Abstract
An optimal upper bound for the number of iterations and precise bounds for the output are established for the version of Montgomery Modular Multiplication from which conditional statements have been eliminated. The removal of such statements is done to avoid timing attacks on embedded cryptosystems but it can mean greater execution time. Unfortunately, this inefficiency is close to its maximal for standard RSA key lengths such as 512 or 1024 bits. Certain such keys are then potentially subject to attack using differential power analysis. These keys are identified, but they are rare and the danger is minimal. The improved bounds, however, lead to consequent savings in hardware.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Chaum, Blind Signatures for Untraceable Payments, Advances in Cryptology — Crypto’ 82, R. L. Rivest, A. T. Sherman & D. Chaum (editors), Plenum Press, New York, 1982, 199–203
W. Diffie & M. E. Hellman, New Directions in Cryptography, IEEE Trans. Info. Theory, IT-22, no. 6 (1976), 644–654
S. E. Eldridge, A Faster Modular Multiplication Algorithm, Intern. J. Computer Math., 40 (1991), 63–68
S. E. Eldridge & C. D. Walter, Hardware Implementation of Montgomery’s Modular Multiplication Algorithm, IEEE Trans. Comp. 42 (1993), 693–699
T. El-Gamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Trans. Info. Theory, IT-31, no. 4 (1985), 469–472
G. Hachez & J.-J. Quisquater, Montgomery exponentiation with no final subtractions: improved results, Cryptographic Hardware and Embedded Systems (Proc CHES 2000), C. Paar & Ç. Koç (editors), Lecture Notes in Computer Science, 1965, Springer-Verlag, 2000, 293–301
P. Kocher, Timing attack on implementations of Diffie-Hellman, RSA, DSS, and other systems, Advances in Cryptology-Crypto’ 96, N. Koblitz (editor), Lecture Notes in Computer Science, 1109, Springer-Verlag, 1996, 104–113
P. Kocher, J. Jaffe & B. Jun, Differential Power Analysis, Advances in Cryptology — Crypto’ 99, M. Wiener (editor), Lecture Notes in Computer Science, 1666, Springer-Verlag, 1999, 388–397
P. L. Montgomery, Modular multiplication without trial division, Mathematics of Computation, 44 (1985), no. 170, 519–521
R. L. Rivest, Timing cryptanalysis of RSA, DH, DSS, Communication to sci.crypt Newsgroup, 11 Dec 1995
R. L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. ACM, 21 (1978), 120–126
C. D. Walter, Montgomery Exponentiation Needs No Final Subtractions, Electronics Letters, 35, no. 21, October 1999, 1831–1832
C. D. Walter & S. Thompson, Distinguishing Exponent Digits by Observing Modular Subtractions, Topics in Cryptology-CT-RSA 2001, D. Naccache (editor), Lecture Notes in Computer Science, 2020, Springer-Verlag, 2001, 192–207
C. D. Walter, Sliding Windows succumbs to Big Mac Attack, Cryptographic Hardware and Embedded Systems-CHES 2001, Ç. Koç, D. Naccache & C. Paar (editors), Lecture Notes in Computer Science, 2162, Springer-Verlag, 2001, 286–299
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Walter, C.D. (2002). Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli. In: Preneel, B. (eds) Topics in Cryptology — CT-RSA 2002. CT-RSA 2002. Lecture Notes in Computer Science, vol 2271. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45760-7_3
Download citation
DOI: https://doi.org/10.1007/3-540-45760-7_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43224-1
Online ISBN: 978-3-540-45760-2
eBook Packages: Springer Book Archive