A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Low-Cost Double-Size Modular Exponentiation or How to Stretch Your Cryptoprocessor
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Increasing the Bitlength of a Crypto-Coprocessor
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Unbridle the bit-length of a crypto-coprocessor with montgomery multiplication
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Double-size bipartite modular multiplication
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Bipartite modular multiplication
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Recursive Double-Size Modular Multiplications without Extra Cost for Their Quotients
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Hi-index | 0.00 |
This paper proposes novel algorithms for computing double-size modular multiplications with few modulus-dependent precomputations. Low-end devices such as smartcards are usually equipped with hardware Montgomery multipliers. However, due to progresses of mathematical attacks, security institutions such as NIST have steadily demanded longer bit-lengths for public-key cryptography, making the multipliers quickly obsolete. In an attempt to extend the lifespan of such multipliers, double-size techniques compute modular multiplications with twice the bit-length of the multipliers. Techniques are known for extending the bit-length of classical Euclidean multipliers, of Montgomery multipliers and the combination thereof, namely bipartite multipliers. However, unlike classical and bipartite multiplications, Montgomery multiplications involve modulus-dependent precomputations, which amount to a large part of an RSA encryption or signature verification. The proposed double-size technique simulates double-size multiplications based on single-size Montgomery multipliers, and yet precomputations are essentially free: in an 2048-bit RSA encryption or signature verification with public exponent e= 216+ 1, the proposal with a 1024-bit Montgomery multiplier is 1.4 times faster than the best previous technique.