• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.3C
• /
• pp.256-262
• /
• 2002

This paper presents a novel radix-4 modular multiplication algorithm based on the sign estimation technique (3). The sign estimation technique detects the sign of a number represented in the form of a carry-sum pair. It can be implemented with 5-bit carry look-ahead adder. The hardware speed of the cryptosystem is dependent on the performance modular multiplication of large numbers. Our algorithm requires only (n/2+3) clock cycle for n bit modulus in performing modular multiplication. Our algorithm out-performs existing algorithm in terms of required clock cycles by a half, It is efficient for modular exponentiation with large modulus used in RSA cryptosystem. Also, we use high-speed adder (7) instead of CPA (Carry Propagation Adder) for modular multiplication hardware performance in fecal stage of CSA (Carry Save Adder) output. We apply RL (Right-and-Left) binary method for modular exponentiation because the number of clock cycles required to complete the modular exponentiation takes n cycles. Thus, One 1024-bit RSA operation can be done after n(n/2+3) clock cycles.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.22 no.5
• /
• pp.1036-1044
• /
• 1997

We modify the montgomery modeular multikplication to extract the common parts in common-multiplicand multi-plications. Since the modified method computes the common parts in two modular multiplications once rather than twice, it can speed up the exponentiations and reduce the amount of storage tables in m-ary or windowexponentiation. It can be also applied to an exponentiation mehod by folding the exponent in half. This method is well-suited to the memory limited environments such as IC card due to its speed and requirement of small memory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.39-52
• /
• 1998

본 논문에서는 모듈러 지수승시에 요구되는 모듈러 곱셈의 반복 횟수를 줄이기 위해 SM(m)기법을 제안하며 지수를 SM(m)표현과 시스톨릭 SM(m) 표현으로 변환한다.그리고 변환된 스스톨릭 SM(m) 표현으로부터 모듈러 지수연산을 위한 선형시스톨릭 어레이를 제시한다. 제안된 기법은 기존의 방법보다 소프트웨어로 구현시에 선 계산기에 필요한 기업 장소의 크기를 줄였으며, 선형 시스톨릭 어레이로 구현시에 기존의 방법들보다 처리기의 개수를 감소시키며, 처리기내에 필요한 기억 장소의 크기를 줄였다. 수정된 부호화 디지트 기법과 비교하면 처리기의 개수를 24%정도 줄일 수 있다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.575-577
• /
• 2017

In public key cryptography such as RSA, modular exponentiation is the most time-consuming operation. RSA's modular exponentiation can be computed by repeated modular multiplication. To attain high efficiency for RSA, fast modular multiplication algorithms have been proposed to speed up decryption/encryption. Montgomery multiplication is limited by the carry propagation delay from the addition of long operands. In this paper, we propose a hardware structure that reduces the area of the Montgomery multiplication implementation for lightweight applications of RSA. Experimental results showed that the new design can achieve higher performance and reduce hardware area. A frequency of 884.9MHz and 250MHz were achieved with 84K and 56K gates respectively using the 90nm technology.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.173-182
• /
• 1995

모듈라 멱승(modular exponentiation) 연산은 암호학에서 기본적이고 중요한 연산이다. 그러나, 이는 다정도 정수(multiple precision integer)들을 다루기 때문에 그 연산시 간이 무척 많이 걸리므로 이를 단축시킬 필요가 있다. 모듈라 멱승 연산은 모듈라 곱셈(modular multiplication)의 반복으로서, 전체 연산시간을 단축시키기 위해서는 모듈라 곱셈의 수행시간을 단축시키거나, 모듈라 곱셈의 반복횟수를 줄이는 것이 필요하다. 본 논문에서는 모듈라 곱셈을 빠르게 수행하기 위한 알고리즘 두 개를 제안한다. 하나는 서로 다른 두 수의 모듈라 곱셈 알고리즘이고, 다른 하나는 모듈라 제곱을 빠르게 수행하는 알고리즘이다. 이 둘은 기존의 모듈라 곱셈 알고리즘들에 비해 각각 절반과, l/3가량의 단정도 곱셈(single-precision multiplication)만을 필요로 한다. 실제로 PC상에서 구현한 결과 각각 100%와 30%의 속도향상을 보인다.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.4
• /
• pp.123-129
• /
• 2013

