Use of Residue Number System for ECC Residue Number System

Total Page:16

File Type:pdf, Size:1020Kb

Use of Residue Number System for ECC Residue Number System RNS for ECC Karim Bigou Elliptic Curves Use of Residue Number System for ECC Residue Number System Modular Arithmetic Karim Bigou with RNS Current Work INRIA DGA IRISA CAIRN References Journ´eesC2 2012: 8 au 12 octobre 1/17 RNS for ECC Karim Bigou Context and Objectives Elliptic Curves Residue Number System • Elliptic Curve Cryptography (ECC) over Fp Modular Arithmetic with RNS • Residue Number System (RNS) −! high performances Current Work References • Efficient implementation by N. Guillermin in [2] on FPGA • My Ph. D. objectives • Speed (parallelism) • Protections against some side-channel attacks (randomization) 2/17 RNS for ECC Karim Bigou Elliptic Curve Cryptography Elliptic Curves • Elliptic curve E over Fp (p prime, 160-500 bits) : Residue Number 2 3 System y = x + a x + b Modular Arithmetic 3 2 with RNS with −16(4a + 27b ) 6= 0 mod p Current Work References 2 3 Figure: y = x + 4x + 20 over F1009 3/17 RNS for ECC Karim Bigou • A group law + is defined over E: the chord-and-tangent Elliptic Curves rule Residue Number System Modular • Scalar multiplication: [k]P = P + P + ::: + P Arithmetic | {z } with RNS k times Current Work References • Knowing P and [k]P, k cannot be recovered (ECDLP) • [k]P must be fast and robust • Required many operations at field level: +; −; × and inversions 4/17 −!x : 20 { 40 mod m1 mod m2 mod m3 mod mn ··· + − × = + − × = + − × = + − × = • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) • Carry-free between blocks • Fast Parallel Addition, Substraction, Multiplication and Exact Division • Non-positional System • Comparison, Modular Reduction, Division are hard RNS for ECC Karim Bigou Residue Number System x : 160 { 521 Elliptic Curves Residue Number System Modular Arithmetic with RNS Current Work References 5/17 x : 160 { 521 • Carry-free between blocks • Fast Parallel Addition, Substraction, Multiplication and Exact Division • Non-positional System • Comparison, Modular Reduction, Division are hard RNS for ECC Karim Bigou Residue Number System −! 20 { 40 Elliptic Curves x : Residue Number System mod m1 mod m2 mod m3 mod mn ··· Modular + − × = + − × = + − × = + − × = Arithmetic with RNS Current Work References • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) 5/17 x : 160 { 521 • Fast Parallel Addition, Substraction, Multiplication and Exact Division • Non-positional System • Comparison, Modular Reduction, Division are hard RNS for ECC Karim Bigou Residue Number System −! 20 { 40 Elliptic Curves x : Residue Number System mod m1 mod m2 mod m3 mod mn ··· Modular + − × = + − × = + − × = + − × = Arithmetic with RNS Current Work References • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) • Carry-free between blocks 5/17 x : 160 { 521 • Non-positional System • Comparison, Modular Reduction, Division are hard RNS for ECC Karim Bigou Residue Number System −! 20 { 40 Elliptic Curves x : Residue Number System mod m1 mod m2 mod m3 mod mn ··· Modular + − × = + − × = + − × = + − × = Arithmetic with RNS Current Work References • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) • Carry-free between blocks • Fast Parallel Addition, Substraction, Multiplication and Exact Division 5/17 x : 160 { 521 • Comparison, Modular Reduction, Division are hard RNS for ECC Karim Bigou Residue Number System −! 20 { 40 Elliptic Curves x : Residue Number System mod m1 mod m2 mod m3 mod mn ··· Modular + − × = + − × = + − × = + − × = Arithmetic with RNS Current Work References • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) • Carry-free between blocks • Fast Parallel Addition, Substraction, Multiplication and Exact Division • Non-positional System 5/17 x : 160 { 521 RNS for ECC Karim Bigou Residue Number System −! 20 { 40 Elliptic Curves x : Residue Number System mod m1 mod m2 mod m3 mod mn ··· Modular + − × = + − × = + − × = + − × = Arithmetic with RNS Current Work References • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) • Carry-free between blocks • Fast Parallel Addition, Substraction, Multiplication and Exact Division • Non-positional System • Comparison, Modular Reduction, Division are hard 5/17 RNS for ECC Karim Bigou Base Extension Elliptic Curves • Idea for modular reduction: add redundancy using 2 bases Residue Number System 0 0 0 Modular • B = (m1;:::; mn) and B = (m1;:::; mn) are coprime Arithmetic with RNS RNS bases Current Work −! −! References • x is x in B and x 0 in B0 • The base extension (BE) is defined by: BE(−!x ; B; B0) = −!x 0 • Some operations become possible after a base extension Qn 0 • M = i=1 mi is invertible in B • Exact Division by M can be done easily 6/17 RNS for ECC Karim Bigou Kawamura's Base Extension [4] Elliptic Curves It is based on the chinese remainder theorem (CRT) : Residue Number n System X −1 x = x mod M = jxi · M jm · Mi Modular i i Arithmetic i=1 M with RNS Current Work n X −1 References jxj 0 = jxi · M jm · Mi − k · M mi i i i=1 0 mi Qn M where M = mi , Mi = and k < n. i=1 mi • Sum done over each channel of B0 • Operation cost is n2 word multiplications −1 • Precomputations are needed (jM jm , jMi j 0 , jMj 0 ) i i mi mi 7/17 RNS for ECC Karim Bigou Kawamura's base extension [4] Elliptic Curves n Residue x jx · M−1j Number X i i mi System + k = M mi Modular i=1 Arithmetic with RNS $ n % $ n % Current Work −1 −1 X jxi · Mi jmi X trunc(jxi · Mi jmi ) References k = = α + r mi 2 i=1 i=1 r • mi pseudo-Mersenne number mi = 2 − "i • trunc(y) sets the r − t last bits of y to 0 • α is a correction term • a simple accumulator can be used in parallel 8/17 RNS for ECC Karim Bigou Montgomery Modular Reduction Elliptic Curves Algorithm 1: Montgomery Reduction [5] Residue 2 Number Data: x < 4 p and p < R with gcd(p; R) = 1 System Result: MM(x,p) = ! ≡ x · R−1 mod p, 0 ! < 2p Modular 6 Arithmetic begin with RNS q − (x · (−p−1)) mod R Current Work s − x + q · p References ! − s · R−1 • Classical case: R = 2w to have easy division and modular reduction • Introduce Montgomery representation • RNS: easy reduction modulo M but division impossible in B 9/17 RNS for ECC Karim Bigou Modular Reduction in RNS Elliptic Curves Residue Number Algorithm 2: RNS Montgomery Reduction [1] System Data: −!x , −!x 0 with x < αp2 Modular 0 Arithmetic Data: M > αp and M > 2 · p with RNS Result: RNSMM(x, p, B, B0) = −!! ≡ x · M−1 mod p in both Current Work References bases, 0 6 ! < 2p begin −!q − −!x · (−−!p −1) in base B and B0 −!q 0 − BE(−!q ; B; B0) −!s 0 − −!x 0 + −!q 0−!p 0 in base B0 −! −!! 0 − −!s 0 × M −1 in base B0 −!! 0 − BE(−!!; B0; B) 10/17 RNS for ECC Karim Bigou Costs for RNS Modular Operations Elliptic Curves a; b; p : n words of w bits Residue Number System Operation RNS Standard Modular Arithmetic 2 with RNS ab 2 n mult. n mult. Current Work a mod p 2 n2 + 3 n mult. n2 + n mult. References ab mod p 2 n2 + 5n mult. 2 n2 + n mult. (ab + cd) mod p 2 n2 + 7 n mult. 3 n2 + n mult. Pk 2 2 i=1 ai bi mod p 2 n + (3 + 2k)n mult. (1 + k) n + n mult. Factor 2 in multiplication is due to the use of 2 bases for BE. This was implemented on FPGA by Guillermin [2] and is called lazy reduction. 11/17 RNS for ECC Karim Bigou Ph. D. Objectives • Elliptic Curves Improve ECC with RNS performances Residue • Modular Reduction Number • Modular Inversion System Modular Arithmetic with RNS • Introduce new protections Current Work • Use natural RNS properties against SCA References • Randomization • Use redundancy with 2 bases • Hardware implementation • Implementation of RNS arithmetic units • FPGA implementation of the new inversion • Implementation of randomization • Study costs • Speed • Area 12/17 RNS for ECC Karim Bigou Modular Inversion in RNS Elliptic Curves Residue Number System Modular • Comparison and Division hard −! Euclidean Algorithm Arithmetic with RNS hard Current Work • Binary Euclidean algorithm: needs for modulo reduction References and division by 2 • Implemented algorithm: Fermat's Little Theorem • very costly • a lot of wait cycles • Proposed solution: Adaptation of Plus-Minus algorithm 13/17 RNS for ECC Algorithm 3: Plus Minus Karim Bigou Data: a; p 2 N with gcd(a; p) = 1, k = dlog2 pe Result: PM(a,p,k) = a−1 mod p Elliptic Curves begin Residue (U1; U3) − (0; p),(V1; V3) − (1; a),α − k , β − k Number System while β > 0 do if V3 ≡ 0 mod 4 then Modular Arithmetic V3 − V3=4, V1 := divideBy4(V1; p), β = β − 2 with RNS else if V3 ≡ 0 mod 2 then Current Work V3 − V3=2, V1 := divideBy2(V1; p), β = β − 1 References else 0 0 0 0 V3 − V3, V1 − V1, α − α, β − β if U3 + V3 ≡ 0 mod 4 then V3 − (V3 + U3)=4, V1 − divideBy4(V1 + U1; p) else V3 − (V3 − U3)=4, V1 − divideBy4(V1 − U1; p) if β < α then 0 0 0 0 U3 − V3 , U1 − V1 , α − β , β − α − 1 else β − β − 1 if U1 < 0 then U1 − U1 + p if U3 = 1 then return U1 else return p − U1 14/17 RNS for ECC Algorithm 4: RNS Plus Minus −! −! Karim Bigou Data: a ; p ; p > 2 with gcd(a; p) = 1 begin −! −! −! −! −! −! −! −! −! −! −! −! −! u1 − c , u3 − p · µ + c , v1 − µ + c , v3 − a · µ + c , α = β = 0 −! −! bv1 − 1, bu1 − 0, bu3 − p mod 4, bv3 − ComputeMod4(v3 ) −! −! −! −! −! −! −! −! −! −! −! −! Elliptic Curves while v3 6= µ + c and u3 6= µ + c and v3 6= − µ + c and u3 6= − µ + c do while bv3
Recommended publications
  • Eindhoven University of Technology BACHELOR Efficiency of RNS in CSIDH Performance Research in Post-Quantum Cryptography Dorenbo
    Eindhoven University of Technology BACHELOR Efficiency of RNS in CSIDH Performance Research In Post-Quantum Cryptography Dorenbos, H.M.R. Award date: 2019 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain Efficiency of RNS in CSIDH Performance Research In Post-Quantum Cryptography Author: H.M.R. Dorenbos Supervisor: T. Lange Co-Supervisor: L.S. Panny Eindhoven University of Technology Department of Mathematics and Computer Science January 27, 2019 Abstract The downfall of the internet approaches, because the strength of current asym- metric cryptographic algorithms will not last forever. Research to building quantum computers progresses, which will easily break all current asymmetric cryptographic algorithms. Therefore a new type of cryptographic algorithms is needed which do resist quantum computers but are still friendly to use by nor- mal computer systems, such cryptographic algorithms are called: post-quantum cryptography.
