Abstract
As the importance of the modular arithmetic in public-key systems remains, the pursuits of sophisticated cryptographic engineering continue in designing improved architectures for realizing modular arithmetic. This sophistication does not only involve the high-performance, low-power or area-aware optimizations, but also includes secure or hardened realizations, immune against the so-called side-channel attacks. Among these, simple power analysis attack (SPA) requiring only one or a few power traces of the cryptographic activity is considered as the most dangerous treat for security. This study concentrates on implementing SPA-resistant Montgomery multipliers which are the key ingredients in designing substantial cryptosystems. We introduce new encoding schemes that allow multiplication with the operands having no zero digits. Naturally, such encodings result in a homogeneous multiplication in which accumulation needs equivalent computational work. Moreover, in order to layout more secure and timing-independent multipliers, we impose the I/O requirements that resulting Montgomery multipliers do not need extra final reduction. Finally, as proposed methods allow architectures suitable for word serial processing, a memory performance trade-off is possible for constraint environments.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bhattacharya, S., Mukhopadhyay, D.: Who watches the watchmen? Utilizing performance monitors for compromising keys of RSA on intel platforms. In: Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems—CHES 2015, pp. 248–266 (2015)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: EUROCRYPT’97, Lecture Notes in Computer Science, vol. 1233, pp. 37–51. Springer (1997)
Booth, A.D.: A signed binary multiplication technique. Q. J. Mech. Appl. Math. 4(2), 236–240 (1951)
Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: WISTP 2007, Lecture Notes in Computer Science, vol. 4262, pp. 229–243. Springer (2007)
Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM’03, vol. 12. USENIX Association, Berkeley, CA, USA (2003)
Coron, J.S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems—CHES 1999, LNCS, vol. 1717, pp. 292–302. Springer (1999)
Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9), 1116–1120 (2006)
Goundar, R.R., Shiota, K., Toyonaga, M.: SPA resistant scalar multiplication using golden ratio addition chain method. IAENG Int. J. Appl. Math. 38(2), 83–88 (2008)
Hachez, G., Quisquater, J.J.: Montgomery exponentiation with no final subtractions: improved results. In: Proceedings of the 2nd International Workshop on Cryptographic Hardware and Embedded Systems—CHES 2000, LNCS, vol. 1965, pp. 293–301. Springer (2000)
Joye, M.: Highly regular \(m\)-ary powering ladders. In: Proceedings of Selected Areas in Cryptography—SAC 2009, pp. 350–363. Springer (2009)
Joye, M., Tunstall, M.: Exponent recoding and regular exponentiation algorithms. In: AfricaCrypt 2009, LNCS, vol. 5580, pp. 334–349. Springer (2009)
Koç, C.K.: High-speed RSA implementation. Technical report TR 201, RSA Laboratories (1994). ftp://ftp.rsasecurity.com/pub/pdfs/tr201.pdf
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of the 19th International Cryptology Conference on Advances in Cryptology—CRYPTO 1999, LNCS, vol. 1666, pp. 388–397. Springer (1999)
Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–519 (1985)
MacSorley, O.L.: High-speed arithmetic in binary computers. IEEE Proc. IRE 49(1), 67–91 (1961)
Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: ISC 2001, Lecture Notes in Computer Science, vol. 2200, pp. 324–334. Springer (2001)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Vasyltsov, I., Saldamli, G.: Fault detection and a differential fault analysis countermeasure for the Montgomery power ladder in elliptic curve cryptography. Math. Comput. Model. 55(1–2), 256–267 (2012)
Vuillaume, C., Okeya, K.: Flexible exponentiation with resistance to side channel attacks. In: ACNS 2006, Lecture Notes in Computer Science, vol. 3989, pp. 268–283. Springer (2006)
Walter, C.D.: Montgomery exponentiation needs no final subtractions. Electron. Lett. 35(21), 1831–1832 (1999)
Walter, C.D.: Leakage from Montgomery multiplication. In: Cryptographic Engineering, pp. 431–449. Springer (2009)
Walter, C.D.: Hardware aspects of Montgomery modular multiplication. IACR Cryptol. 2017, 1115 (2017)
Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Proceedings of the 11th International Conference on Topics in Cryptology: CT-RSA 2011, LNCS, vol. 6558, pp. 77–88. Springer (2011)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Saldamli, G., Baek, YJ. Uniform Montgomery multiplier. J Cryptogr Eng 9, 333–339 (2019). https://doi.org/10.1007/s13389-019-00213-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-019-00213-7