The performance and practicality of cryptosystem for encryption, decryption, and primality test are primarily determined by the implementation efficiency of the modular exponentiation of $a^b$ (mod m). To compute $a^b$ (mod m), the standard binary squaring (square-and-multiply) still seems to be the best choice. However, in large b bits, the preprocessed n-ary, ($n{\geq}2$ method could be more efficient than binary squaring method. This paper proposes a square-and-divide and unpreprocessed n-ary square-and-divide modular exponentiation method. Results confirmed that the square-and-divide method is the most efficient of trial number in a case where the value of b is adjacent to $2^k+2^{k-1}$ or to. $2^{k+1}$. It was also proved that for b out of the beforementioned range, the unpreprocessed n-ary square-and-divide method yields higher efficiency of trial number than the general preprocessed n-ary method.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.41-47
• /
• 2016

The times of multiplication for encryption and decryption of cryptosystem is primarily determined by implementation efficiency of the modular exponentiation of $a^b$(mod m). The most frequently used among standard modular exponentiation methods is a standard binary method, of which n-ary($2{\leq}n{\leq}6$) is most popular. The n-ary($1{\leq}n{\leq}6$) is a square-and-multiply method which partitions $b=b_kb_{k-1}{\cdots}b_1b_{0(2)}$ into n fixed bits from right to left and squares n times and multiplies bit values. This paper proposes a variable-length partition algorithm that partitions $b_{k-1}{\cdots}b_1b_{0(2)}$ from left to right. The proposed algorithm has proved to reduce the multiplication frequency of the fixed-length partition n-ary method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1091-1102
• /
• 2014

The power analysis attack is a cryptanalytic technique to retrieve an user's secret key using the side-channel power leakage occurred during the execution of cryptographic algorithm embedded on a physical device. Especially, many power analysis attacks have targeted on an exponentiation algorithm which is composed of hundreds of squarings and multiplications and adopted in public key cryptosystem such as RSA. Recently, a new correlation power attack, which is tried when two modular multiplications have a same input, is proposed in order to recover secret key. In this paper, after reviewing the principle of side-channel attack based on input collisions in modular multiplications, we analyze the vulnerability of some exponentiation algorithms having regularity property. Furthermore, we present an improved exponentiation countermeasure to resist against the input collision-based CPA(Correlation Power Analysis) attack and existing side channel attacks and compare its security with other countermeasures.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.8
• /
• pp.1471-1479
• /
• 2017

This paper describes a design of RSA public-key cryptography processor supporting key length of 2,048 bits. A modular multiplier that is core arithmetic function in RSA cryptography was designed using word-based Montgomery multiplication algorithm, and a modular exponentiation was implemented by using Left-to-Right (LR) binary exponentiation algorithm. A computation of a modular multiplication takes 8,386 clock cycles, and RSA encryption and decryption requires 185,724 and 25,561,076 clock cycles, respectively. The RSA processor was verified by FPGA implementation using Virtex5 device. The RSA cryptographic processor synthesized with 100 MHz clock frequency using a 0.18 um CMOS cell library occupies 12,540 gate equivalents (GEs) and 12 kbits memory. It was estimated that the RSA processor can operate up to 165 MHz, and the estimated time for RSA encryption and decryption operations are 1.12 ms and 154.91 ms, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.21-34
• /
• 2002

In this paper we propos a new hardware architecture of modular exponentiation using a division chain method which has been proposed in (2). Modular exponentiation using the division chain is performed by receding an exponent E as a mixed form of multiplication and addition with divisors d=2 or $d=2^I +1$ and respective remainders r. This calculates the modular exponentiation in about $1.4log_2$E multiplications on average which is much less iterations than $2log_2$E of conventional Binary Method. We designed a linear systolic array multiplier with pipelining and used a horizontal projection on its data dependence graph. So, for k-bit key, two k-bit data frames can be inputted simultaneously and two modular multipliers, each consisting of k/2+3 PE(Processing Element)s, can operate in parallel to accomplish 100% throughput. We propose a new encoding scheme to represent divisors and remainders of the division chain to keep regularity of the data path. When it is synthesized to ASIC using Samsung 0.5 um CMOS standard cell library, the critical path delay is 4.24ns, and resulting performance is estimated to be abort 140 Kbps for a 1024-bit data frame at 200Mhz clock In decryption process, the speed can be enhanced to 560kbps by using CRT(Chinese Remainder Theorem). Futhermore, to satisfy real time requirements we can choose small public exponent E, such as 3,17 or $2^{16} +1$, in encryption and verification process. in which case the performance can reach 7.3Mbps.