WO1993020503A1 - Method and apparatus for modulo computation - Google Patents

Method and apparatus for modulo computation Download PDF

Info

Publication number
WO1993020503A1
WO1993020503A1 PCT/EP1993/000751 EP9300751W WO9320503A1 WO 1993020503 A1 WO1993020503 A1 WO 1993020503A1 EP 9300751 W EP9300751 W EP 9300751W WO 9320503 A1 WO9320503 A1 WO 9320503A1
Authority
WO
WIPO (PCT)
Prior art keywords
shift
buffer
computation
byte
area
Prior art date
Application number
PCT/EP1993/000751
Other languages
French (fr)
Inventor
David Naccache
Original Assignee
Thomson Consumer Electronics S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Consumer Electronics S.A. filed Critical Thomson Consumer Electronics S.A.
Publication of WO1993020503A1 publication Critical patent/WO1993020503A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/722Modular multiplication

Definitions

  • the present invention relates to a method and to an apparatus for modulo computation.
  • EP-A-91402958 a method for modulo calculation in a time-restricted environment is described.
  • a digital processor technology is used for performing modular multiplications in a relatively small RAM area and thereby to overcome smartly the technical barrier mentioned in the back-ground section.
  • the invention uses computation means, control means, memory means one-byte shift-to-the-left means and backward multiplication means.
  • control means one-byte shift-to-the-left means and/or backward multiplication means are realizable in hardware or software.
  • L size of the afore RAM area is approximately equal to the size of the modulus.
  • the inventive method consists in modulo computation A * B mod N, wherein A, B and N are L byte numbers represented in an MSB-LSB format and in a loop the sequential operation of backward multiplication means and computation means and shift-to-the-left means is controlled, wherein
  • said backward multiplication means multiply a byte A[i] of number A by the whole number B and add the result A[i]*B to the contents of said buffer W, wherein said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;
  • said computation means reduce modulo ⁇ the 8*L+9 bit numbers stored in said buffer W;
  • said one-byte shift-to-the-left means shift the contents of buffer W by one byte to the left and reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte.
  • the inventive apparatus comprises:
  • shift-to-the-left means for buffer W which reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte;
  • X[i] the i byte of X is denoted where X[0] is the less significant byte of X.
  • X is a generic name for A, B, N and W.
  • the memory means are subdivided into four distinct areas :
  • Area 3 is typically in ROM, EPROM or EEPROM
  • Area 4 is necessarily in RAM whereas areas 1 and 2 can be either of ROM, ERROM, EEPROM or RAM type.
  • the computation means SMALL_RED(W) comprise basic operations such as byte to byte addition, subtraction and multiplication and are used for small modular reduction of the contents of buffer W. Thereby the stored 8*L+9 bit numbers are reduced by modulo ⁇ .
  • Such computation means can calculate in the following ways :
  • K Int (2 ⁇ 521/ ⁇ ); - multiplying K by the 10 most significant bits of W;
  • the backward multiplication means CUMULATED_MUL(A[i]) multiply a byte A[i] of value A with the whole number B and add the result B*A[i] to the contents of W.
  • control means According to the invention the following operations are executed by the control means :
  • the backward multiplication means CUMULATED_MUL are constructed in the following way:
  • the invention can be optimized or modified in a variety of ways: 1) It is easy to prove that byte W[L+1] can only be equal to 0 or to 1, therefore the backward multiplication means can be designed just to reduce 521 bit numbers to 512 bit numbers. When calculations are done in software, the carry bit of the addition W[L]+Carry contains the value of W[L+1] and can be used directly for determinating if a first subtraction of N is needed or not.
  • a bigger buffer W can be allocated.
  • the buffer can grow until the most significant byte is nonzero and then the backward multiplication means reduce it back.
  • W has then to be shifted the right number of positions to the left and the sequence re-iterates.
  • the shifting of W may be integrated into the backward multiplication means or into the computation means.
  • the backward multiplication means and the computation means can be merged.
  • a modular exponentiator can be used as a submodule performing the modular multiplications.
  • the inventive modulo computation can be applied to the following public-key systems for encryption and/or authentication and/or digital signature: 1) Rivest-Shamir-Adelman, as described in "A Method of obtaining Digital Signatures and Public-Key Cryptosystems", CACM, Vol 21 N°2 , Feb 1978, pp 120-126.
  • a RAM buffer W of at least 8*L+9 bits stores intermediate results, where L is a size in bytes;
  • said backward multiplication means multiply a byte A[i] of number A by the whole number B and add the result A[i]*B to the contents of said buffer W, wherein said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;
  • said computation means reduce modulo N the 8*L+9 bit numbers stored in said buffer W;
  • said one-byte shift-to-the-left means shift the contents of buffer W by one byte to the left and reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte.
  • Apparatus for a method according to claim 1 to 2 comprising: a RAM buffer W of at least 8*L+9 bits, where L is a size in bytes;
  • backward multiplication means wherein a byte A[i] of number A is multiplied by the whole number B and the result A[i]*B is added to the contents of said buffer W and said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;

