• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.173-182
• /
• 1995

모듈라 멱승(modular exponentiation) 연산은 암호학에서 기본적이고 중요한 연산이다. 그러나, 이는 다정도 정수(multiple precision integer)들을 다루기 때문에 그 연산시 간이 무척 많이 걸리므로 이를 단축시킬 필요가 있다. 모듈라 멱승 연산은 모듈라 곱셈(modular multiplication)의 반복으로서, 전체 연산시간을 단축시키기 위해서는 모듈라 곱셈의 수행시간을 단축시키거나, 모듈라 곱셈의 반복횟수를 줄이는 것이 필요하다. 본 논문에서는 모듈라 곱셈을 빠르게 수행하기 위한 알고리즘 두 개를 제안한다. 하나는 서로 다른 두 수의 모듈라 곱셈 알고리즘이고, 다른 하나는 모듈라 제곱을 빠르게 수행하는 알고리즘이다. 이 둘은 기존의 모듈라 곱셈 알고리즘들에 비해 각각 절반과, l/3가량의 단정도 곱셈(single-precision multiplication)만을 필요로 한다. 실제로 PC상에서 구현한 결과 각각 100%와 30%의 속도향상을 보인다.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.3
• /
• pp.93-100
• /
• 2007

Since Koblitz and Miller suggested the use of elliptic curves in cryptography, there has been an extensive literature on elliptic curve cryptosystem (ECC). The use of ECC is based on the observation that the points on an elliptic curve form an additive group under point addition operation. To realize secure cryptosystems using these groups, it is very important to find an elliptic curve whose group order is divisible by a large prime, and also to find a base point whose order equals this prime. While there have been many dramatic improvements on finding an elliptic curve and computing its group order efficiently, there are not many results on finding an adequate base point for a given curve. In this paper, we propose an efficient method to find a random base point on an elliptic curve defined over $GF(p^m)$. We first show that the critical operation in finding a base point is exponentiation. Then we present efficient algorithms to accelerate exponentiation in $GF(p^m)$. Finally, we implement our algorithms and give experimental results on various practical elliptic curves, which show that the new algorithms make the process of searching for a base point 1.62-6.55 times faster, compared to the searching algorithm based on the binary exponentiation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.73-92
• /
• 1997

A modular exponentiation( E$M^{$=varepsilon$}$mod N) is one of the most important operations in Public-key cryptography. However, it takes much time because the modular exponentiation deals with very large operands as 512-bit integers. Modular exponentiation is composed of repetition of modular multiplications, and the number of repetition is the same as the length of the addition-chain of the exponent(E). Therefore, we can reduce the execution time of modular exponentiation by finding shorter addition-chain(i.e. reducing the number of repetitions) or by reducing the execution time of each modular multiplication. In this paper, we propose an addition-chain heuristics and two fast modular multiplication algorithms. Of two modular multiplication algorithms, one is for modular multiplication between different integers, and the other is for modular squaring. The proposed addition-chain heuristics finds the shortest addition-chain among exisiting algorithms. Two proposed modular multiplication algorithms require single-precision multiplications fewer than 1/2 times of those required for previous algorithms. Implementing on PC, proposed algorithms reduce execution times by 30-50% compared with the Montgomery algorithm, which is the best among previous algorithms.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.151-159
• /
• 1996

본 논문에서는 right-to-left 형태의 멱승 연산에 적합한 고속 모듈라 감소 알고리듬을 제안하고 이를 여러 멱승 방식에 적용했을 경우의 계산 속도 및 메모리 사용효율을 기존의 방식들과 비교하였다. 분석 결과, 기존의 방식보다 고속으로 멱승을 수행할 수 있고 m-ary 방식이나 window 방식에서는 사용 메모리를 줄일 수 있다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.539-541
• /
• 2000

윈도우 방법과 인수분해 방법을 혼합 적용하면 멱승 연산에 사용되는 곱셈 연산의 횟수를 줄임으로써 멱승 연산을 빠르게 수행할 수 있다. 지수가 512비트일 때 윈도우의 크가 5인 윈도우 방법은 607번 정도의 곱셈 연산을 필요로 하는데 반해 윈도우와 인수분해 방법을 혼합한 방법은 599번 정도의 곱셈 연산을 필요로 한다. 이는 현실적으로 가능한 멱승 연산 중에서 가장 적은 수의 곱셈 연산을 요구하는 방법이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.21-34
• /
• 2002

In this paper we propos a new hardware architecture of modular exponentiation using a division chain method which has been proposed in (2). Modular exponentiation using the division chain is performed by receding an exponent E as a mixed form of multiplication and addition with divisors d=2 or $d=2^I +1$ and respective remainders r. This calculates the modular exponentiation in about $1.4log_2$E multiplications on average which is much less iterations than $2log_2$E of conventional Binary Method. We designed a linear systolic array multiplier with pipelining and used a horizontal projection on its data dependence graph. So, for k-bit key, two k-bit data frames can be inputted simultaneously and two modular multipliers, each consisting of k/2+3 PE(Processing Element)s, can operate in parallel to accomplish 100% throughput. We propose a new encoding scheme to represent divisors and remainders of the division chain to keep regularity of the data path. When it is synthesized to ASIC using Samsung 0.5 um CMOS standard cell library, the critical path delay is 4.24ns, and resulting performance is estimated to be abort 140 Kbps for a 1024-bit data frame at 200Mhz clock In decryption process, the speed can be enhanced to 560kbps by using CRT(Chinese Remainder Theorem). Futhermore, to satisfy real time requirements we can choose small public exponent E, such as 3,17 or $2^{16} +1$, in encryption and verification process. in which case the performance can reach 7.3Mbps.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38A no.9
• /
• pp.759-764
• /
• 2013

We present a square root algorithm in $F_q$ which generalizes Atkin's square root algorithm [9] for finite field $F_q$ of q elements where $q{\equiv}5$ (mod 8) and Kong et al.'s algorithm [11] for the case $q{\equiv}9$ (mod 16). Our algorithm precomputes ${\xi}$ a primitive $2^s$-th root of unity where s is the largest positive integer satisfying $2^s|q-1$, and is applicable for the cases when s is small. The proposed algorithm requires one exponentiation for square root computation and is favorably compared with the algorithms of Atkin, M$\ddot{u}$ller and Kong et al.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.2
• /
• pp.394-402
• /
• 2010

At a recent, enterprises based on online-service are established because of rapid growth of information network. These enterprises collect personal information and do customer management. If customers use a paid service, company send billing information to customer and customer pay it. Such circulation and management of information is big issue but most companies don't care of information security. Actually, personal information that was managed by largest internal open-market was exposed. For safe customer information management, this paper proposes the method that decrease load of RSA cryptography algorithm that is commonly used for preventing from illegal attack or hacking. The method for decreasing load was designed by Binary NAF Method and it can operates modular Exponentiation rapidly. We implemented modular Exponentiation algorithm using existing Binary Method and Windows Method and compared and evaluated it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.3-15
• /
• 2008

In this paper we study exponentiation in finite fields $F{_p}{^{k}}$(k is odd) with very special exponents such as they occur in algorithms for computing square roots. Our algorithmic approach improves the corresponding exponentiation independent of the characteristic of $F{_p}{^{k}}$. To the best of our knowledge, it is the first major improvement to the Tonelli-Shanks algorithm, for example, the number of multiplications can be reduced to at least 60% on average when $p{\equiv}1$ (mod 16). Several numerical examples are given that show the speed-up of the proposed methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.100-108
• /
• 2018

This paper describes a design of scalable RSA public-key cryptography processor supporting four key lengths of 512/1,024/2,048/3,072 bits. The modular multiplier that is a core arithmetic block for RSA crypto-system was designed with 32-bit datapath, which is based on the CIOS (Coarsely Integrated Operand Scanning) Montgomery modular multiplication algorithm. The modular exponentiation was implemented by using L-R binary exponentiation algorithm. The scalable RSA crypto-processor was verified by FPGA implementation using Virtex-5 device, and it takes 456,051/3,496347/26,011,947/88,112,770 clock cycles for RSA computation for the key lengths of 512/1,024/2,048/3,072 bits. The RSA crypto-processor synthesized with a $0.18{\mu}m$ CMOS cell library occupies 10,672 gate equivalent (GE) and a memory bank of $6{\times}3,072$ bits. The estimated maximum clock frequency is 147 MHz, and the RSA decryption takes 3.1/23.8/177/599.4 msec for key lengths of 512/1,024/2,048/3,072 bits.