Montgomery multiplication Algorithm Mohammad Farmani Under supervision of : Dr. S. Bayat-sarmadi 2 nd. Semister,1392-93 Sharif University of Technology.

Montgomery multiplication Algorithm

Mohammad Farmani Under supervision of : Dr. S. Bayat-sarmadi

2nd. Semister,1392-93

Sharif University of Technology 1

Sharif University of Technology2

Main Topic

Montgomery modular

multiplication algorithm

Main Article: “Montgomery Multiplication in GF(2k)”

Written by: Cetin K. KOC and Tolga Acar,1998

Copyright © 2014 Hardware Security and Trust

Outline

Introduction

Montgomery modular multiplication of integers

Montgomery modular multiplication in GF(2k)

Conclusion

Montgomery multiplication algorithm

Sharif University of Technology3

Copyright © 2014 Hardware Security and Trust

Introduction

• The importance and applications of the arithmetic operations in the Galois field GF(2k) in :• Coding theory• Computer algebra• Cryptography• ….

• Importance of the exponentiation • Using a series of multiplication for The exponentiation

Montgomery multiplication algorithm

Sharif University of Technology4

Copyright © 2014 Hardware Security and Trust

Introduction

• Cryptographic applications require fast arithmetic operations• Proposed an effective modular multiplication of integers by P.L. Montgomery 1985

• Conversion to the Montgomery domain :

a : an intgerM : modulusr : Radix

Montgomery multiplication algorithm

Sharif University of Technology5

Copyright © 2014 Hardware Security and Trust

Mara mod nn M 22 1

nr 2

Introduction

• Example:M = 11 , r = 24 = 16

• There is a one-to-one correspondence between integers and Montgomery residues for 0 < a < M-1

Montgomery multiplication algorithm

Sharif University of Technology6

Copyright © 2014 Hardware Security and Trust

611 mod 16*1010

111 mod 16*99

711 mod 16*88

211 mod 16*77

811 mod 16*66

311 mod 16*55

911 mod 16*44

411 mod 16*33

1011 mod 16*22

511 mod 16*11

011 mod 16*00

Outline

Introduction

Montgomery modular multiplication of integers

Montgomery modular multiplication in GF(2k)

Conclusion

Montgomery multiplication algorithm

Sharif University of Technology7

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication of Integers

• Define:

• r-1 is the inverse of r mod M: • r-1r = 1 (mod M)

Montgomery multiplication algorithm

Sharif University of Technology8

Copyright © 2014 Hardware Security and Trust

MryxyxMMz mod),( 1

MzrMxyr

MryrxrMryxz

mod mod

mod))(( mod 11

Montgomery multiplication of Integers

• Example :

Montgomery multiplication algorithm

Sharif University of Technology9

Copyright © 2014 Hardware Security and Trust

711 mod9*7*5)7,5(

)111 mod 9*16( 9,16 1

MM

rr

Montgomery multiplication of Integers

• Montgomery multiplication algorithm• requires no hard division just shifting• In radix 2

Input: X,Y,MOutput: Z = 0for i = 0 to n-1Z = Z + xi•Yif Z is odd then Z = Z + MZ = Z/2

if Z ≥ M then Z = Z – M

Montgomery multiplication algorithm

Sharif University of Technology10

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication of Integers

• Example :

• Z initially 0• Z = (0 + 5 + 11) / 2 = 8• Z = (8 + 5 + 11) / 2 = 12• Z = (12 + 5 + 11) / 2 = 14• Z = (14 + 0) / 2 = 7 (final result)

Montgomery multiplication algorithm

Sharif University of Technology11

Copyright © 2014 Hardware Security and Trust

• X = 7 = 0111• Y = 5 = 0101• M = 11 = 1011

Z = 0for i = 0 to n-1

Z = Z + xi•Yif Z is odd then Z = Z + MZ = Z/2

if Z ≥ M then Z = Z – M

Montgomery multiplication of Integers

• Conversion using MMConversion of integers to/from Montgomery residues with one MM operation

Montgomery multiplication algorithm

Sharif University of Technology12

Copyright © 2014 Hardware Security and Trust

xMrxrMrxxMMx

MxrMrxrrxMMx

mod 1 mod1)1,(

mod mod),(

11

122

Montgomery multiplication of Integers

Montgomery multiplication algorithm

Sharif University of Technology13

Copyright © 2014 Hardware Security and Trust

MM

x r2

X’

MM

X’ 1

X

Outline

Introduction

Montgomery modular multiplication of integers

Montgomery modular multiplication in GF(2k)

Conclusion

Montgomery multiplication algorithm

Sharif University of Technology14

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• Based on polynomial representation• is a polynomial of length k and degree less than or equal to :

• +

• Need an irreducible polynomial of degree • Instead of computing in

propose to compute in

Montgomery multiplication algorithm

Sharif University of Technology15

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• r : element of the field, presented by the polynomial : • i.e. if , then

• • very useful in obtaining fast implementations

• If , then there exist and that :

• and can be computed using EEA algorithm.(taught in class)

Montgomery multiplication algorithm

Sharif University of Technology16

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• Definition:

• Can be computed using the following algorithm

Montgomery multiplication algorithm

Sharif University of Technology17

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• Algorithm for Montgomery Multiplication

Input : Output : Step 1. Step 2. Step 3.

Montgomery multiplication algorithm

Sharif University of Technology18

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• The proposed algorithm is similar to MM of integers• Only difference : the final subtraction step in the integer case is not

necessary in the polynomial case• Proof:

• Thus, c(x) is already reduced

Montgomery multiplication algorithm

Sharif University of Technology19

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• The modular Mult. and Div. in Step 2, 3 are fast operations• Since • The remainder operation : simply ignoring the term • Div. by : shifting the polynomial to the right by places

• Precompute for step 2• Avoided if the coefficients of are scanned one bit at a time.

Montgomery multiplication algorithm

Sharif University of Technology20

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• Recall : • Can be written :

Montgomery multiplication algorithm

Sharif University of Technology21

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• Starting from MSB to LSB :

Montgomery multiplication algorithm

Sharif University of Technology22

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

• The shift factor reverses the direction of summation(LSB to MSB)

Montgomery multiplication algorithm

Sharif University of Technology23

Copyright © 2014 Hardware Security and Trust

Montgomery multiplication in GF(2k)

Bit-Level Algorithm for Montgomery MultiplicationInput: Output: Step 1. Step 2. Step 3. Step 4. Step 5.

Montgomery multiplication algorithm

Sharif University of Technology24

Copyright © 2014 Hardware Security and Trust

Outline

Introduction

Montgomery modular multiplication of integers

Montgomery modular multiplication in GF(2k)

Conclusion

Montgomery multiplication algorithm

Sharif University of Technology25

Copyright © 2014 Hardware Security and Trust

Conclusion

• We have described the bit-level algorithm for computing the product in the • The MMM operation would be significantly faster in SW and HW• Since,• Division changes to simple shifting• Remainder operation simply done by ignoring

• We can speed up more if we use Word-level algorithm for SW implementation

Montgomery multiplication algorithm

Sharif University of Technology26

Copyright © 2014 Hardware Security and Trust

End of presentation, Any question?