Skip to main content
SpringerLink
Log in

Constant time modular inversion

  • Short Communication
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Simple power analysis is a common technique to attack software implementations, especially in the realm of public-key cryptography. An effective countermeasure to protect an implementation is to ensure constant (worst-case) runtime. In this paper we show how to modify an algorithm by Kaliski to compute the Montgomery inverse such that it can compute both the classical and Montgomery modular inverse in constant time. We demonstrate the effectiveness by comparing it to the approach based on Fermat’s little theorem as used in the current simple power analysis resistant implementations in cryptography. Our implementation on the popular 32-bit ARM platform highlights the practical benefits of this algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Beagle Board: BeagleBoard-xM System Reference Manual (2013). http://beagleboard.org/static/BBxMSRM_latest.pdf

  2. Bernstein, D.J.: Curve25519: New Diffie–Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) Public key cryptography—PKC 2006. Lecture notes in computer science, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) Advances in Cryptology—CRYPTO 2001. Lecture Notes in Computer Science, vol. 2139, pp. 213–229. Springer, Berlin (2001)

  4. Bos, J.W., Costello, C., Hisil, H., Lauter, K.: Fast cryptography in genus 2. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. Lecture notes in computer science, vol. 7881, pp. 194–210. Springer, Berlin (2013). doi:10.1007/978-3-642-38348-9_12

  5. Bos, J.W., Costello, C., Hisil, H., Lauter, K.: High-performance scalar multiplication using 8-dimensional GLV/GLS decomposition. In: Bertoni, G., Coron, J.S. (eds.) Cryptographic hardware and embedded systems—CHES 2013. Lecture Notes in Computer Science, vol. 8086, pp. 331–348. Springer, Heidelberg (2013)

  6. Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Selecting elliptic curves for cryptography: an efficiency and security analysis. Cryptology ePrint Archive, Report 2014/130 (2014). http://eprint.iacr.org/

  7. Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. Int. J. Appl. Cryptogr. 2(3), 212–228 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  8. Brent, R.P.: Analysis of the binary Euclidean algorithm. In: Traub, J.F. (ed.) New Directions and Recent Results in Algorithms and Complexity, pp. 321–355. Academic Press, New York (1976)

  9. Faz-Hernández, A., Longa, P., Sanchez, A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV-GLS curves. In: Benaloh, J. (ed.) Topics in Cryptology—CT-RSA 2014. The Cryptographers’ Track at the RSA Conference 2014. Lecture Notes in Computer Science, vol. 8366, pp. 1–27. Springer, Berlin (2014)

  10. Guyot, A.: OCAPI: architecture of a VLSI coprocessor for the GCD and the extended GCD of large numbers. In: IEEE Symposium on Computer Arithmetic, pp. 226–231. IEEE, New York (1991)

  11. Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)

    MathSciNet  MATH  Google Scholar 

  12. Kaliski Jr, B.S.: The Montgomery inverse and its applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)

    Article  MATH  Google Scholar 

  13. Knuth, D.E.: Seminumerical Algorithms. The Art of Computer Programming, 3rd edn. Addison-Wesley, Reading (1997)

    Google Scholar 

  14. Koblitz, N.: Elliptic curve cryptosystems. Math. Computat. 48(177), 203–209 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  15. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) Crypto 1996. Lecture Notes in Computer Science, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  16. Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255–293 (2001)

    MathSciNet  MATH  Google Scholar 

  17. Longa, P., Sica, F.: Four-dimensional Gallant-Lambert-Vanstone scalar multiplication. In: Wang, X., Sako, K. (eds.) ASIACRYPT, Lecture Notes in Computer Science, vol. 7658, pp. 718–739. Springer, Berlin (2012)

  18. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Crypto 1985. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

    Google Scholar 

  19. Montgomery, P.L.: Modular multiplication without trial division. Math. Computat. 44(170), 519–521 (1985)

    Article  MATH  Google Scholar 

  20. Naccache, D., Smart, N.P., Stern, J.: Projective coordinates leak. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT. Lecture Notes in Computer Science, vol. 3027, pp. 257–267. Springer, Berlin (2004)

  21. Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S. (eds.) Progress in Cryptology—LATINCRYPT 2010. Lecture Notes in Computer Science, vol. 6212, pp. 109–123. Springer, Berlin (2010)

    Chapter  Google Scholar 

  22. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) Topics in Cryptology—CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006. Lecture Notes in Computer Science, vol. 3860, pp. 1–20. Springer, Berlin (2006)

  23. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)

  24. Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pp. 135–148 (2000)

  25. Savas, E., Koç, Ç.K.: The Montgomery modular inverse-revisited. IEEE Trans. Comput. 49(7), 763–766 (2000)

    Article  MathSciNet  Google Scholar 

  26. Scholz, A.: Aufgabe 253. Jahresbericht der deutschen Mathematiker-Vereingung 47, 41–42 (1937)

    Google Scholar 

  27. Stein, J.: Computational problems associated with Racah algebra. J. Comput. Phys. 1(3), 397–405 (1967)

    Article  MATH  Google Scholar 

  28. Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  29. U.S. Department of Commerce/National Institute of Standards and Technology: Digital Signature Standard (DSS). FIPS-186-3 (2009). http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf

  30. Walter, C.D.: Montgomery exponentiation needs no final subtractions. Electron. Lett. 35(21), 1831–1832 (1999)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NXP Semiconductors, Leuven, Belgium

    Joppe W. Bos

Authors
  1. Joppe W. Bos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joppe W. Bos.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bos, J.W. Constant time modular inversion. J Cryptogr Eng 4, 275–281 (2014). https://doi.org/10.1007/s13389-014-0084-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-014-0084-8

Keywords

Search

Navigation