• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.3
• /
• pp.77-83
• /
• 2000

This paper presents a new modular multiplier for Montgomery multiplication using iterative small carry save adder. The proposed multiplier is more flexible and suitable for long bit multiplication due to its scalable property according to design area and required computing time. We describe the word-based Montgomery algorithm and design architecture of the multiplier. Our analysis and simulation show that the proposed multiplier provides area/time tradeoffs in limited design area such as IC cards.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.1C
• /
• pp.131-139
• /
• 2008

This paper presents a scalable dual-field Montgomery multiplier based on a new multi-precision carry save adder(MP-CSA), which operates in both types of finite fields GF(p) and GF($2^m$). The new MP-CSA consists of two carry save adders(CSA). Each CSA is composed of n = [w/b] carry propagation adders(CPA) for a modular multiplication with w-bit words, where b is the number of dual field adders(DFA) in a CPA. The proposed Montgomery multiplier has roughly the same timing complexity compared with the previous result, however, it has the advantage of reduced chip area requirements. In addition, the proposed circuit produces the exact modular multiplication result at the end of operation unlike the previous architecture. Furthermore, the proposed Montgomery multiplier has a high scalability in terms of w and m. Therefore, it can be used to multiplier over GF(p) and GF($2^m$) for cryptographic applications.

• International Journal of Internet, Broadcasting and Communication
• /
• v.16 no.1
• /
• pp.17-28
• /
• 2024

As listed as one of the most important requirements for Post-Quantum Cryptography standardization process by National Institute of Standards and Technology, the resistance to various side-channel attacks is considered very critical in deploying cryptosystems in practice. In fact, cryptosystems can easily be broken by side-channel attacks, even though they are considered to be secure in the mathematical point of view. The timing attack(TA) and the simple power analysis attack(SPA) are such side-channel attack methods which can reveal sensitive information by analyzing the timing behavior or the power consumption pattern of cryptographic operations. Thus, appropriate measures against such attacks must carefully be considered in the early stage of cryptosystem's implementation process. The Montgomery multiplier is a commonly used and classical gadget in implementing big-number-based cryptosystems including RSA and ECC. And, as recently proposed as an alternative of building blocks for implementing post quantum cryptography such as lattice-based cryptography, the big-number multiplier including the Montgomery multiplier still plays a role in modern cryptography. However, in spite of its effectiveness and wide-adoption, the multiplier is known to be vulnerable to TA and SPA. And this paper proposes a new countermeasure for the Montgomery multiplier against TA and SPA. Briefly speaking, the new measure first represents a multiplication operand without 0 digits, so the resulting multiplication operation behaves in a very regular manner. Also, the new algorithm removes the extra final reduction (which is intrinsic to the modular multiplication) to make the resulting multiplier more timing-independent. Consequently, the resulting multiplier operates in constant time so that it totally removes any TA and SPA vulnerabilities. Since the proposed method can process multi bits at a time, implementers can also trade-off the performance with the resource usage to get desirable implementation characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.33-41
• /
• 2006

RSA cryptosystem is of great use in systems such as IC card, mobile system, WPKI, electronic cash, SET, SSL and so on. RSA is performed through modular exponentiation. It is well known that the Montgomery multiplier is efficient in general. The critical path delay of the Montgomery multiplier depends on an addition of three operands, the problem that is taken over carry-propagation makes big influence at an efficiency of Montgomery Multiplier. Recently, the use of the Carry Save Adder(CSA) which has no carry propagation has worked McIvor et al. proposed a couple of Montgomery multiplication for an ideal exponentiation, the one and the other are made of 3 steps and 2 steps of CSA respectively. The latter one is more efficient than the first one in terms of the time complexity. In this paper, for faster operation than the latter one we use binary signed-digit(SD) number system which has no carry-propagation. We propose a new redundant binary adder(RBA) that performs the addition between two binary SD numbers and apply to Montgomery multiplier. Instead of the binary SD addition rule using in existing RBAs, we propose a new addition rule. And, we construct and simulate to the proposed adder using gates provided from SAMSUNG STD130 $0.18{\mu}m$ 1.8V CMOS Standard Cell Library. The result is faster by a minimum 12.46% in terms of the time complexity than McIvor's 2 method and existing RBAs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.135-146
• /
• 1999