Landscapes

  • Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computational Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Complex Calculations (AREA)
  • Error Detection And Correction (AREA)

Abstract

The invention relates to a calculation A * B mod N in a RAM-restricted environment wherein A, B and N are L byte numbers. The following elements are required: a) a RAM buffer W of at leat 8*L+9 bits; b) computation means for reducing modulo N the 8*L+9 bit numbers stored in said buffer W; c) one byte shift-to-the-left means for buffer W wherein after the shift W(0) is reset to 0; d) backward multiplication means wherein a byte A(i) of A is multiplied by the whole number B and the result is added to the contents of W, wherein said index i is decremented from L-1 to 0 (both values included) between successive calls of this means; e) control means for sequencing the usage of said computation means, shift-to-the-left means and backward multiplication means. The following operations are executed by the control means: 1) reset buffer W to 0; 2) initialize an index i with the value L; 3) decrement i; 4) if i is negative, terminate the calculation; 5) perform a backwards multiplication as described in (d); 6) perform a small reduction operation as described in (b); 7) if index i is nonzero shift buffer W one position to the left; 8) go to step 3.

Description

Method and Apparatus for modulo computation
The present invention relates to a method and to an apparatus for modulo computation.
Background
The big majority of modern public-key cryptosystems, for example in pay TV systems, is based on modular multiplications. In EP-A-91402958 a method for modulo calculation in a time-restricted environment is described.
A modular multiplication is defined by the operation A*B mod N where A, B and N has all the same size L (typically L = 64 bytes). N is referred to as modulus.
All the published methods for calculating A*B mod N require at least a RAM space which approximately equals twice the size of N. This is a very hard practical barrier to overcome, especially in smart-card technologies where RAM is not available in big quantities.
Invention
It is one object of the invention to disclose a method of modulo calculation in a RAM restricted environment. This object is reached by the method disclosed in claim 1.
A digital processor technology is used for performing modular multiplications in a relatively small RAM area and thereby to overcome smartly the technical barrier mentioned in the back-ground section.
The size of the said RAM area used by the apparatus can be restricted to the size of the modulus plus nine bits when an 8-bit processor is used. More generally, when s-bit processors (with s = 8, 16, 32 and so on) are used, the size of the afore RAM space can be limited to the size of the modulus plus s+1 bits. However, for simplicity sake, only 8-bit processors will be considered herein.
The invention uses computation means, control means, memory means one-byte shift-to-the-left means and backward multiplication means.
The control means, one-byte shift-to-the-left means and/or backward multiplication means are realizable in hardware or software. Advantageously for large values of L, e.g. L=64, the size of the afore RAM area is approximately equal to the size of the modulus.
These points make the method particularly attractive for smart-card applications in cryptographic contexts, e.g for pay TV systems like Videocrypt.
In principle the inventive method consists in modulo computation A * B mod N, wherein A, B and N are L byte numbers represented in an MSB-LSB format and in a loop the sequential operation of backward multiplication means and computation means and shift-to-the-left means is controlled, wherein
- a RAM buffer W of at least 8*L+9 bits stores intermediate results, where L is a size in bytes;
- said backward multiplication means multiply a byte A[i] of number A by the whole number B and add the result A[i]*B to the contents of said buffer W, wherein said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;
- said computation means reduce modulo Ν the 8*L+9 bit numbers stored in said buffer W;
- said one-byte shift-to-the-left means shift the contents of buffer W by one byte to the left and reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte.
Advantageous additional embodiments of the inventive method are resulting from the respective dependent claim. It is a further object of the invention to disclose an apparatus which utilizes the inventive method. This object is reached by the apparatus disclosed in claim 3.
In principle the inventive apparatus comprises:
- a RAM buffer W of at least 8*L+9 bits, where L is a size in bytes;
- backward multiplication means wherein a byte A[i] of number A is multiplied by the whole number B and the result A[i]*B is added to the contents of said buffer W and said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;
- computation means for reducing modulo N the 8*L+9 bit numbers stored in said buffer W;
- one-byte shift-to-the-left means for buffer W which reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte;
- control means for sequencing the operation of said backward multiplication means computation means and shift-to-the-left means.
Advantageous additional embodiments of the inventive apparatus are resulting from the respective dependent claims.