    [Show full text]
  • Modular Multiplication in the Residue Number System
    Modular Multiplication in the Residue Number System A DISSERTATION SUBMITTED TO THE SCHOOL OF ELECTRICAL AND ELECTRONIC ENGINEERING OF THE UNIVERSITY OF ADELAIDE BY Yinan KONG IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY July 2009 Declaration of Originality Name: Yinan KONG Program: Ph.D. This work contains no material which has been accepted for the award of any other degree or diploma in any university or other tertiary institution and, to the best of my knowledge and belief, contains no material previously published or written by another person, except where due reference has been made in the text. I give consent to this copy of my thesis, when deposited in the Univer- sity Library, being made available for loan and photocopying, subject to the provisions of the Copyright Act 1968. The author acknowledges that copyright of published works contained within this thesis (as listed below) resides with the copyright holder/s of those works. Signature: Date: i ii Acknowledgments My supervisor, Dr Braden Jace Phillips, is an extremely hard working and dedicated man. So, first and foremost, I would like to say “thank you” to him, for his critical guidance, constant sustainment and role modelling as a supervisor. It is my true luck that I have been able to work with him for these years. This has been a precious experience which deserves my cherish- ing throughout my whole life. I am also grateful to Associate Professor Cheng-Chew Lim and Dr Alison Wolff for their guidance through important learning phases of this complex technology.
    [Show full text]
  • Neural Network Method for Base Extension in Residue Number System
    Neural network method for base extension in residue number system M Babenko1, E Shiriaev1, A Tchernykh2,3,4, and E Golimblevskaia1 1North-Caucasus Federal University, Stavropol, Russia 2CICESE Research Center, Ensenada, BC, México 3South Ural State University, Chelyabinsk, Russia 4Ivannikov Institute for System Programming, Moscow, Russia E-mail: [email protected] Abstract. Confidential data security is associated with the cryptographic primitives, asymmetric encryption, elliptic curve cryptography, homomorphic encryption, cryptographic pseudorandom sequence generators based on an elliptic curve, etc. For their efficient implementation is often used Residue Number System that allows executing additions and multiplications on parallel computing channels without bit carrying between channels. A critical operation in Residue Number System implementations of asymmetric cryptosystems is base extension. It refers to the computing a residue in the extended moduli without the application of the traditional Chinese Remainder Theorem algorithm. In this work, we propose a new way to perform base extensions using a Neural Network of a final ring. We show that it reduces 11.7% of the computational cost, compared with state-of-the-art approaches. 1. Introduction Currently, many cryptosystems use Montgomery multiplication [1] and exponentiation by numbers with high resolution. Often, Redundant Residue Number Systems (RRNS) are used to implement this operation due to the possibility of parallelizing its arithmetic [2]. For scaling RNS operations, a base extension is required to obtain the new extended moduli system. This operation is the most computationally expensive since traditional methods of converting a number from RRNS to Weighted Number System (WNS) and calculating the Redundant Residue Number System (RRNS) with a new modulo base are used to perform it.
    [Show full text]
  • A Multi-Layer Recursive Residue Number System
    1 A Multi-layer Recursive Residue Number System Henk D.L. Hollmann, Ronald Rietman, Sebastiaan de Hoogh, Ludo M.G.M. Tolhuizen, Senior Member, IEEE, and Paul Gorissen Abstract—We present a method to increase the dynamical RNS is the Bajard-Imbert algorithm described in [7]. This is range of a Residue Number System (RNS) by adding virtual RNS a full RNS method, thus inherently carry-free. layers on top of the original RNS, where the required modular To meet the present-day or near-future security require- arithmetic for a modulus on any non-bottom layer is implemented by means of an RNS Montgomery multiplication algorithm that ments, moduli of 2048 or even 4096 bits in RSA are needed. uses the RNS on the layer below. As a result, the actual arithmetic To realize RNS systems with a dynamical range (the range of is deferred to the bottom layer. The multiplication algorithm values that the RNS can represent) that is sufficiently large that we use is based on an algorithm by Bajard and Imbert, to implement the Bajard-Imbert RNS algorithm for 2048-bits extended to work with pseudo-residues (remainders with a moduli, we would need rather large moduli, since there simply larger range than the modulus). The resulting Recursive Residue Number System (RRNS) can be used to implement modular are not enough small moduli available. For example, employ- addition, multiplication, and multiply-and-accumulate for very ing only 8-bit moduli, the largest attainable dynamical range large (2000+ bits) moduli, using only modular operations for is lcm(2, 3,..., 256), a 363-bits number.
    [Show full text]
  • Residue Number System
    RESIDUE NUMBER SYSTEM (introduction to hardware aspects) Dr. Danila Gorodecky [email protected] Terminology – Residue number system (RNS) (refers to Chinese remainder theorem) – Residue numeral system (RNS) – Modular arithmetic (MA) (refers to moduli – X (mod P) ) – Complete residue system – Clock arithmetic (refers to 12-hour arrow clock in which numbers "wrap around“ upon reaching the modulo) 2 Milestones – Chinese mathematician Sunzi Suanjing proposed a theorem (Chinese remainder theorem) in the 3rd century AD; – the theorem was generalized by Chinese mathematician Qin Jiushao in 1247; – first real implementation of the theorem by German mathematician Carl Gauss in 1801 "to find the years that have a certain period number with respect to the solar and lunar cycle and the Roman indiction“; – first implementation in computer science by Czechoslovakian engineer Miro Valach in 1955 “Origin of the code and number system of remainder classes”, Stroje Na ZpracovaniInformaci, vol. 3, Nakl. CSAV, Prague. Implementation of RNS – Processing of results of the Unified State Exam (utilized to entrance to University in Russia; – Digital filternig with finite impulse response (FIR-filtering); – Crypto system of Federal Reserve System of USA; – Air Defense System (USA, Russia); – cryptography in Space (Russia); – Space flight control (Russia) 4 Chinese remainder theorem Let’s p 1 , p 2 ,..., p n are positive integers (are often called as moduli) such, that greatest common divisor for a couple p i , p j equals ‘1’. yx1mod p1 yx2 mod p2 Then
    [Show full text]
  • A High-Speed Division Algorithm for Modular Numbers Based on the Chinese Remainder Theorem with Fractions and Its Hardware Implementation
    electronics Article A High-Speed Division Algorithm for Modular Numbers Based on the Chinese Remainder Theorem with Fractions and Its Hardware Implementation Nikolai Chervyakov, Pavel Lyakhov , Mikhail Babenko, Anton Nazarov, Maxim Deryabin *, Irina Lavrinenko and Anton Lavrinenko Department of Applied Mathematics and Mathematical Modeling, North-Caucasus Federal University, Stavropol 355009, Russia; [email protected] (N.C.); [email protected] (P.L.); [email protected] (M.B.); [email protected] (A.N.); [email protected] (I.L.); [email protected] (A.L.) * Correspondence: [email protected]; Tel.: +7-919-734-8307 Received: 29 January 2019; Accepted: 21 February 2019; Published: 27 February 2019 Abstract: In this paper, a new simplified iterative division algorithm for modular numbers that is optimized on the basis of the Chinese remainder theorem (CRT) with fractions is developed. It requires less computational resources than the CRT with integers and mixed radix number systems (MRNS). The main idea of the algorithm is (a) to transform the residual representation of the dividend and divisor into a weighted fixed-point code and (b) to find the higher power of 2 in the divisor written in a residue number system (RNS). This information is acquired using the CRT with fractions: higher power is defined by the number of zeros standing before the first significant digit. All intermediate calculations of the algorithm involve the operations of right shift and subtraction, which explains its good performance. Due to the abovementioned techniques, the algorithm has higher speed and consumes less computational resources, thereby being more appropriate for the multidigit division of modular numbers than the algorithms described earlier.
    [Show full text]
  • Hybrid Position-Residues Number System Karim Bigou, Arnaud Tisserand
    Hybrid Position-Residues Number System Karim Bigou, Arnaud Tisserand To cite this version: Karim Bigou, Arnaud Tisserand. Hybrid Position-Residues Number System. ARITH: 23rd Sympo- sium on Computer Arithmetic, Jul 2016, Santa Clara, CA, United States. hal-01314232 HAL Id: hal-01314232 https://hal.inria.fr/hal-01314232 Submitted on 18 Jul 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Copyright Hybrid Position-Residues Number System Karim Bigou 3;1 and Arnaud Tisserand 2;1 1IRISA, 2CNRS, 3University Rennes 1, INRIA Centre Rennes - Bretagne Atlantique 6 rue Kerampont, CS 80518, 22305 Lannion cedex, FRANCE f karim.bigou ; arnaud.tisserand [email protected] Abstract—We propose an hybrid representation of large in- cryptography are presented in Sections V and VI respectively. tegers, or prime field elements, combining both positional and Finally, Section VII concludes the paper. residue number systems (RNS). Our hybrid position-residues (HPR) number system mixes a high-radix positional represen- II. NOTATIONS AND DEFINITIONS tation and digits represented in RNS. RNS offers an important source of parallelism for addition, subtraction and multiplication The definitions and notations used in the paper are: operations.
    [Show full text]
  • Design of Reverse Converters for the Multi
    Louisiana State University LSU Digital Commons LSU Master's Theses Graduate School 2012 Design of reverse converters for the multi-moduli residue number systems with moduli of forms 2a, 2b - 1, 2c + 1 Naveen Kumar Samala Louisiana State University and Agricultural and Mechanical College Follow this and additional works at: https://digitalcommons.lsu.edu/gradschool_theses Part of the Electrical and Computer Engineering Commons Recommended Citation Samala, Naveen Kumar, "Design of reverse converters for the multi-moduli residue number systems with moduli of forms 2a, 2b - 1, 2c + 1" (2012). LSU Master's Theses. 1242. https://digitalcommons.lsu.edu/gradschool_theses/1242 This Thesis is brought to you for free and open access by the Graduate School at LSU Digital Commons. It has been accepted for inclusion in LSU Master's Theses by an authorized graduate school editor of LSU Digital Commons. For more information, please contact [email protected]. DESIGN OF REVERSE CONVERTERS FOR THE MULTI-MODULI RESIDUE NUMBER SYSTEMS WITH MODULI OF FORMS 2a, 2b – 1, 2c + 1 A Thesis Submitted to the Graduate Faculty of the Louisiana State University and Agricultural and Mechanical College in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering in The Department of Electrical Engineering and Computer Engineering by Naveen Kumar Samala Bachelor of Engineering (Electrical and Electronics) Osmania University, 2008 May 2012 ACKNOWLEDGEMENTS First and foremost I would like to offer my sincerest gratitude to my advisor, Dr. Alexander Skavantzos, for his constant support and guidance throughout my research with his patience and knowledge. I attribute the level of my Master’s degree to his encouragement and effort and without him this thesis, too, would not have been completed or written.
    [Show full text]
  • Improving Modular Inversion in RNS Using the Plus-Minus Method
    Improving Modular Inversion in RNS using the Plus-Minus Method Karim Bigou2;1 and Arnaud Tisserand3;1 1IRISA, 2INRIA Centre Rennes - Bretagne Atlantique, 3CNRS, University Rennes 1, 6 rue Kerampont, CS 80518, 22305 Lannion cedex, FRANCE [email protected], [email protected] Abstract. The paper describes a new RNS modular inversion algorithm based on the extended Euclidean algorithm and the plus-minus trick. In our algorithm, comparisons over large RNS values are replaced by cheap computations modulo 4. Comparisons to an RNS version based on Fer- mat's little theorem were carried out. The number of elementary modular operations is significantly reduced: a factor 12 to 26 for multiplications and 6 to 21 for additions. Virtex 5 FPGAs implementations show that for a similar area, our plus-minus RNS modular inversion is 6 to 10 times faster. Keywords: Residue Number System, Modular Representation, Extended Euclidean Algorithm, Hardware Implementation, ECC, RSA 1 Introduction The residue number system (RNS), or modular representation, has been pro- posed by Svoboda and Valach in 1955 [31] and independently by Garner in 1959 [13]. It uses a base of coprime moduli (m1; m2; : : : ; mn) to split an integer X into small integers (x1; x2; : : : ; xn) where xi is the residue xi = X mod mi. Standard representation to RNS conversion is straightforward. Reverse conver- sion is complex and uses the Chinese remainder theorem (CRT). Addition, subtraction and multiplication in RNS are very efficient. They work on residues in parallel, and independently without carry propagation between them, instead of directly with the complete number. These natural parallelism and carry-free properties speed up those operations and provide a high level of design modularity and scalability.
    [Show full text]
  • Residue Number Systems: a Survey
    Downloaded from orbit.dtu.dk on: Oct 05, 2021 Residue Number Systems: a Survey Nannarelli, Alberto; Re, Marco Publication date: 2008 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Nannarelli, A., & Re, M. (2008). Residue Number Systems: a Survey. Technical University of Denmark, DTU Informatics, Building 321. D T U Compute. Technical Report No. 2008-04 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. IMM-Technical Report-2008-04 Residue Number Systems: a Survey Alberto Nannarelli(1), Marco Re(2) (1)DTU Informatics Technical University of Denmark Kongens Lyngby, Denmark Email: [email protected] (2)Department of Electronic Engineering University of Rome Tor Vergata, Rome, Italy Email: [email protected] May 30, 2008 Contents ListofFigures ................................ iii ListofTables................................. v ListofAbbreviations............................. vi 1 Introduction 1 1.1 HistoryofResidueNumberSystem . 2 1.2 BasicTheoryofResidueNumberSystem . 3 1.2.1 TheIsomorphismTechnique.
    [Show full text]
  • Same Bit-Size Moduli Formation of Residue Number System for Application in Asymmetric Cryptography
    Same Bit-Size Moduli Formation of Residue Number System for Application in Asymmetric Cryptography Mykhailo Kasianchuka, Ihor Yakymenkoa, Vasyl Yatskiva, Stepan Ivasieva and Andriy Sverstiukb a West Ukrainian National University, 11 Lvivska str., Ternopil, 46009, Ukraine b I. Gorbachevsky Ternopil National Medical University, 1 Maidan Voli, Ternopil, 46001,Ukraine Abstract This paper presents three methods (factorization, exhaustive search and replacement) of four equal bit size moduli sets formation in a residue number system modified perfect form. This allows using the bit grid registers more efficiently. Such problem is relevant for asymmetric cryptography and noise-protected coding algorithms. The theoretical bases of residue number system, its perfect and modified perfect forms are considered, their advantages and disadvantages are defined. It is shown that the most commonly used moduli in the form of power of two, Mersenne numbers and Fermat numbers require searching for the inverse element and multiplying by it, which makes it difficult to recover a decimal number from its residues using the Chinese remainder theorem. A modified perfect form of the residue number system simplifies this procedure. The graphical dependency of the fourth modulo on two prior ones with one known modulo is presented. Different bit sizes of moduli sets are considered. It is shown that in sets of four modulo with the same bit size in a modified perfect form of residue number system, the first and fourth moduli are negative, second and third are positive. Keywords 1 Residue number system, modified perfect form, computing range, modulo system, speed, asymmetric cryptography. 1. Introduction Nowadays the rapid progress in the information technology area, in particular in mission-critical applications, leads to the new demands for improved reliability, performance and productivity of various computing systems [1].
    [Show full text]
  • Improved Sum of Residues Modular Multiplication Algorithm
    cryptography Article Improved Sum of Residues Modular Multiplication Algorithm Mohamad Ali Mehrabi Department of Computing, Macquarie University, Sydney 2109, Australia; [email protected] Received: 26 April 2019; Accepted: 27 May 2019; Published: 29 May 2019 Abstract: Modular reduction of large values is a core operation in most common public-key cryptosystems that involves intensive computations in finite fields. Within such schemes, efficiency is a critical issue for the effectiveness of practical implementation of modular reduction. Recently, Residue Number Systems have drawn attention in cryptography application as they provide a good means for extreme long integer arithmetic and their carry-free operations make parallel implementation feasible. In this paper, we present an algorithm to calculate the precise value of “X mod p ”directly in the RNS representation of an integer. The pipe-lined, non-pipe-lined, and parallel hardware architectures are proposed and implemented on XILINX FPGAs. Keywords: modular reduction; modular multiplication; residue number systems (RNS); Elliptic Curve Cryptography (ECC); sum of residues (SOR) reduction; montgomery modular reduction (MMR) 1. Introduction The residue number system (RNS) has been proposed by Svoboda and Valach in 1955 [1] and independently by Garner in 1959 [2]. It uses a base of co-prime moduli fm1, m2, ··· , mNg to split an integer X into small integers fx1, x2, ··· , xNg where xi is the residue of X divided by mi denoted as x = X mod m or simply x = hXi . i i i mi Conversion to RNS is straightforward. Reverse conversion is complex and uses the Chinese Remainder Theorem (CRT) [3]. Addition, subtraction, and multiplication in RNS are very efficient.
    [Show full text]