Karl C. Posch

Modulo reduction in residue number systems

Residue number systems provide a good means for extremely long integer arithmetic. Their carry-free operations make parallel implementations feasible. Some applications involving very long integers, such as public key encryption, rely heavily on fast modulo reductions. This paper shows a new combination of residue number systems with efficient modulo reduction methods. Two methods are compared, and the faster one is scrutinized in detail. Both methods have the same order of complexity, O(log n), with n denoting the amount of registers involved. >

Base Extension Using a Convolution Sum in Residue Number Systems

Base extension is an important operation in residue number systems. The method for base extension proposed in this paper approaches the solution through an approximation which is correct in nearly all cases. Rare corrences of uncertainties about the correctness of the result are detected and corrected using iterations. The novel method is superior to the method proposed by Shenoy and Kumaresan [5] as it does not need the help of an additional redundant modulus. For a special class of problems the latter method cannot be used at all. The presented base extension provides a unique tool with time complexity of log2n withn denoting the amount of moduli.ZusammenfassungIn Restklassenzahlensystemen ist die Operation Basiserweiterung von Bedeutung. Die Methode zur Basiserweiterung, wie in dieser Arbeit vorgeschlagen, bedient sich einer Näherungslösung, welche in fast allen Fällen korrekt ist. Das seltene Auftreten von Unsicherheiten bezüglich der Korrektheit des Ergebnisses wird erkantt und durch Iteration korrigiert. Diese neue Methode braucht im Gegensatz zur Methode von Shenoy und Kumaresan keinen zusätzlichen redundanten Modul und ist in dieser Hinsicht besser, da für eine spezielle Problemklasse die Methode überhaupt erst anwendbar wird. In diesem Fall besitzt das vorgestellte Verfahren eine Zeitkomplexität von log2n, wobein die Anzahl der Moduln darstellt.

Refereed paper: RNS-modulo reduction upon a restricted base value set and its applicability to RSA cryptography

For a modulo reduction scheme in RNS a set of restricted base values is proposed. In RNS, additions and multiplications can be computed in parallel, avoiding carry propagation delays. This advantage enables the implementation of scalable, parallel arithmetic units for computations in very large finite fields. For such a long integer arithmetic unit certain selection criteria for the base value set have been worked out, targeted to optimise the modulo reduction operation on the RNS digit level. As public key cryptography heavily depends on arithmetic in large finite fields, a parallelisable RSA variant is shown as a sample application.

Residue number systems: a key to parallelism in public key cryptography

Public key cryptography and parallel algorithms are considered. Special attention is paid to algorithms using long integer modulo arithmetic. A modification of the commonly known RSA algorithm is taken as a candidate. So far all implementations have been more or less sequential in the sense that no partitions of a long integer among various processing elements have been performed. The proposed approach allows the use of a dedicated processor for each group of about 30 to 50 bits of a long integer. Efficiency is primarily gained when special-purpose processors are used. In this regard this work is the basis of a VLSI approach to a multiprocessor-based cryptographic design with 15 to 100 processors involved.<<ETX>>

Approaching encryption at ISDN speed using partial parallel modulus multiplication

Abstract Public key systems using modulus arithmetic are quite safe mechanisms for a variety of cryptographic applications. Their main problem lies in the very long integer arithmetic. In cryptosystems usually serial-parallel multiplication is employed. Serial-parallel multiplication slows down the encryption to the order of k , where k is log 2 ( n ), and n is the modulus. This paper demonstrates a method of using parallel multiplication schemes at the order of log ( k ) in combination with incomplete modulus reduction. This method calls for redundant number representations. With this background, the problem of designing a quasi optimal scheme fitting into a defined chip area is elaborated. The combination of two methods, partial parallel multiplication in redundant number representations and incomplete modulus reduction at fully completed multiplication steps only, seems to allow for RSA encryption at ISDN speed and higher.

A 155 Mbps Triple-DES Network Encryptor

The presented Triple-DES encryptor is a single-chip solution to encrypt network communication. It is optimized for throughput and fast switching between virtual connections like found in ATM networks. A broad range of optimization techniques were applied to reach encryption rates above 155 Mbps even for Triple-DES encryption in outer CBC mode. A high-speed logic style and full-custom design methodology made first-time working silicon on a standard 0.6 µm CMOS process possible. Correct functionality of the prototype was verified up to a clock rate of 275 MHz.

Secure and privacy-preserving eGovernment: best practice Austria

In the past, contact with public authorities often appeared as winding way for citizens. Enabled by the tremendous success of the Internet, public authorities aimed to react on that shortcoming by providing various governmental services online. Due to these services, citizens are not forced to visit public authorities during office hours only but have now the possibility to manage their concerns everywhere and anytime. Additionally, this user friendly approach also decreases costs for public authorities. Austria was one of the first countries that seized this trend by setting up a nation-wide eGovernment infrastructure. The infrastructure builds upon a solid legal framework supported by various technical concepts preserving security and privacy for citizens. These efforts have already been awarded in several international benchmarks that have reported a 100% online availability of eGovernment services in Austria. In this paper we present best practices that have been followed by the Austrian eGovernment and that have paved the way for its success. By virtually following a traditional governmental procedure and mapping its key stages to corresponding online processes, we provide an insight into Austrias comprehensive eGovernment infrastructure and its key concepts and implementations. This paper introduces the most important elements of the Austrian eGovernment and shows how these components act in concert in order to realize secure and reliable eGovernment solutions for Austrian citizens.

High performance modular arithmetic using an RNS based chipset

This paper presents a distributed computing architecture capable of performing long integer arithmetic. Special attention is given to module multiplication. To avoid carry propagation delays, the design makes use of RNS arithmetic. In RNS, additions and multiplications can be computed in parallel. Several VLSI processing elements are grouped together, each holding one RNS digit. These devices exchange information on a data bus. Instructions sequenced by an additional chip control synchronized execution. Thus, the system can be seen as a SIMD architecture performing modular arithmetic. Some instructions differ from a pure SIMD concept. The system is tuned for special purpose computations. As a sample application suitable for the presented chip set, an RSA like enciphering method (MRSA) is shown.<<ETX>>

Multiplication as Parallel as Possible

Public key encryption/decryption with modulus arithmetic is used in a variety of cryptographic applications. A tough computational problem arises due to the very long integer arithmetic needed. Usually serial-parallel multiplication is employed, which slows down speed to the order of k=log2(n), where n is the modulus. This paper describes a possible implementation of a method using parallel multiplication schemes at the order of log(k) in combination with incomplete modulus reduction. As many partial products as possible are implemented in parallel (As Parallel As Possible, APAP). This leads to a mixture of linear and logarithmic time complexity. This paper describes a hardware solution for the APAP-multiplier with optimized dynamic adder cells without storage elements. Additional available silicon area can be traded against speedup in a smooth way. The underlying method is described and proved in [Posch90]. Using 664 bit long operands, a 40mm2 chip manufactured in 1.2 micron CMOS technology can reach an RSA encryption/decryption rate of 240 kbits/second.

Robustness-Agile Encryptor for ATM Networks

This paper describes a robustness-agile ATM encryption unit which exploits parallel control processes. A VLSI chip implementing these concepts is presented. This single-chip encryptor performs CBC-mode Triple-DES encryption up to 155 Mbps with delays well below one ATM cell period. The microchip advances the field of confidentiality services in ATM networks in several dimensions: First, the delay introduced due to encryption has been minimized and is negligible in terms of Quality of Services requirements of delay sensitive applications. Second, outer-CBC Triple-DES is supported at 155 Mbps, so far not used by ATM encryptors. Third, the unit is scalable in the number of virtual connections, i.e. the number of agile session keys. Finally, the single-chip approach allows to integrate encryption into the end-user ATM access device, such as a desktop PC.