It is a further object of the invention to disclose an encryption and/or authentication and/or digital signature system performing number theoretic public-key algorithms wherein the inventive modular computations are done. This object is reached by the apparatus disclosed in claim 7.
It is a further object of the invention to disclose a smart-card using the inventive modular computations. This object is reached by the apparatus disclosed in claim 8. Preferred embodiments
Hereafter by X[i] the i byte of X is denoted where X[0] is the less significant byte of X. X is a generic name for A, B, N and W.
The size of these values in bytes (typically L=64) is denoted by L and therefore A[L-1], B[L-1] and N [L- 1] are the most significant bytes of (respectively) A, B and N.
However, since the length of W is L+2, the most significant byte of W is W[L+1].
The memory means are subdivided into four distinct areas :
1) Area where a first value A is stored;
2) Area where a second value B is stored;
3) Area where a third value Ν is stored;
4) A work area W of the size of Ν plus two bytes.
Area 3 is typically in ROM, EPROM or EEPROM, Area 4 is necessarily in RAM whereas areas 1 and 2 can be either of ROM, ERROM, EEPROM or RAM type.
The computation means SMALL_RED(W) comprise basic operations such as byte to byte addition, subtraction and multiplication and are used for small modular reduction of the contents of buffer W. Thereby the stored 8*L+9 bit numbers are reduced by modulo Ν.
One can easily construct (in a big variety of ways) such computation means which, due to the fact that the size of W differs from the size on Ν by just nine bits, require only few additional RAM variables and run very quickly.
Such computation means can calculate in the following ways :
1) Simple iterated shifted subtractions (9 at the maximum will be needed as will be seen later on) of Ν from W.
2) Usage of a pre-recorded modular inverse of Ν in order to calculate approximately how many times Ν should be subtracted from W, comprising all or a part of the following steps:
- pre-calculating once and for all a constant K = Int (2^521/Ν); - multiplying K by the 10 most significant bits of W;
- shifting this result of 10 bits to the right;
- subtracting from W N times this result;
- while W >= N subtracting N from W.
3) Usage of an N of a particular form (e.g. with N[L-1]=1 and N[L-2]=0 as MSB) to allow an easy pre-vision of the guess digit during division, comprising the steps of:
- preselecting an N such that N[L-1]=1, N[L-2]=0 and constructing calculation means performing the following calculations:
If d is null give s to the value W[i+L-1] else s=255.
Subtract s*N from the L+l most significant bytes of W.
If W[i+L-1] ==0 let d=0 else add N to the L+1 most significant bytes of W.
If a carry occurred return 1 else return 0.
or
- preselecting an N such that N[L-1]=1, N[L-2]=0 and constructing calculation means performing the following calculations: Initialize i with the value L+1 and reset d to zero.
If i is negative terminate the calculation.
Let d=REDUCE_BUFF(i,d)
Decrement i and go two lines back.
4) Subtracting from W N times Int (W/N).
The following circuits can be used for such computation means:
1) Thomson's residual circuit as described in EP-A-0 314 559;
2) Kawamura's circuit as described in US-4,949,293;
3) N.T.T.'s circuit as described in EP-A-0 381 161.
The backward multiplication means CUMULATED_MUL(A[i]) multiply a byte A[i] of value A with the whole number B and add the result B*A[i] to the contents of W.
According to the invention the following operations are executed by the control means :
1) Reset buffer W to 0;
2) Initialize an index i with the value L; 3) Decrement i;
4) If i is negative, terminate the calculation;
5) Perform a backward multiplication with said backward multiplication means;
6) Perform a small reduction operation with said computation means;
7) If index i is nonzero shift buffer W one position to the left with said shift-to-the-left means;
8) go to step 3.
This can be carried out using the following program:
Char A[L] ,B[L] ,W[L+2];
Modular_Multiplication(char *A, char *B)
{
int i,k; for (k=0; kcL+2; k++) W[k]=0;
for (i=L; i>=0 ;i- -)
{
CUMULATED_MUL (A[i] ) ;
SMALL_RED (W) ;
if ( i ! =0 ) for (k=L; k>0 ; k- - ) W [k] =W [k-1] ;
W [0] =0 ;
}
}
Advantageously the backward multiplication means CUMULATED_MUL are constructed in the following way:
Let t be a double-byte variable (ie. the value stocked in t is 256*t_high+t_low), 'Carry' a single byte, i, j and k are three counters. Then the program can be rewritten as follows: char At L] , B[L] , W[L+2] ;
Modular_Multiplication(char *A, char *B)
{
int i, j , k, t;
char Carry; for (k=0; k<L+2; k++) W[k]=0;
for (i=L; i>=0 ;i- -)
{
Carry = 0;
for (j=0; j<L ;j++)
{
t = A[i]*B[j]+Carry+W[j] ;
W[j] = t_low; CUMULATED_MUL (A [i] ) Carry = t_high;
}
t = W[L]+Carry;
W[L] = t_low;
W[L+1] = t_high;
SMALL_RED (W);
if (i!=0) for (k=L; k>0; k- -) W[k] =W[k-1];
W[0]=0;
}
}
The following working example illustrates the inventive calculation, wherein all values are given in decimal digits. Input data are:
L = 4;
N = 6 1 1 5;
A = 4 7 8 9;
B = 5 7 0 9.
Reset W to 0:
W = 0 0 0 0 0 0
First 5 * 4 7 8 9 = 2 3 9 4 5 is calculated and placed in W: W = 0 2 3 9 4 5
Call SMALL_RED (W becomes 2 3 9 4 5 mod 6 1 1 5 = 5 6 0 0) W = 0 0 5 6 0 0
Shift W to the left :
W = 0 5 6 0 0 0
Calculate 7 * 4 7 8 9 = 3 3 5 2 3 and add it to W :
0 5 6 0 0 0
0 3 3 5 2 3
W = 0 8 9 5 2 3
Call SMALL_RED (W becomes 8 9 5 2 3 mod 6 1 1 5 = 3 9 1 3) W = 0 0 3 9 1 3
Shift W to the left :
W = 0 3 9 1 3 0
Calculate 0 * 4 7 8 9 = 0 0 0 0 0 and add it to W :
0 3 9 1 3 0
0 0 0 0 0 0
W = 0 3 9 1 3 0
Call SMALL_RED (W becomes 3 9 1 3 0 mod 6 1 1 5 = 2 4 4 0) W = 0 0 2 4 4 0
Shift W to the left :
W = 0 2 4 4 0 0
Calculate 9 * 4 7 8 9 = 4 3 1 0 1 and add it to W :
0 2 4 4 0 0
0 4 3 1 0 1
W = 0 6 7 5 0 1
Call SMALL_RED (W becomes 6 7 5 0 1 mod 6 1 1 5 = 2 3 6) : W = 0 0 0 2 3 6 The final result is : 2 3 6
One can easily check this by calculating directly A * B =
2 7 3 4 0 4 0 1 and reducing 2 7 3 4 0 4 0 1 modulo 6 1 1 5 to obtain 2 3 6.
The invention can be optimized or modified in a variety of ways: 1) It is easy to prove that byte W[L+1] can only be equal to 0 or to 1, therefore the backward multiplication means can be designed just to reduce 521 bit numbers to 512 bit numbers. When calculations are done in software, the carry bit of the addition W[L]+Carry contains the value of W[L+1] and can be used directly for determinating if a first subtraction of N is needed or not.
2. A bigger buffer W can be allocated. When such a strategy is used, the buffer can grow until the most significant byte is nonzero and then the backward multiplication means reduce it back.
W has then to be shifted the right number of positions to the left and the sequence re-iterates.
3. The shifting of W may be integrated into the backward multiplication means or into the computation means.
Similarly, the backward multiplication means and the computation means can be merged.
4. As mentioned before, the computation means can be changed
(e.g. instead of 8 bit, one can use 16 or 32 bit processors and so on).
A modular exponentiator can be used as a submodule performing the modular multiplications.
The inventive modulo computation can be applied to the following public-key systems for encryption and/or authentication and/or digital signature: 1) Rivest-Shamir-Adelman, as described in "A Method of obtaining Digital Signatures and Public-Key Cryptosystems", CACM, Vol 21 N°2 , Feb 1978, pp 120-126.
2) Fiat-Shamir, as described in "How to prove yourself: Practical Solutions to Identification and Signature Problems", In A. Odlyzko, Editor, Advances in Cryptology, Proc. of Crypto' 86 (Lecture Notes in Computer Science 263), pp 186-194, Springer- Verlag 1987, Santa Barbara, California, USA, August 11-15
3) Feige-Fiat-Shamir, as described in "Zero Knowledge Proofs of Identity", Journal of Cryptology, 1(2), pp 77-94, 1988
4) Guillou-Quisquater, as described in "A Practical Zero-Knowledge Protocol fitted to Security Microprocessor minimizing both Transmission and Memory. In C.6 Günther, Editor, Advances in Cryptology, Proc. of Eurocrypt'88 (Lecture Notes in Computer Science 330) pp 123-128, Springer Verlag 1988, Santa Barbara, USA California, USA August 16-20
5) Diffie-Hellman, as described in "New direction in Cryptography", IEEE T.I.T., IT-22, 1976, 644-654 and in "The mathematics of public-key cryptography", Scientific American, volume 241, 1979, 146-157.
6) Rabin, as described in "Digitalized Signatures", Foundations of Secure Computation, R.A. De Millo et Al., Editors, Academic Press, London 1978, pp 155-166 and in "Digital signatures and Public-key Functions as Intractable as Factoring", Technical Memo TM-212, Lab. for Comp. Sc., MIT, 1979.
7) El Gamal, as described in "A public-key cryptosystem and a signature scheme based on discreet logarithms", IEEE T.I.T, volume 31, 469-472, 1985.
Although the present invention has been described with reference to specific embodiments, nevertheless, changes are possible which will be apparent to those skilled in the art which do not Claims
1. Method for modulo computation A * B mod N, wherein A, B and N are L byte numbers represented in an MSB-LSB format, characterized in that in a loop the sequential operation of backward multiplication means and computation means and shift-to-the- left means is controlled, wherein
a RAM buffer W of at least 8*L+9 bits stores intermediate results, where L is a size in bytes;
said backward multiplication means multiply a byte A[i] of number A by the whole number B and add the result A[i]*B to the contents of said buffer W, wherein said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;
said computation means reduce modulo N the 8*L+9 bit numbers stored in said buffer W;
said one-byte shift-to-the-left means shift the contents of buffer W by one byte to the left and reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte.
2. Method according to claim 1, characterized in that L=64.
3. Apparatus for a method according to claim 1 to 2, comprising: a RAM buffer W of at least 8*L+9 bits, where L is a size in bytes;
backward multiplication means wherein a byte A[i] of number A is multiplied by the whole number B and the result A[i]*B is added to the contents of said buffer W and said index i is decremented from L-1 to 0 (both values included) between successive calls of said backward multiplication means;
computation means for reducing modulo N the 8*L+9 bit numbers stored in said buffer W;
one-byte shift-to-the-left means for buffer W which reset W[0] to 0 after each of said shifting operations, where [0] is the less significant byte;

Claims

depart from the spirit and scope of the invention. Such changes are deemed to come within the purview of the invention as claimed hereafter.
control means for sequencing the operation of said backward multiplication means computation means and shift-to-the-left means.
4. Apparatus according to claim 3, characterized in that one or more of said backward multiplication means and said computation means and said shift-to-the-left means are combined to means having the respective function.
5. Apparatus according to claim 3 or 4, characterized in that one or more of said control means and said backward multiplication means and said computation means and said shift-to-the-left means is/are replaced by a microprocessor which is driven by the respective program.
6. Apparatus according to any of claims 3 to 5, characterized in that said memory means are subdivided into four distinct areas:
a) area 1 where a first value A is stored;
b) area 2 where a second value B is stored;
c) area 3 where a third value N is stored;
d) a work area W of the size of N plus two bytes,
wherein area 3 is of ROM, EPROM or EEPROM type and area 4 is of RAM type and areas 1 and 2 are of ROM, ERROM, EEPROM and/or RAM type.
7. An encryption and/or authentication and/or digital signature system performing number theoretic public-key algorithms wherein modular computations are done according to any of claims 1 to 6.
8. Smart-card using a modular computation according to any of
claims 1 to 6.
PCT/EP1993/000751 1992-04-07 1993-03-27 Method and apparatus for modulo computation WO1993020503A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP92400974.9 1992-04-07
EP92400974 1992-04-07

Publications (1)

Publication Number Publication Date
WO1993020503A1 true WO1993020503A1 (en) 1993-10-14

Family

ID=8211649

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1993/000751 WO1993020503A1 (en) 1992-04-07 1993-03-27 Method and apparatus for modulo computation

Country Status (3)

Country Link
CN (1) CN1079349A (en)
AU (1) AU3890093A (en)
WO (1) WO1993020503A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0286489A1 (en) * 1987-04-10 1988-10-12 France Telecom Method and controller for enciphering a message according to a public key algorithm
EP0381161A2 (en) * 1989-01-30 1990-08-08 Nippon Telegraph And Telephone Corporation Modular multipication method and the system
EP0443679A1 (en) * 1990-02-23 1991-08-28 Koninklijke Philips Electronics N.V. Coding method, according to the RSA method, by a microcontroller and a device using this method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0286489A1 (en) * 1987-04-10 1988-10-12 France Telecom Method and controller for enciphering a message according to a public key algorithm
EP0381161A2 (en) * 1989-01-30 1990-08-08 Nippon Telegraph And Telephone Corporation Modular multipication method and the system
EP0443679A1 (en) * 1990-02-23 1991-08-28 Koninklijke Philips Electronics N.V. Coding method, according to the RSA method, by a microcontroller and a device using this method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
ADVANCES IN CRYPTOLOGY - PROCEEDINGS OF AUSCRYPT '90 January 1990, SYDNEY, AUSTRALIA pages 406 - 409 H. MORITA 'A fast modular-multiplication module for smart cards' *
ADVANCES IN CRYPTOLOGY - PROCEEDINGS OF CRYPTO '86 August 1986, SANTA BARBARA, USA pages 277 - 301 ORTON ET AL. 'VLSI implementation of public-key encryption algorithms' *
ELECTRONICS LETTERS vol. 25, no. 23, 9 November 1989, STEVENAGE GB pages 1604 - 1606 B. ARAMBEPOLA 'VLSI architectures for convolver design using number theoretic transforms' *
ELECTRONICS LETTERS vol. 26, no. 18, 30 August 1990, STEVENAGE GB pages 1544 - 1545 FORSTER ET AL. 'Carry delayed save adders for computing the product A.B modulo N in log2N steps' *

Also Published As

Publication number Publication date
CN1079349A (en) 1993-12-08
AU3890093A (en) 1993-11-08

Similar Documents

Publication Publication Date Title
US6782100B1 (en) Accelerated finite field operations on an elliptic curve
JP3784156B2 (en) Modular multiplication method
Lim et al. More flexible exponentiation with precomputation
US5742530A (en) Compact microelectronic device for performing modular multiplication and exponentiation over large numbers
AU677269B2 (en) A cryptographic method
US8666062B2 (en) Method and apparatus for performing finite field calculations
Hong et al. New modular multiplication algorithms for fast modular exponentiation
US7831650B2 (en) Method for modular multiplication
US20110161390A1 (en) Modular multiplication processing apparatus
EP0874307A1 (en) Accelerated finite field operations on an elliptic curve
CN1841443B (en) Calculation method, calculation equipment
US20040098436A1 (en) Method and device for constructing elliptical curves
US6567832B1 (en) Device, method, and storage medium for exponentiation and elliptic curve exponentiation
US20050041811A1 (en) Method and apparatus for modular inversion for information security and recording medium with a program for implementing the method
EP1217512A2 (en) Arithmetic circuit and arithmetic method
EP0611506B1 (en) Method, sender apparatus and receiver apparatus for modulo operation
KR100459732B1 (en) Montgomery modular multiplier by 4 to 2 compressor and multiplication method thereof
US20080114820A1 (en) Apparatus and method for high-speed modulo multiplication and division
WO2002003608A1 (en) Method and apparatus for incomplete modular arithmetic
WO2001076131A1 (en) Cryptographic methods and apparatus using word-wise montgomery multiplication
Koç Montgomery reduction with even modulus
JP2009042787A (en) Method for accelerating finite field operation on elliptic curve
JP3797808B2 (en) Scalar multiplication method and apparatus
WO1993020503A1 (en) Method and apparatus for modulo computation
US6687727B2 (en) Method and apparatus for arithmetic operation and recording medium of method of operation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU JP KR NZ US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase