DOCSLIB.ORG

Hybrid Position-Residues Number System Karim Bigou, Arnaud Tisserand

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hybrid Position-Residues Number System Karim Bigou, Arnaud Tisserand Hybrid Position-Residues Number System Karim Bigou, Arnaud Tisserand To cite this version: Karim Bigou, Arnaud Tisserand. Hybrid Position-Residues Number System. ARITH: 23rd Sympo- sium on Computer Arithmetic, Jul 2016, Santa Clara, CA, United States. hal-01314232 HAL Id: hal-01314232 https://hal.inria.fr/hal-01314232 Submitted on 18 Jul 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Copyright Hybrid Position-Residues Number System Karim Bigou 3;1 and Arnaud Tisserand 2;1 1IRISA, 2CNRS, 3University Rennes 1, INRIA Centre Rennes - Bretagne Atlantique 6 rue Kerampont, CS 80518, 22305 Lannion cedex, FRANCE f karim.bigou ; arnaud.tisserand [email protected] Abstract—We propose an hybrid representation of large in- cryptography are presented in Sections V and VI respectively. tegers, or prime field elements, combining both positional and Finally, Section VII concludes the paper. residue number systems (RNS). Our hybrid position-residues (HPR) number system mixes a high-radix positional represen- II. NOTATIONS AND DEFINITIONS tation and digits represented in RNS. RNS offers an important source of parallelism for addition, subtraction and multiplication The definitions and notations used in the paper are: operations. But, due to its non-positional property, it makes • Capital letters, e.g. X, denote large integers or field comparisons and modular reductions more costly than in a positional number system. HPR offers various trade-offs between elements of ` bits (in our applications ` > 100) internal parallelism and the efficiency of operations requiring po- • jXjP is X mod P sition information. Our current application domain is asymmetric • B = (m1; : : : ; mn) is an RNS base composed of n cryptography where HPR significantly reduces the cost of some moduli where all mi are pairwise co-primes of w bits modular operations compared to state-of-the-art RNS solutions. • hXi represents X in the RNS base B and defined by: Index Terms—number representation; large integer; finite field; modular arithmetic; residue number system. hXi = (x1; : : : ; xn) where xi = jXjmi (1) Qn M • M = i=1 mi and Mi = m I. INTRODUCTION i • EMM a w-bit elementary modular multiplication jxi ·yijmi In computer arithmetic, representations of numbers strongly used as complexity unit for cost analysis as in all works impact algorithms and implementations performances for basic of the literature operations. Redundant number systems (see for instance [1]) • n = d`=we, i.e. the minimal number of moduli to allow limited carry propagations during additions, and then represent an `-bit value fully parallel addition. Logarithmic number system (LNS, • the word “base” is used in the RNS context see for instance [2]) swaps the cost of addition/subtraction • the word “radix” is used in the positional context by the cost of multiplication/division, but it still leads to • LSD/MSD denote least/most significant digit a large cost difference between these two operations cate- We will use two or three small RNS bases denoted gories. Furthermore LNS is difficult to use in asymmetric Ba; Bb; etc. In Ba, composed of na < n moduli (w-bit cryptography applications with large numbers. Residue num- integers), X is represented by hXia. Same notations apply ber system internal (RNS, see for instance [3], [4]) allows for the other bases. The base concatenation is denoted Bajb parallelism for both addition/subtraction and multiplication. and hXiajb is the RNS representation of X using na + nb Then RNS is commonly used in asymmetric cryptography moduli. (see for instance [5], [6], [7], [8], [9], [10]). But RNS is a non-positional representation with reduced efficiency for III. STATE-OF-THE-ART comparisons, modular reductions and modular multiplications. A. Residue Number System (RNS) We propose a new number system, denoted hybrid position- residues (HPR) number system for large integers and prime The RNS representation, proposed in the late 50s in [3], [4], is increasingly used for large modular arithmetic compu- field elements (Fp). HPR “mixes” a high-radix positional representation of numbers and RNS digits. It can be seen tations and asymmetric cryptography implementations, see for as a sort of compromise between a positional representation instance [11], [12], [13], [9], [14], [10], [8]. and RNS. Our hybrid number system offers a good level of The integers X and Y are represented in the RNS base B by internal parallelism for addition, subtraction and multiplication hXi and hY i. Multiplications, additions and subtractions are operations (even if it is slightly reduced compared to standard very efficient and natural in RNS. If one wants to perform the RNS). But it also allows much more efficient comparisons, operation in RNS, with 2 f+; −; ×}, one just computes modular reductions and modular multiplications due to the in parallel over the moduli: available position information in the representation. hXi hY i = jx1 y1jm ;:::; jxn ynjm : (2) After the presentation of notations and definitions in Sec- 1 n tion II, Section III briefly presents the state-of-the-art. Our Computations are performed independently on each modulo HPR number system is detailed in Section IV. Applications mi without carry propagation. RNS multiplication requires n to modular multiplication and exponentiation for asymmetric independent EMMs. Moreover, if Z is an integer coprime with all mi, then exact division by Z is computed by multiplying Using the optimization from [10], the RNS-MR total cost is −1 −1 −1 2 by hZ i = jZ jm1 ;:::; jZ jmn . 2 na nb + na + nb = 2 n + 2 n EMMs. We assume 0 6 X < M to be able to convert back using In RNS, the modular multiplication (RNS-MM) is com- the CRT (Chinese remainder theorem) formula: posed of a simple RNS multiplication, on both bases, followed 2 n by a RNS-MR and costs 2 n + 4 n EMMs. X −1 X = jXjM = xi · M × Mi : i mi D. Close and Related Representations i=1 M The mixed-radix system (MRS [4]) uses, as RNS, a base of An important consequence of the CRT is that each RNS moduli to represent integers but is a positional representation operation performed in base B is automatically reduced mod- with very limited internal parallelism compared to RNS. ulo M. As described in Sec. III-C, it is used to compute The polynomial RNS (PRNS [20]) uses small polynomials modular reduction in state-of-the-art. for the moduli instead of integers, and as RNS is a non- However, RNS is a non-positional representation: com- positional representation. parisons, general divisions and modular reductions are much In the standard radix-2 positional representation, the use of harder than multiplications in RNS (for instance see [15]). Mersenne and pseudo-Mersenne primes significantly reduces B. RNS Base Extension the cost of modular reductions. The representation proposed In order to compute more complex operations like RNS in [21] generalizes the idea of pseudo-Mersenne primes for modular reduction, the base extension (BE) has been pro- any radix but not in the RNS context. Recently, [13] proposes an equivalent to pseudo-Mersenne primes in RNS where the posed in [15]. BE converts hXia into hXib, avoiding costly conversions to the classical representation. In this paper, we RNS-MR cost is more or less divided by 2. consider only the BE algorithm from [6], which is used IV. PRESENTATION OF THE HPR NUMBER SYSTEM in state-of-the-art implementations due to its high level of A. Definition and Properties parallelism. Nonetheless, our propositions are independent of the choice of the BE algorithm, one can choose an- In this section, we define our hybrid position-residues other algorithm such as [16], [17]. The principle of the BE (HPR) representation and describe its properties. The main proposed in [6] is to approximate q in the CRT formula, idea is to define a representation which makes a link between Pna −1 RNS and the standard positional representation. On the one X = i=1 xa;i · Ma;i Ma;i − q Ma where the com- ma;i hand RNS representation is very efficient for some operations, putations are performed modulo each m . The result of this b;i as multiplications, but is not for some others as comparisons. approximated conversion is either hXi or hX + M i but b a b On the other hand, a positional number system allows cheaper this is easily managed in state-of-the-art implementations (see comparisons but more costly multiplications than RNS. details in [6]). This algorithm requires (n n + n ) EMMs. a b a Definition 1 (Hybrid Position-Residues Number System C. RNS Modular Reduction and Multiplication (HPR)): Let us assume two coprime RNS bases Ba and Qna−1 ∗ The state-of-the-art RNS modular reduction (RNS-MR) for Bb with Ma = i=0 ma;i, the degree d 2 N , a generic modulus, proposed in [18] (and optimized in [5], βmin and βmax 2 R such that βmax − βmin > 1 and [6], [10]), is based on the Montgomery modular reduction [19] βmax + βmin > 0. The integer X is represented in HPR, (initially proposed for radix-2). with parameters (Ba; Bb; βmin; βmax), in a high-radix Ma To perform all required operations in the Montgomery positional representation by reduction, one needs two bases: Ba for computing modulo X = hX i ;:::; hX i HPR d−1 ajb 0 ajb HPR Ma; and Bb for dividing by Ma (which is not possible in Ba).
Load more

Recommended publications
  • Eindhoven University of Technology BACHELOR Efficiency of RNS in CSIDH Performance Research in Post-Quantum Cryptography Dorenbo
    Eindhoven University of Technology BACHELOR Efficiency of RNS in CSIDH Performance Research In Post-Quantum Cryptography Dorenbos, H.M.R. Award date: 2019 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain Efficiency of RNS in CSIDH Performance Research In Post-Quantum Cryptography Author: H.M.R. Dorenbos Supervisor: T. Lange Co-Supervisor: L.S. Panny Eindhoven University of Technology Department of Mathematics and Computer Science January 27, 2019 Abstract The downfall of the internet approaches, because the strength of current asym- metric cryptographic algorithms will not last forever. Research to building quantum computers progresses, which will easily break all current asymmetric cryptographic algorithms. Therefore a new type of cryptographic algorithms is needed which do resist quantum computers but are still friendly to use by nor- mal computer systems, such cryptographic algorithms are called: post-quantum cryptography.
    [Show full text]
  • Modular Multiplication in the Residue Number System
    Modular Multiplication in the Residue Number System A DISSERTATION SUBMITTED TO THE SCHOOL OF ELECTRICAL AND ELECTRONIC ENGINEERING OF THE UNIVERSITY OF ADELAIDE BY Yinan KONG IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY July 2009 Declaration of Originality Name: Yinan KONG Program: Ph.D. This work contains no material which has been accepted for the award of any other degree or diploma in any university or other tertiary institution and, to the best of my knowledge and belief, contains no material previously published or written by another person, except where due reference has been made in the text. I give consent to this copy of my thesis, when deposited in the Univer- sity Library, being made available for loan and photocopying, subject to the provisions of the Copyright Act 1968. The author acknowledges that copyright of published works contained within this thesis (as listed below) resides with the copyright holder/s of those works. Signature: Date: i ii Acknowledgments My supervisor, Dr Braden Jace Phillips, is an extremely hard working and dedicated man. So, first and foremost, I would like to say “thank you” to him, for his critical guidance, constant sustainment and role modelling as a supervisor. It is my true luck that I have been able to work with him for these years. This has been a precious experience which deserves my cherish- ing throughout my whole life. I am also grateful to Associate Professor Cheng-Chew Lim and Dr Alison Wolff for their guidance through important learning phases of this complex technology.
    [Show full text]
  • Neural Network Method for Base Extension in Residue Number System
    Neural network method for base extension in residue number system M Babenko1, E Shiriaev1, A Tchernykh2,3,4, and E Golimblevskaia1 1North-Caucasus Federal University, Stavropol, Russia 2CICESE Research Center, Ensenada, BC, México 3South Ural State University, Chelyabinsk, Russia 4Ivannikov Institute for System Programming, Moscow, Russia E-mail: [email protected] Abstract. Confidential data security is associated with the cryptographic primitives, asymmetric encryption, elliptic curve cryptography, homomorphic encryption, cryptographic pseudorandom sequence generators based on an elliptic curve, etc. For their efficient implementation is often used Residue Number System that allows executing additions and multiplications on parallel computing channels without bit carrying between channels. A critical operation in Residue Number System implementations of asymmetric cryptosystems is base extension. It refers to the computing a residue in the extended moduli without the application of the traditional Chinese Remainder Theorem algorithm. In this work, we propose a new way to perform base extensions using a Neural Network of a final ring. We show that it reduces 11.7% of the computational cost, compared with state-of-the-art approaches. 1. Introduction Currently, many cryptosystems use Montgomery multiplication [1] and exponentiation by numbers with high resolution. Often, Redundant Residue Number Systems (RRNS) are used to implement this operation due to the possibility of parallelizing its arithmetic [2]. For scaling RNS operations, a base extension is required to obtain the new extended moduli system. This operation is the most computationally expensive since traditional methods of converting a number from RRNS to Weighted Number System (WNS) and calculating the Redundant Residue Number System (RRNS) with a new modulo base are used to perform it.
    [Show full text]
  • A Multi-Layer Recursive Residue Number System
    1 A Multi-layer Recursive Residue Number System Henk D.L. Hollmann, Ronald Rietman, Sebastiaan de Hoogh, Ludo M.G.M. Tolhuizen, Senior Member, IEEE, and Paul Gorissen Abstract—We present a method to increase the dynamical RNS is the Bajard-Imbert algorithm described in [7]. This is range of a Residue Number System (RNS) by adding virtual RNS a full RNS method, thus inherently carry-free. layers on top of the original RNS, where the required modular To meet the present-day or near-future security require- arithmetic for a modulus on any non-bottom layer is implemented by means of an RNS Montgomery multiplication algorithm that ments, moduli of 2048 or even 4096 bits in RSA are needed. uses the RNS on the layer below. As a result, the actual arithmetic To realize RNS systems with a dynamical range (the range of is deferred to the bottom layer. The multiplication algorithm values that the RNS can represent) that is sufficiently large that we use is based on an algorithm by Bajard and Imbert, to implement the Bajard-Imbert RNS algorithm for 2048-bits extended to work with pseudo-residues (remainders with a moduli, we would need rather large moduli, since there simply larger range than the modulus). The resulting Recursive Residue Number System (RRNS) can be used to implement modular are not enough small moduli available. For example, employ- addition, multiplication, and multiply-and-accumulate for very ing only 8-bit moduli, the largest attainable dynamical range large (2000+ bits) moduli, using only modular operations for is lcm(2, 3,..., 256), a 363-bits number.
    [Show full text]
  • Use of Residue Number System for ECC Residue Number System
    RNS for ECC Karim Bigou Elliptic Curves Use of Residue Number System for ECC Residue Number System Modular Arithmetic Karim Bigou with RNS Current Work INRIA DGA IRISA CAIRN References Journ´eesC2 2012: 8 au 12 octobre 1/17 RNS for ECC Karim Bigou Context and Objectives Elliptic Curves Residue Number System • Elliptic Curve Cryptography (ECC) over Fp Modular Arithmetic with RNS • Residue Number System (RNS) −! high performances Current Work References • Efficient implementation by N. Guillermin in [2] on FPGA • My Ph. D. objectives • Speed (parallelism) • Protections against some side-channel attacks (randomization) 2/17 RNS for ECC Karim Bigou Elliptic Curve Cryptography Elliptic Curves • Elliptic curve E over Fp (p prime, 160-500 bits) : Residue Number 2 3 System y = x + a x + b Modular Arithmetic 3 2 with RNS with −16(4a + 27b ) 6= 0 mod p Current Work References 2 3 Figure: y = x + 4x + 20 over F1009 3/17 RNS for ECC Karim Bigou • A group law + is defined over E: the chord-and-tangent Elliptic Curves rule Residue Number System Modular • Scalar multiplication: [k]P = P + P + ::: + P Arithmetic | {z } with RNS k times Current Work References • Knowing P and [k]P, k cannot be recovered (ECDLP) • [k]P must be fast and robust • Required many operations at field level: +; −; × and inversions 4/17 −!x : 20 { 40 mod m1 mod m2 mod m3 mod mn ··· + − × = + − × = + − × = + − × = • RNS Base: (m1;:::; mn) co-primes Qn −! • If 0 6 x < i=1 mi then x is determined by −! x = (x1;:::; xn) = (x mod m1;:::; x mod mn) • Carry-free between blocks • Fast Parallel
    [Show full text]
  • Residue Number System
    RESIDUE NUMBER SYSTEM (introduction to hardware aspects) Dr. Danila Gorodecky [email protected] Terminology – Residue number system (RNS) (refers to Chinese remainder theorem) – Residue numeral system (RNS) – Modular arithmetic (MA) (refers to moduli – X (mod P) ) – Complete residue system – Clock arithmetic (refers to 12-hour arrow clock in which numbers "wrap around“ upon reaching the modulo) 2 Milestones – Chinese mathematician Sunzi Suanjing proposed a theorem (Chinese remainder theorem) in the 3rd century AD; – the theorem was generalized by Chinese mathematician Qin Jiushao in 1247; – first real implementation of the theorem by German mathematician Carl Gauss in 1801 "to find the years that have a certain period number with respect to the solar and lunar cycle and the Roman indiction“; – first implementation in computer science by Czechoslovakian engineer Miro Valach in 1955 “Origin of the code and number system of remainder classes”, Stroje Na ZpracovaniInformaci, vol. 3, Nakl. CSAV, Prague. Implementation of RNS – Processing of results of the Unified State Exam (utilized to entrance to University in Russia; – Digital filternig with finite impulse response (FIR-filtering); – Crypto system of Federal Reserve System of USA; – Air Defense System (USA, Russia); – cryptography in Space (Russia); – Space flight control (Russia) 4 Chinese remainder theorem Let’s p 1 , p 2 ,..., p n are positive integers (are often called as moduli) such, that greatest common divisor for a couple p i , p j equals ‘1’. yx1mod p1 yx2 mod p2 Then
    [Show full text]
  • A High-Speed Division Algorithm for Modular Numbers Based on the Chinese Remainder Theorem with Fractions and Its Hardware Implementation
    electronics Article A High-Speed Division Algorithm for Modular Numbers Based on the Chinese Remainder Theorem with Fractions and Its Hardware Implementation Nikolai Chervyakov, Pavel Lyakhov , Mikhail Babenko, Anton Nazarov, Maxim Deryabin *, Irina Lavrinenko and Anton Lavrinenko Department of Applied Mathematics and Mathematical Modeling, North-Caucasus Federal University, Stavropol 355009, Russia; [email protected] (N.C.); [email protected] (P.L.); [email protected] (M.B.); [email protected] (A.N.); [email protected] (I.L.); [email protected] (A.L.) * Correspondence: [email protected]; Tel.: +7-919-734-8307 Received: 29 January 2019; Accepted: 21 February 2019; Published: 27 February 2019 Abstract: In this paper, a new simplified iterative division algorithm for modular numbers that is optimized on the basis of the Chinese remainder theorem (CRT) with fractions is developed. It requires less computational resources than the CRT with integers and mixed radix number systems (MRNS). The main idea of the algorithm is (a) to transform the residual representation of the dividend and divisor into a weighted fixed-point code and (b) to find the higher power of 2 in the divisor written in a residue number system (RNS). This information is acquired using the CRT with fractions: higher power is defined by the number of zeros standing before the first significant digit. All intermediate calculations of the algorithm involve the operations of right shift and subtraction, which explains its good performance. Due to the abovementioned techniques, the algorithm has higher speed and consumes less computational resources, thereby being more appropriate for the multidigit division of modular numbers than the algorithms described earlier.
    [Show full text]
  • Design of Reverse Converters for the Multi
    Louisiana State University LSU Digital Commons LSU Master's Theses Graduate School 2012 Design of reverse converters for the multi-moduli residue number systems with moduli of forms 2a, 2b - 1, 2c + 1 Naveen Kumar Samala Louisiana State University and Agricultural and Mechanical College Follow this and additional works at: https://digitalcommons.lsu.edu/gradschool_theses Part of the Electrical and Computer Engineering Commons Recommended Citation Samala, Naveen Kumar, "Design of reverse converters for the multi-moduli residue number systems with moduli of forms 2a, 2b - 1, 2c + 1" (2012). LSU Master's Theses. 1242. https://digitalcommons.lsu.edu/gradschool_theses/1242 This Thesis is brought to you for free and open access by the Graduate School at LSU Digital Commons. It has been accepted for inclusion in LSU Master's Theses by an authorized graduate school editor of LSU Digital Commons. For more information, please contact [email protected]. DESIGN OF REVERSE CONVERTERS FOR THE MULTI-MODULI RESIDUE NUMBER SYSTEMS WITH MODULI OF FORMS 2a, 2b – 1, 2c + 1 A Thesis Submitted to the Graduate Faculty of the Louisiana State University and Agricultural and Mechanical College in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering in The Department of Electrical Engineering and Computer Engineering by Naveen Kumar Samala Bachelor of Engineering (Electrical and Electronics) Osmania University, 2008 May 2012 ACKNOWLEDGEMENTS First and foremost I would like to offer my sincerest gratitude to my advisor, Dr. Alexander Skavantzos, for his constant support and guidance throughout my research with his patience and knowledge. I attribute the level of my Master’s degree to his encouragement and effort and without him this thesis, too, would not have been completed or written.
    [Show full text]
  • Improving Modular Inversion in RNS Using the Plus-Minus Method
    Improving Modular Inversion in RNS using the Plus-Minus Method Karim Bigou2;1 and Arnaud Tisserand3;1 1IRISA, 2INRIA Centre Rennes - Bretagne Atlantique, 3CNRS, University Rennes 1, 6 rue Kerampont, CS 80518, 22305 Lannion cedex, FRANCE [email protected], [email protected] Abstract. The paper describes a new RNS modular inversion algorithm based on the extended Euclidean algorithm and the plus-minus trick. In our algorithm, comparisons over large RNS values are replaced by cheap computations modulo 4. Comparisons to an RNS version based on Fer- mat's little theorem were carried out. The number of elementary modular operations is significantly reduced: a factor 12 to 26 for multiplications and 6 to 21 for additions. Virtex 5 FPGAs implementations show that for a similar area, our plus-minus RNS modular inversion is 6 to 10 times faster. Keywords: Residue Number System, Modular Representation, Extended Euclidean Algorithm, Hardware Implementation, ECC, RSA 1 Introduction The residue number system (RNS), or modular representation, has been pro- posed by Svoboda and Valach in 1955 [31] and independently by Garner in 1959 [13]. It uses a base of coprime moduli (m1; m2; : : : ; mn) to split an integer X into small integers (x1; x2; : : : ; xn) where xi is the residue xi = X mod mi. Standard representation to RNS conversion is straightforward. Reverse conver- sion is complex and uses the Chinese remainder theorem (CRT). Addition, subtraction and multiplication in RNS are very efficient. They work on residues in parallel, and independently without carry propagation between them, instead of directly with the complete number. These natural parallelism and carry-free properties speed up those operations and provide a high level of design modularity and scalability.
    [Show full text]
  • Residue Number Systems: a Survey
    Downloaded from orbit.dtu.dk on: Oct 05, 2021 Residue Number Systems: a Survey Nannarelli, Alberto; Re, Marco Publication date: 2008 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Nannarelli, A., & Re, M. (2008). Residue Number Systems: a Survey. Technical University of Denmark, DTU Informatics, Building 321. D T U Compute. Technical Report No. 2008-04 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. IMM-Technical Report-2008-04 Residue Number Systems: a Survey Alberto Nannarelli(1), Marco Re(2) (1)DTU Informatics Technical University of Denmark Kongens Lyngby, Denmark Email: [email protected] (2)Department of Electronic Engineering University of Rome Tor Vergata, Rome, Italy Email: [email protected] May 30, 2008 Contents ListofFigures ................................ iii ListofTables................................. v ListofAbbreviations............................. vi 1 Introduction 1 1.1 HistoryofResidueNumberSystem . 2 1.2 BasicTheoryofResidueNumberSystem . 3 1.2.1 TheIsomorphismTechnique.
    [Show full text]
  • Same Bit-Size Moduli Formation of Residue Number System for Application in Asymmetric Cryptography
    Same Bit-Size Moduli Formation of Residue Number System for Application in Asymmetric Cryptography Mykhailo Kasianchuka, Ihor Yakymenkoa, Vasyl Yatskiva, Stepan Ivasieva and Andriy Sverstiukb a West Ukrainian National University, 11 Lvivska str., Ternopil, 46009, Ukraine b I. Gorbachevsky Ternopil National Medical University, 1 Maidan Voli, Ternopil, 46001,Ukraine Abstract This paper presents three methods (factorization, exhaustive search and replacement) of four equal bit size moduli sets formation in a residue number system modified perfect form. This allows using the bit grid registers more efficiently. Such problem is relevant for asymmetric cryptography and noise-protected coding algorithms. The theoretical bases of residue number system, its perfect and modified perfect forms are considered, their advantages and disadvantages are defined. It is shown that the most commonly used moduli in the form of power of two, Mersenne numbers and Fermat numbers require searching for the inverse element and multiplying by it, which makes it difficult to recover a decimal number from its residues using the Chinese remainder theorem. A modified perfect form of the residue number system simplifies this procedure. The graphical dependency of the fourth modulo on two prior ones with one known modulo is presented. Different bit sizes of moduli sets are considered. It is shown that in sets of four modulo with the same bit size in a modified perfect form of residue number system, the first and fourth moduli are negative, second and third are positive. Keywords 1 Residue number system, modified perfect form, computing range, modulo system, speed, asymmetric cryptography. 1. Introduction Nowadays the rapid progress in the information technology area, in particular in mission-critical applications, leads to the new demands for improved reliability, performance and productivity of various computing systems [1].
    [Show full text]
  • Improved Sum of Residues Modular Multiplication Algorithm
    cryptography Article Improved Sum of Residues Modular Multiplication Algorithm Mohamad Ali Mehrabi Department of Computing, Macquarie University, Sydney 2109, Australia; [email protected] Received: 26 April 2019; Accepted: 27 May 2019; Published: 29 May 2019 Abstract: Modular reduction of large values is a core operation in most common public-key cryptosystems that involves intensive computations in finite fields. Within such schemes, efficiency is a critical issue for the effectiveness of practical implementation of modular reduction. Recently, Residue Number Systems have drawn attention in cryptography application as they provide a good means for extreme long integer arithmetic and their carry-free operations make parallel implementation feasible. In this paper, we present an algorithm to calculate the precise value of “X mod p ”directly in the RNS representation of an integer. The pipe-lined, non-pipe-lined, and parallel hardware architectures are proposed and implemented on XILINX FPGAs. Keywords: modular reduction; modular multiplication; residue number systems (RNS); Elliptic Curve Cryptography (ECC); sum of residues (SOR) reduction; montgomery modular reduction (MMR) 1. Introduction The residue number system (RNS) has been proposed by Svoboda and Valach in 1955 [1] and independently by Garner in 1959 [2]. It uses a base of co-prime moduli fm1, m2, ··· , mNg to split an integer X into small integers fx1, x2, ··· , xNg where xi is the residue of X divided by mi denoted as x = X mod m or simply x = hXi . i i i mi Conversion to RNS is straightforward. Reverse conversion is complex and uses the Chinese Remainder Theorem (CRT) [3]. Addition, subtraction, and multiplication in RNS are very efficient.
    [Show full text]