Wen-Ching Lin

A New Modular Exponentiation Architecture for Efficient Design of RSA Cryptosystem

Modular exponentiation with a large modulus, which is usually accomplished by repeated modular multiplications, has been widely used in public key cryptosystems for secured data communications. To speed up the computation, the Montgomery modular multiplication algorithm is used to relax the process of quotient determination, and the carry-save addition (CSA) is employed to reduce the critical path delay. In this paper, based on the inherent data dependency between the modular multiplication and square operations in the H-algorithm of modular exponentiation, we present a new modular exponentiation architecture with a unified modular multiplication/square module and show how to reduce the number of input operands for the CSA tree by mathematical manipulation. The developed architecture has the following advantages. 1) There is no need to convert the carry-save form of an operand into its binary representation at the end of each modular multiplication. In this way, except the final step to get the result of modular exponentiation, the time-consuming carry propagation can then be eliminated. 2) The number of input operands for the CSA tree is reduced in a very efficient way. 3) The hardware saving is achieved with very limited impact on the original critical path delay when designed with two distinct modular multiplication and square components. Experimental results show that our modular exponentiation design obtains the least hardware complexity compared with the existing work and outperforms them in terms of area-time (AT) complexity as well.

Word-Based Montgomery Modular Multiplication Algorithm for Low-Latency Scalable Architectures

Modular multiplication is a crucial operation in public key cryptosystems like RSA and elliptic curve cryptography (ECC). This paper presents a new word-based Montgomery modular multiplication algorithm which can be used to achieve a low-latency scalable architecture for efficient hardware implementations. We show how to relax the data dependency in conventional word-based algorithms so that a latency of exactly one cycle can be obtained regardless of the chosen word size w (w > 1). With the presented operand reduction scheme, the proposed scalable architecture can operate at high speeds and suitable data paths can be chosen for specific applications. Complexity analysis shows that the proposed architecture has the lowest latency and area complexity compared to related scalable architectures. Experimental results demonstrate that our design has area, speed, and flexibility advantages over related schemes.

A New Algorithm for High-Speed Modular Multiplication Design

Modular exponentiation in public-key cryptosystems is usually achieved by repeated modular multiplications on large integers. Designing high-speed modular multiplication is thus very crucial to speed up the decryption/encryption process. In this paper, we first explore how to relax the data dependency that exists between multiplication, quotient determination, and modular reduction in the conventional Montgomery modular multiplication algorithm. Then, we propose a new modular multiplication algorithm for high-speed hardware design. The speed improvement is achieved by reducing the critical path delay from the 4-to-2 to 3-to-2 carry-save addition. The resulting time complexity of our development is further decreased by simultaneously performing the multiplication and modular reduction processes. Experimental results show that the developed modular multiplication can operate at speeds higher than those of related work. When the proposed modular multiplication is applied to modular exponentiation, both time and area-time advantages are obtained.

A New Montgomery Modular Multiplication Algorithm and its VLSI Design for RSA Cryptosystem

Modular exponentiation for RSA cryptosystem is usually accomplished by repeated modular multiplications on large integers, which is considerably time-consuming. To speed up the operation, the Montgomery modular multiplication algorithm is employed to eliminate the trial division, and the carry-save addition is used to alleviate the carry propagation delay. In this paper, we propose a unified Montgomery modular multiplication algorithm that can be applied to fulfil either the conventional modular multiplication or squaring operation in carry-save form so as to achieve area-efficient design of modular exponentiation. Meanwhile, we reduce the number of input operands for carry-save addition by mathematical manipulation to minimize the resulting critical path delay. Compared with the existing works, our modular exponentiation design obtains the least hardware complexity and outperforms them in terms of area-time (AT) complexity.

High-speed modular multiplication design for public-key cryptosystems

Modular exponentiation for public-key cryptosystems is usually accomplished by repeated modular multiplications on large integers. A high-speed design of modular multiplication is thus very crucial to speed up the decryption/encryption process. In this paper, we first explore how to relax the data dependency existing among the multiplication, quotient determination, and modular reduction in conventional Montgomery modular multiplication algorithm. Then we proposed a new modular reduction algorithm with a smaller critical path delay in hardware implementation. The speed improvement is achieved by reducing the critical path delay from the 4-to-2 to 3-to-2 carry-save addition, and the resulting time complexity of our development is decreased by simultaneously performing the multiplication and modular reduction processes. Experimental results show that our modular exponentiation can obtain both time and area-time (AT) advantages compared with existing work.

Exploration of Low-Cost Configurable S-Box Designs for AES Applications

Realizing AES in hardware faces increasingly more stringent demands for low cost as well as resisting power attacks. For security consideration, countermeasure power analysis approaches to mask sensitive data are needed. The algebraic masking method to protect AES against power attacks is based on various representations of underlying finite fields. However, implementing the transfer matrices between those fields requires a lot of memory spaces. In this paper, we propose a general method for sharing common subexpressions derived from the algebraic finite fields. Furthermore, we present a randomly configurable architecture for protecting SubByte transformation. Analytical results show that the proposed subexpression sharing method can significantly reduce up to 68.75% of memory requirement compared with individual implementations.

A combined multiplication/division algorithm for efficient design of ECC over GF(2 m )

Using the concept of reciprocal polynomial, this paper shows that a field multiplication over GF(2m) can be implemented by the extended Stein algorithm, one of the algorithms used to realize division. With a fundamental change at the algorithmic level, the field multiplication can be efficiently embedded into a divider so that the multiplier can be eliminated with very little hardware overhead for operand selection. When applied to elliptic curve cryptography (ECC) using affine coordinates, about 13.8% reduction on the area requirement can be achieved with almost no performance degradation compared with the one implemented with two distinct components. Experimental results show that the combined multiplication and division circuit achieves area advantages in comparison with other low-cost designs. The area-efficient design of ECC system also exhibits obvious improvement in area-time (AT) complexity.

A new look-up table-based multiplier/squarer design for cryptosystems over GF(2 m )

This paper presents a high-speed multiplier/squarer design over finite field GF(2m) for large m. We extended the look-up table (LUT) based multiplication algorithm introduced by Hasan to reduce the LUT generation time and then showed how to effectively add the squaring operation to the developed multiplier. The unified multiplication/squaring module is very suitable for applications like Elliptic Curve Cryptography (ECC) in which these two types of operations are operated alternately. Experimental results exhibit that using the proposed sub-group, multiple look-up tables (SG-MLUT) based scheme, up to 29% improvement in the total computation time of multiplication can be achieved in comparison with that using Hasans algorithm. When employing the unified multiplier/squarer module instead of Hasans design in ECC applications, we can gain further improvement in the scalar multiplication time because no LUT generation is needed using our design, and obtain about 24.5% reduction on the resulting area-time (AT) complexity.

Design of square generator with small look-up table

A table of squares for n-bit numbers can be used for LUT-based multiplication for n-bit numbers. This squares-based multiplication using look-up table simplifies the process as a simple addition/subtraction and table look-up, and, thus, speed-ups the operating speed. This study presents a low-cost, yet efficient square generator using a recursive scheme.

Flexible GF(2 m ) divider design for cryptographic applications

In cryptographic applications, private key algorithms usually aim at high-throughput data communication, while public key algorithms require much lower throughput for private key exchange and authentication. To increase hardware utilization and reduce area overhead, this paper presents a flexible divider design in GF(2m), which can be configured to operate in either SIMD or SISD mode. When applied to SIMD applications, the divider can perform multiple divisions in parallel and output results per cycle; thus, it is suitable for AES cryptosystems demanding high throughput. In SISD applications, the divider is scalable and can handle different sizes of operand such as those specified in ECC standards. A scalable design can also relax the potential problem of high fanout control signals. Complexity analysis shows the proposed divider, operated in SIMD mode, has lower area complexity and higher throughput in comparison with related work.