1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FEI KEMT<br />
In the Algorithm 1 – 1 the <strong>in</strong>put operand X is transformed to the <strong>Montgomery</strong><br />
doma<strong>in</strong> X at the beg<strong>in</strong>n<strong>in</strong>g (Step 1). Afterwards follows the series of the MMM <strong>in</strong><br />
the <strong>Montgomery</strong> doma<strong>in</strong>. F<strong>in</strong>ally, <strong>in</strong> the last step (Step 9) the result is transformed<br />
back to normal doma<strong>in</strong>. In this way the advantage of comput<strong>in</strong>g <strong>in</strong> <strong>Montgomery</strong><br />
doma<strong>in</strong> is fully exploited. The MMM is considered as the most effective method for<br />
modular exponentiation operations applied e.g. <strong>in</strong> the RSA cryptographic algorithm.<br />
1.2.2 <strong>Hard</strong><strong>ware</strong> Implementations of the MMM<br />
Achiev<strong>in</strong>g short computation time of the MM as the most time-consum<strong>in</strong>g opera-<br />
tion <strong>in</strong> RSA and ECC algorithms has a significant impact on the performance of<br />
the elementary cryptographic operations. Therefore efficient implementation of the<br />
algorithm has been an attractive field for research. Due to long operands on which<br />
the operations are performed the hard<strong>ware</strong> platform seems to be a natural choice<br />
before soft<strong>ware</strong> implementation. S<strong>in</strong>ce the size of operands may change accord<strong>in</strong>g<br />
to requirements and is different for RSA and ECC, the parameterized design <strong>in</strong><br />
programmable logic would offer an universal design for fast prototyp<strong>in</strong>g.<br />
The implementations br<strong>in</strong>g <strong>in</strong> life specifically adjusted general algorithms that<br />
take <strong>in</strong>to account the hard<strong>ware</strong> platforms features and prefer operations easily im-<br />
plementable <strong>in</strong> digital logic gates. The designs <strong>in</strong> general tend towards provid<strong>in</strong>g<br />
an universal and elastic solution or have a priority <strong>in</strong> best usage of resources and<br />
achievement of shortest computation times.<br />
One of the most cited hard<strong>ware</strong> implementation of the MMM was <strong>in</strong>troduced at<br />
CHES 1999 by Tenca and Koç [108]. A cheap and flexible modular exponentiation<br />
hard<strong>ware</strong> accelerator can be also achieved us<strong>in</strong>g FPGAs. Results presented <strong>in</strong> liter-<br />
ature, e.g. [29, 41, 51] are ma<strong>in</strong>ly concentrated to systolic-like implementations that<br />
provide a very fast but less flexible solution.<br />
Pre-comput<strong>in</strong>g partial results as presented <strong>in</strong> [72] allows to reduce the number<br />
of clock cycles required for perform<strong>in</strong>g of a s<strong>in</strong>gle MMM operation. Such approach<br />
needs marg<strong>in</strong>ally more area <strong>in</strong> comparison to orig<strong>in</strong>al proposal [108] and as far as the<br />
latency is concerned it is comparable to the design presented <strong>in</strong> [85] that is based on<br />
process<strong>in</strong>g multi-precision operands <strong>in</strong> carry-save form. High-radix implementations<br />
[110] also provide reduction of computational steps, but the complexity of logic part<br />
<strong>in</strong>creases substantially.<br />
Current FPGAs provide an alternative hard<strong>ware</strong> platform even for system-level<br />
<strong>in</strong>tegration of a cryptographic hard<strong>ware</strong>. A SOC concept can typically <strong>in</strong>clude an<br />
12