 2) Minor Iteration Count L loop_pointl:
Shift Left Bit Test Register If no carry go to loop_point2 Divisor Shuttle Address - Y(W + 2) Minor Iteration Count - 1, Go to loop_pointl if non-zero Minor Iteration Count - 1, Go to loop_pointl if non-zero Go to end_of_minor-loop loop_point2: 5 LD XHL, Accumulator Major Address; Load reg. XEIL LD XDE, Divisor Shuttle Address; Load reg. XDE RCH; Reset carry LD XWA, (-XHQ Subtraction code SBC GXDE), WA occurs (W + 2) times If carry go to loop_point3 Divisor Shuttle Address - Y(W + 2) Minor Iteration Count - 1, Go to loop_pointl if non-zero Go to end_of_minor-loop loop_point3:
LD XHL, Accumulator Major Address Load reg. XEIL LD XDE, Divisor Shuttle Address Load reg. XDE RCH Reset carry LD WA, (-XHL) Addition code ADC GXDE), WA 1 occurs (W + 2) times Shift Left Bit Test Register Divisor Shuttle Address - Y(W + 2) Minor Iteration Count - 1, Go to loop_point2 if non-zero end_of_minor-loop:
Figure 1 shows a flow chart of the complete procedure. There are a number of factors which contribute to the reduction in calculation time. The most important is that of executing steps 10 and 11 as blocks of inline code for each iteration thus avoiding time-consuming calls to and from subroutines. Advantageously existing processors may be used by simply adding further RAM where required so as to accommodate the length of in-line code which is generated. Furthermore, the calculation time is reduced since program execution is generally faster in RAM than in nonvolatile memory.
16 It should be appreciated that although the greatest saving in calculation time is made when all the iterations are performed as respective sections of in-line code important time savings can still be made when at least a substantial proportion of iterations are performed as respective sections 5 of in-line code.
Another important factor is the use of only elementary addition functions (at least for the multiplication algorithm) in the inner program execution loops. In the case of a programmable gate array implementation, this could be very significant.
Inherent in all multiplication and division processes is the shifting of entire operands many times. The pre-calculation of shifted operand data in an optimised procedure further reduces the overall calculation time.
It should be noted that the procedure could be readily adapted for the evaluation of a function which involves normal division. The quotient is calculated by using an OR function with the mask word to insert a bit into the appropriate word of the quotient array each time a subtraction yields a 'no carry' result.
17
Claims (12)
1. A method for performing multiple-precision arithmetic by arithmetic means, wherein the method evaluates a function and the evaluation of the function comprises a number of iterations, each iteration comprising two operands, and the method comprises the steps of generating a set of word arrays from a first operand, each word array comprising a shifted copy of the first operand, and generating coding wholly or at least in part in response to the second operand, the coding being operative to utilise the appropriate word arrays in performing an iteration and at least a substantial proportion of iterations being performed as respective sections of in-line code.
2. A method as claimed in claim 1 in which the respective sections of inline code are executed in an associated RAM.
3. A method as claimed in claim 1 or claim 2 in which the function is the RSA algorithm.
4. A method as claimed in any preceding claim in which the evaluation of the function comprises a number of successive multiplication operations.
5. A method as claimed in any preceding claim in which the evalutaion of the function comprises a number of successive modulo division operations.
6. A method as claimed in any preceding claim in which the evaluation of the function comprises a number of successive division operations.
7. A method for performing multiple precision arithmetic by arithmetic means, wherein the method evaluates the RSA algorithm and the 18 evaluation of the RSA algorithm comprising alternate iterations of multiplication and modulo division; the method comprising generating a set of shifted word arrays derived from a multiplicand and generating addition coding derived from a multiplier, and the addition coding being operative to sum the appropriate shifted word arrays of the multiplicand; and the method further comprising generating modulo division coding at least in part in response to the divisor and generating a set of shifted word arrays of the dividend, and the modulo division coding being operative to use the appropriate shifted word arrays of the dividend, and at least a substantial proportion of multiplication and modulo division iterations being performed as respective sections of in-line code.
8. Apparatus for encrypting a code on a portable record carrier, such as a smart card, the apparatus being configured to utilise the method of any preceding claim in encrypting a code, and then being arranged to write the encrypted code to the portable record carrier.
9. Apparatus for decrypting a code from a portable record carrier, such as a smart card, the apparatus being configured to utilise the method of any of claims 1 - 7 in decrypting the code, and then being arranged to output the decrypted code to an output means.
10. A record carrier, the record carrier carrying software adapted to implement the method of any of claims 1 - 7.
11. A method for performing multiple precision arithmetic substantially as described with reference to the accompanying Figure.
12. Apparatus configured to perform the methods of claims 1 - 7 substantially as described with reference to the accompanying Figure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB9919518A GB2353447B (en) | 1999-08-19 | 1999-08-19 | Multiple-precision arithmetic method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB9919518A GB2353447B (en) | 1999-08-19 | 1999-08-19 | Multiple-precision arithmetic method |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB9919518D0 GB9919518D0 (en) | 1999-10-20 |
| GB2353447A true GB2353447A (en) | 2001-02-21 |
| GB2353447B GB2353447B (en) | 2004-05-05 |
Family
ID=10859356
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB9919518A Expired - Fee Related GB2353447B (en) | 1999-08-19 | 1999-08-19 | Multiple-precision arithmetic method |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2353447B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SU482740A1 (en) * | 1973-07-30 | 1975-08-30 | Device for multiplying two-digit numbers | |
| EP0291440A2 (en) * | 1987-05-11 | 1988-11-17 | United Technologies Corporation | Improved multiplier for multiple precision multiplication |
| US5301139A (en) * | 1992-08-31 | 1994-04-05 | Intel Corporation | Shifter circuit for multiple precision division |
-
1999
- 1999-08-19 GB GB9919518A patent/GB2353447B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SU482740A1 (en) * | 1973-07-30 | 1975-08-30 | Device for multiplying two-digit numbers | |
| EP0291440A2 (en) * | 1987-05-11 | 1988-11-17 | United Technologies Corporation | Improved multiplier for multiple precision multiplication |
| US5301139A (en) * | 1992-08-31 | 1994-04-05 | Intel Corporation | Shifter circuit for multiple precision division |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2353447B (en) | 2004-05-05 |
| GB9919518D0 (en) | 1999-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7505587B2 (en) | Elliptic curve cryptosystem apparatus, storage medium storing elliptic curve cryptosystem program, and elliptic curve cryptosystem arithmetic method | |
| EP1293891B2 (en) | Arithmetic processor accomodating different finite field size | |
| CN110351087B (en) | Pipelined Montgomery modular multiplication operation method | |
| US8977668B2 (en) | Calculating unit for reducing an input number with respect to a modulus | |
| US20220075879A1 (en) | Protection of cryptographic operations by intermediate randomization | |
| Varchola et al. | MicroECC: A lightweight reconfigurable elliptic curve crypto-processor | |
| JPH0863353A (en) | Data processing using multiplication accumulation instruction | |
| JP2009282992A (en) | Polynomial arithmetic operation | |
| TWI821501B (en) | Security processor, operating method of the security processor, and method of encrypting or decrypting data | |
| US8781112B2 (en) | Signed montgomery arithmetic | |
| US11502836B2 (en) | Method for performing cryptographic operations on data in a processing device, corresponding processing device and computer program product | |
| US6963644B1 (en) | Multi-word arithmetic device for faster computation of cryptosystem calculations | |
| US7113593B2 (en) | Recursive cryptoaccelerator and recursive VHDL design of logic circuits | |
| US7590235B2 (en) | Reduction calculations in elliptic curve cryptography | |
| GB2353447A (en) | Multiple-Precision arithmetic method | |
| GB2318892A (en) | Co-processor for performing modular multiplication | |
| KR100297110B1 (en) | Modular multiplier | |
| KR20040045152A (en) | Apparatus for modular multiplication | |
| JP4223819B2 (en) | Power residue calculation apparatus and program | |
| US20240111489A1 (en) | Bignum addition and/or subtraction with carry propagation | |
| US20040117601A1 (en) | General-purpose processor that can rapidly perform binary polynomial arithmetic operations | |
| Oliveira et al. | A note on how to (pre-) compute a ladder | |
| US20040081317A1 (en) | Encryption circuit achieving higher operation speed | |
| JP2009003479A (en) | Method for operating exponentiation remainder | |
| Großschädl | A new serial/parallel architecture for a low power modular multiplier |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20060819 |