Most public key cryptosystems are constructed based on a modular exponentiation, which is further decomposed into a series of modular multiplications. We design a new systolic array multiplier to speed up modular multiplication using Montgomery algorithm. This multiplier with simple circuit for each processing element will save about 14% logic gates of hardware and 20% execution time compared with previous one.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.12 no.1
• /
• pp.11-18
• /
• 2017

Finite field arithmetic has been extensively used in error correcting codes and cryptography. Low-complexity and high-speed designs for finite field arithmetic are needed to meet the demands of wider bandwidth, better security and higher portability for personal communication device. In particular, cryptosystems in GF($2^m$) usually require computing exponentiation, division, and multiplicative inverse, which are very costly operations. These operations can be performed by computing modular AB multiplications or modular $AB^2$ multiplications. To compute these time-consuming operations, using $AB^2$ multiplications is more efficient than AB multiplications. Thus, there are needs for an efficient $AB^2$ multiplier architecture. In this paper, we propose a low latency Montgomery $AB^2$ multiplier using redundant representation over GF($2^m$). The proposed $AB^2$ multiplier has less space and time complexities compared to related multipliers. As compared to the corresponding existing structures, the proposed $AB^2$ multiplier saves at least 18% area, 50% time, and 59% area-time (AT) complexity. Accordingly, it is well suited for VLSI implementation and can be easily applied as a basic component for computing complex operations over finite field, such as exponentiation, division, and multiplicative inverse.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.41 no.4
• /
• pp.57-66
• /
• 2004

This paper proposes the design of a 2,048-bit RSA based on RNS(residue number systems) Montgomery modular multiplier As the systems that RNS processes a fast parallel modular multiplication for a large word partitioned into small words, we introduce Montgomery reduction method(MRM)［1］based on Wallace tree modular multiplier and 33 RNS bases with 64-bit size for RNS Montgomery modular multiplication in this paper. Also, for fast RNS modular multiplication, a modified method based on Chinese remainder theorem(CRT)［2］ is presented. We have verified 2,048-bit RSA based on RNS using Samsung 0.35${\mu}{\textrm}{m}$ technology and the 2,048-bit RSA is performed in 2.54㎳ at 100MHz.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.11-20
• /
• 2007

A fast Montgomery multiplication occupies important to the design of RSA cryptosystem. Montgomery multiplication consists of two addition, which calculates using CSA or RBA. In terms of CSA, the multiplier is implemented using 4-2 CSA o. 5-2 CSA. In terms of RBA, the multiplier is designed based on redundant binary system. In [1], A new redundant binary adder that performs the addition between two binary signed-digit numbers and apply to Montgomery multiplier was proposed. In this paper, we reconstruct the logic structure of the RBA in [1] for reducing time and space complexity. Especially, the proposed RB multiplier has no coupler like the RBA in [1]. And the proposed RB multiplier is suited to binary exponentiation as modified input and output forms. We simulate to the proposed NRBA using gates provided from SAMSUNG STD130 $0.18{\mu}m$ 1.8V CMOS Standard Cell Library. The result is smaller by 18.5%, 6.3% and faster by 25.24%, 14% than 4-2 CSA, existing RBA, respectively. And Especially, the result is smaller by 44.3% and faster by 2.8% than the RBA in [1].

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.4
• /
• pp.223-230
• /
• 2006

The method of implementing a modular multiplier for Montgomery multiplication by using an adder depends on a selected adder. When using a CPA, there is a carry propagation problem. When using a CSA, it needs an additional calculation for a final result. The Multiplier using a Multi-precision CSA can solve both problems simultaneously by combining a CSA and a CPA. This paper presents an improved MP-CSA which reduces hardware resources and operation time by changing a MP-CSA's carry chain structure. Consequently, the proposed multiplier is more suitable for the module of long bit multiplication and exponentiation using a modular multiplier repeatedly.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.590-592
• /
• 2000

Operator-level optimization of a systolic array for Montgomery Modular Multiplication(MMM) algorithm is presented in thin paper. The proposed systolic array is faster than that of C.D. Walter by 40%. Compared with J.B. Shin et al.'s, it is 25% faster.