Introduction
In 1985, P.L. Montgomery introduced an efficient algorithm [6] for computing \( u=a \cdot b\; ({\rm mod} n) \) where a, b, and n are k-bit binary numbers (see modular arithmetic). The algorithm is particularly suitable for implementation on general-purpose computers (signal processors or microprocessors) which are capable of performing fast arithmetic modulo a power of 2. The Montgomery reduction algorithm computes the resulting k-bit number u without performing a division by the modulus n. Via an ingenious representation of the residue class modulo n, this algorithm replaces division by n with division by a power of 2. The latter operation is easily accomplished on a computer since the numbers are represented in binary form. Assuming the modulus n is a k-bit number, i.e., 2k-1 ≤ n < 2k, let r be 2k. The Montgomery reduction algorithm requires that r and n be relatively prime, i.e., \(\gcd(r,n)=\gcd(2^k,n)=1\). This requirement is satisfied if nis odd. In the following,...
This is a preview of subscription content, log in via an institution.
References
Dussé, S.R. and B.S. Kaliski, Jr. (1990). “A cryptographic library for the Motorola DSP56000.” Advances in Cryptology—EUROCRYPT'90, Lecture Notes in Computer Science, vol. 473, ed I.B. Damgård. Springer-Verlag, Berlin, 230–244.
Knuth, D.E. (1998). The Art of Computer Programming, Volume 2, Semi-numerical Algorithms (3rd ed.). Addison-Wesley, Reading, MA.
Koç, Ç.K. and T. Acar (1998). “Montgomery multiplication in GF(2k).” Designs, Codes and Cryptography, 14 (1), 57–69.
Koç, Ç. K., T. Acar, and B. S. Kaliski Jr. (1996). Analyzing and comparing Montgomery multiplication algorithms, IEEE Micro, 16 (3), 26–33.
Laurichesse, D. and L. Blain (1991). “Optimized implementation of RSA cryptosystem.” Computers & Security, 10 (3), 263–267.
Montgomery, P.L. (1985). “Modular multiplication without trial division.” Mathematics of Computation, 44 (170), 519–521.
Walter, C.D. (1993). “Systolic modular multiplication.” IEEE Transactions on Computers, 42 (3), 376–378.
Walter, C.D. (1999). “Montgomery exponentiation needs no final subtractions.” Electronics Letters, 35 (21), 1831–2.
Walter, C.D. (2002). “Precise bounds for montgomery modular multiplication and some potentially insecure RSA moduli.” Topics in Cryptology—CT-RSA 2002, Lecture Notes in Computer Science, vol. 2271, ed. B. Preneel. Springer-Verlag, Berlin, 30–39.
Walter C.D. and S. Thompson (2001). “Distinguishing exponent digits by observing modular subtractions.” Topics in Cryptology—CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020, ed. D. Naccache. Springer-Verlag, Berlin, 192–207.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Koç, Ç.K., Walter, C.D. (2005). Montgomery Arithmetic. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_263
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_263
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering