Abstract:
Hardware realization of public-key cryptosystems often entails Montgomery modular multiplication (MMM), which is more efficient in residue number systems (RNS). A large p...Show MoreMetadata
Abstract:
Hardware realization of public-key cryptosystems often entails Montgomery modular multiplication (MMM), which is more efficient in residue number systems (RNS). A large pool of co-prime moduli allows for higher number of dynamically changeable moduli-set pairs for the required base extension, leading to ultra-wide key-lengths to accommodate the indispensable resistance to differential power-analysis (DPA) attacks. The moduli are often of the form {2^r} - {{\delta }}, where r denotes the width of residue channels. In a previous relevant RNS MMM design, with r\ = \ 64, probability of a successful DPA attack is less than {2^{ - 66}}, where efficient arithmetic is obtained only for a limited set of moduli that are insufficient for key-lengths over 1024 bits. Here we propose a free-{{\delta }} RNS MMM scheme, for up-to 8192-bit key-lengths and fast 16-bit residue channels, based on the proposed {{\delta }}-independent modulo-({2^r} - {{\delta }}) adders and multipliers. Moreover, we propose an especial method for moduli selection that is required for base extension, leading to the same aforementioned DPA-resistance measure and much lower measures for key-lengths over 1024. The implementation results show 82,69,44\ percent less RSA delay, for key-lengths 512,1024,2048, respectively of the home designs versus the 512-bit main reference design, and more than 5,100\ percent for 4096,8192 key-lengths, respectively, all per 512-bit encrypted messages.
Published in: IEEE Transactions on Computers ( Volume: 71, Issue: 6, 01 June 2022)