Reinhard Posch

Modulo reduction in residue number systems

Residue number systems provide a good means for extremely long integer arithmetic. Their carry-free operations make parallel implementations feasible. Some applications involving very long integers, such as public key encryption, rely heavily on fast modulo reductions. This paper shows a new combination of residue number systems with efficient modulo reduction methods. Two methods are compared, and the faster one is scrutinized in detail. Both methods have the same order of complexity, O(log n), with n denoting the amount of registers involved. >

Base Extension Using a Convolution Sum in Residue Number Systems

Base extension is an important operation in residue number systems. The method for base extension proposed in this paper approaches the solution through an approximation which is correct in nearly all cases. Rare corrences of uncertainties about the correctness of the result are detected and corrected using iterations. The novel method is superior to the method proposed by Shenoy and Kumaresan [5] as it does not need the help of an additional redundant modulus. For a special class of problems the latter method cannot be used at all. The presented base extension provides a unique tool with time complexity of log2n withn denoting the amount of moduli.ZusammenfassungIn Restklassenzahlensystemen ist die Operation Basiserweiterung von Bedeutung. Die Methode zur Basiserweiterung, wie in dieser Arbeit vorgeschlagen, bedient sich einer Näherungslösung, welche in fast allen Fällen korrekt ist. Das seltene Auftreten von Unsicherheiten bezüglich der Korrektheit des Ergebnisses wird erkantt und durch Iteration korrigiert. Diese neue Methode braucht im Gegensatz zur Methode von Shenoy und Kumaresan keinen zusätzlichen redundanten Modul und ist in dieser Hinsicht besser, da für eine spezielle Problemklasse die Methode überhaupt erst anwendbar wird. In diesem Fall besitzt das vorgestellte Verfahren eine Zeitkomplexität von log2n, wobein die Anzahl der Moduln darstellt.

Refereed paper: RNS-modulo reduction upon a restricted base value set and its applicability to RSA cryptography

For a modulo reduction scheme in RNS a set of restricted base values is proposed. In RNS, additions and multiplications can be computed in parallel, avoiding carry propagation delays. This advantage enables the implementation of scalable, parallel arithmetic units for computations in very large finite fields. For such a long integer arithmetic unit certain selection criteria for the base value set have been worked out, targeted to optimise the modulo reduction operation on the RNS digit level. As public key cryptography heavily depends on arithmetic in large finite fields, a parallelisable RSA variant is shown as a sample application.

Residue number systems: a key to parallelism in public key cryptography

Public key cryptography and parallel algorithms are considered. Special attention is paid to algorithms using long integer modulo arithmetic. A modification of the commonly known RSA algorithm is taken as a candidate. So far all implementations have been more or less sequential in the sense that no partitions of a long integer among various processing elements have been performed. The proposed approach allows the use of a dedicated processor for each group of about 30 to 50 bits of a long integer. Efficiency is primarily gained when special-purpose processors are used. In this regard this work is the basis of a VLSI approach to a multiprocessor-based cryptographic design with 15 to 100 processors involved.<<ETX>>

Approaching encryption at ISDN speed using partial parallel modulus multiplication

Abstract Public key systems using modulus arithmetic are quite safe mechanisms for a variety of cryptographic applications. Their main problem lies in the very long integer arithmetic. In cryptosystems usually serial-parallel multiplication is employed. Serial-parallel multiplication slows down the encryption to the order of k , where k is log 2 ( n ), and n is the modulus. This paper demonstrates a method of using parallel multiplication schemes at the order of log ( k ) in combination with incomplete modulus reduction. This method calls for redundant number representations. With this background, the problem of designing a quasi optimal scheme fitting into a defined chip area is elaborated. The combination of two methods, partial parallel multiplication in redundant number representations and incomplete modulus reduction at fully completed multiplication steps only, seems to allow for RSA encryption at ISDN speed and higher.

E-voting: a scalable approach using XML and hardware security modules

E-voting increasingly gains interest in e-democracy and e-government movements. Not only the security and the availability of electronic election systems are of paramount importance, but also the scalability is of major interest. Especially the fact that in political elections the system has to scale nation-wide, thus having several millions of users, is to be considered. In this paper we state the difficulties and the requirements for a practical implementation of an e-voting system. Both security aspects and scalability issues are addressed. Therefore, the paper introduces a novel approach of building an e-voting system: a system is proposed that addresses one of the main problems in e-voting systems - preserving the voters decision an inviolable secret even though strong authentication of the voter is needed y introducing a specific hardware security module into the counting process. The proposed system scales well to large populations. XML is used as a basic technology, which also fits the ongoing e-voting standardization initiatives such as the election markup language (EML). The paper outlines how this approach fits ongoing international standardization initiatives, such as the upcoming Council of Europe recommendations on e-enabled elections.

Media-Break Resistant eSignatures in eGovernment: An Austrian Experience

Governments and public administrations produce documents – laws, orders, permits, notifications, etc. With the transition from traditional paper-based administration to eGovernment that we have seen in the last decade, authentic electronic documents gain importance. Electronic signatures promise to be a tool of choice. However, given the choice of access channels – electronic or conventional – public administrations offer, eDocuments will have to co-exist with traditional paper documents for several years, if not for decades. In this paper we discuss the Austrian practical experience gained with eSignatures and eDocuments in eGovernment.

A 155 Mbps Triple-DES Network Encryptor

The presented Triple-DES encryptor is a single-chip solution to encrypt network communication. It is optimized for throughput and fast switching between virtual connections like found in ATM networks. A broad range of optimization techniques were applied to reach encryption rates above 155 Mbps even for Triple-DES encryption in outer CBC mode. A high-speed logic style and full-custom design methodology made first-time working silicon on a standard 0.6 µm CMOS process possible. Correct functionality of the prototype was verified up to a clock rate of 275 MHz.

Securing multimedia services over satellite ATM networks

In recent years there has been increasing interest in interconnecting satellite and ATM networks, because both share common characteristics of the ability to provide bandwidth-on-demand and flexibility of integrating voice, video and data services. There are several new satellite constellation proposals that support multimedia service and transport ATM traffic. For a successful implementation of such systems it is essential to address the security requirements of users, satellite ATM network operators and multimedia service providers. In order to minimize delay and the cost of implementing security systems for satellite ATM networks, the network operator role (in security services) can be limited to the mutual authentication with satellite users during call set-up periods. In this paper a mutual authentication protocol between the user and the satellite network is presented using digital signature and public key systems. Also, another mutual authentication protocol between the user and the service provider is presented to provide end-to-end authentication and negotiation of security options such as selecting a secret key system and the key length. Finally, a detailed hardware implementation of ATM cell payload encryption is presented using the DES/TripleDES secret key system.

Secure and privacy-preserving eGovernment: best practice Austria

In the past, contact with public authorities often appeared as winding way for citizens. Enabled by the tremendous success of the Internet, public authorities aimed to react on that shortcoming by providing various governmental services online. Due to these services, citizens are not forced to visit public authorities during office hours only but have now the possibility to manage their concerns everywhere and anytime. Additionally, this user friendly approach also decreases costs for public authorities. Austria was one of the first countries that seized this trend by setting up a nation-wide eGovernment infrastructure. The infrastructure builds upon a solid legal framework supported by various technical concepts preserving security and privacy for citizens. These efforts have already been awarded in several international benchmarks that have reported a 100% online availability of eGovernment services in Austria. In this paper we present best practices that have been followed by the Austrian eGovernment and that have paved the way for its success. By virtually following a traditional governmental procedure and mapping its key stages to corresponding online processes, we provide an insight into Austrias comprehensive eGovernment infrastructure and its key concepts and implementations. This paper introduces the most important elements of the Austrian eGovernment and shows how these components act in concert in order to realize secure and reliable eGovernment solutions for Austrian citizens.