Fu-Chi Chang
Abstract
An investigation of a suite of RSA processors using different exponentiation and modular arithmetic algorithms is the main theme of this paper. The execution time and the amount of hardware required of different algorithms used to implement the RSA processor are compared. The modular algorithms examined in this paper are classical modular algorithm, Barrett's modular algorithm, Hensel's odd division and Montgomery's modular algorithm. The exponentiation algorithms implemented are the left-to-right binary method, the right-to-left binary method, the Chinese remainder theorem. This work finds that the fast RSA processor is the one using the Chinese remainder theorem with right to left scan for exponentiation operations and Barrett's algorithm for modular arithmetic operations. The RSA processor using least amount of hardware is the one using the left-o-right binary method for exponentiation operations and Montgomery's algorithm for modular operations.
- Denning, Dorothy E. R., "Cryptography and Data Security", Addison-Wesley, 1982. Google Scholar
Digital Library
- R. L. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," CACM Vol. 21, pp. 120-126, 1978. Google ScholarDigital Library
- Diffie, W., and Hellman, M. "New direction in cryptograph," IEEE Transaction Information Theory IT-22, pp. 644 - 654, Nov. 1976.Google Scholar
- Corman, Leiserson, and Rivest, "Introduction to Algorithms," MIT Press, 1991. Google ScholarDigital Library
- Oberman, R. M. M., "A flexible rate multiplier circuit with uniform pulse distribution outputs," IEEE Transaction C-21, pp. 896-899, 1972.Google Scholar
- D. E. Knuth, "The art of computer programming, vol. 2 " Addison-Wesley, 1981. Google ScholarDigital Library
- P. D. Barrett, "Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor," Advances in Cryptology, Proceeding. Crypto '86, LNCS 263, A. M. Odlyzko, Ed., Springer-Verlag, pp. 311 - 323, 1987. Google ScholarDigital Library
- K. Hensel, "Theorie der algebraischen Zahlen," Leipzing, 1908Google Scholar
- P. L. Montgomery, "Modular multiplication without trial division," Mathematics of Computation, Vol. 44, pp. 519 - 521, 1985.Google ScholarCross Ref
- M. Shand and J. Vuillemin, "Fast implementations of RSA cryptography," Proceedings of the 11th IEEE Symp.on Computer Arithmetic, 1993.Google Scholar
- S. E. Eldridge, "A faster modular multiplication algorithm," Intern. J. Comput. Math., Vol. 40, pp. 63 - 68, 1991.Google ScholarCross Ref
- C. D. Walter and S. E. Eldridge, "A verification of Brickell's fast modular multiplication algorithm," Intern. J. Comput. Math., Vol. 33, pp. 153 - 169, 1990.Google ScholarCross Ref
- C. D. Walter, "Fast modular multiplication by operand scaling," Advances in Cryptology, Crypto '91, Vol. 576, pp. 313 - 323, 1992. Google ScholarDigital Library
- H. Orup, P. Kornerup, "A high-Radix Hardware Algorithm for Calculating the Exponential ME modulo N," 10th IEEE symp. on Computer Arithmetic, 1991.Google Scholar
- A. Kondracki, "The Chinese Remainder Theorem," Journal of Formalized Mathematics Vol. 9, 1997Google Scholar
- P. A. Ivey, S. M. Walker, J. M. Stern, S. Davidson, "An Ultra-High Speed Public Key Encryption Processor," IEEE Custom Integrated Circuit Conference, 1992.Google Scholar
- S. E. Eldridge, C. D. Walter, "Hardware Implementation of Montgomery's Modular Multiplication Algorithm," IEEE tran. on computer, Vol. 42, No. 6, June 1993. Google ScholarDigital Library
- A. Bosselaers, R. Govaerts, J. Vandewalle, "Comparison of three modular reduction functions," Advances in Cryptology - CRYPTO '93, 13th, pp. 175 - 186, 1993. Google ScholarDigital Library
- J-J Quisquater, C. Couvreur, "Fast Decipherment algorithm for RSA Public-Key Cryptosystem", Electronics Letters, Vol. 18, No 21, pp. 905-907, 1982.Google ScholarCross Ref
Index Terms
- Architectural tradeoff in implementing RSA processors
Recommendations
RSA-OAEP Is Secure under the RSA Assumption
Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor ...
Implementing 1,024-Bit RSA Exponentiation on a 32-Bit Processor Core
ASAP '00: Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures, and ProcessorsThis paper describes how long-wordlength (1024-bit) modular exponentiation may be implemented on a standard 32-bit microprocessor core with a total execution time of under 1 second. The design does not use a long-wordlength arithmetic co-processor. ...
Implementing RSA for sensor nodes in smart cities
In smart city construction, wireless sensor networks (WSNs) are normally deployed to collect and transmit real-time data. The nodes of the WSN are embedded facility that integrated sensors and data processing modules. For security and privacy concerns, ...
Comments