Related Concepts
Definition
Suppose a machine performs arithmetic on words of w bits. Let a, b, and n be cryptographically sized integers represented using s such words. Then the Montgomery modular product of a and b modulo n is \(ab{r}^{-1}\) (mod n) where \(r = {2}^{sw}\). This is computed at a word level using a particularly straightforward and efficient algorithm. Compared with the normal “school book” method, for each word of the multiplier the reduction modulo n is performed by adding rather than subtracting a multiple of n, only a single digit is used to decide on this multiple, and the accumulating product is shifted down rather than up.
Background
The modular reduction u (mod n) is typically computed on a word-based machine by repeatedly taking several leading digits from u and n, obtaining the leading digit of their quotient, and using that multiple of n to reduce u. This takes a number of clock cycles on a general processor, and...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRecommended Reading
Dussé SR, Kaliski BS Jr (1991) A cryptographic library for the motorola DSP56000. In: Damgård IB (ed) Advances in cryptology – EUROCRYPT ’90. Lecture notes in computer science, vol 473, Springer, Berlin, pp 230–244. http://www.springerlink.com/content/07h8eyfk4jnafy5c/
Knuth DE (1998) The art of computer programming, 3rd edn. Semi-numerical algorithms, vol 2. Addison-Wesley, Reading. ISBN 0-201-89684-2. http://www.informit.com/title/0201896842
Koç ÇK, Acar T (1998) Montgomery multiplication in GF(2k). Design Code Cryptogr 14(1):57–69. http://www.springerlink.com/content/g25q57w02h21jv71/
Laurichesse D, Blain L (1991) Optimized implementation of RSA cryptosystem. Comput Secur 10(3):263–267. http://dx.doi.org/10.1016/0167-4048(91)90042-C
Montgomery PL (1985) Modular multiplication without trial division, Math Comput 44(170):519–521. http://www.jstor.org/pss/2007970
Walter CD (1993) Systolic modular multiplication. IEEE Trans Comput 42(3):376–378. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=210181
Walter CD (1999) Montgomery exponentiation needs no final subtractions. Electron Lett 35(21):1831–1832. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=810000
Walter CD (2002) Precise bounds for montgomery modular multiplication and some potentially insecure RSA moduli. In: Preneel B (ed) Topics in cryptology – CT-RSA 2002. Lecture notes in computer science, vol 2271. Springer, Berlin, pp 30–39. http://www.springerlink.com/content/3p1qw48b1vu84gya/
Walter CD, Thompson S (2001) Distinguishing exponent digits by observing modular subtractions. In: Naccache D (ed) Topics in cryptology – CT-RSA 2001. Lecture notes in computer science, vol 2020. Springer, Berlin, pp 192–207. http://www.springerlink.com/content/8h6fn41pfj8uluuu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Koç, Ç.K. (2011). Montgomery Arithmetic. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_38
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_38
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering