This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Strictly speaking, \(M\) must be square-free to avoid the possibility of output \(S=M\), which is forbidden in the post-condition of the code. The output bound is treated later in this section.
- 2.
See Exercise 2 for the non-square-free case.
- 3.
In the next section we find that the probability of a subtraction is at most \(\frac{1}{2}\) and, by increasing \(R\), the probability can be made as close to 0 as desired.
References
P. D. Barrett. Implementing the Rivest Shamir Adleman public key encryption algorithm on standard digital signal processor,Advances in Cryptology – crypto ’86, pp. 311–323, Springer, 1987.
J.-J. Quisquater. Presentation at the rump session of Eurocrypt ’90.
Ç. K. Koç, T. Acar, and B. S. Kaliski, Jr. Analyzing and Comparing Montgomery Multiplication Algorithms, IEEE Micro, 16(3): 26–33, 1996.
P. Kocher. Timing Attack on Implementations of Diffie-Hellman, RSA, DSS, and other systems, Advances in Cryptology – crypto ’96, N. Koblitz (editor), LNCS 1109, pp. 104–113, Springer-Verlag, 1996.
P. Kocher, J. Jaffe, and B. Jun, Differential Power Analysis, Advances in Cryptology – crypto ’99, M. Wiener (ed.), LNCS 1666, pp. 388–397, Springer-Verlag, 1999.
P. L. Montgomery. Modular Multiplication without Trial Division, Mathematics of Computation, 44 (170): 519–521, 1985.
NIST/SEMATECH. Cumulative Distribution Function of the Standard Normal Distribution S1.3.6.7.1 in the “e-Handbook of Statistical Methods” at http://www.itl.nist.gov/div898/handbook/, 2006.
NIST. Digital Signature Standard, Appendix 6 (July 1999), Federal Information Processing Standard (FIPS) 186-2, Jan 2000.
S. E. Eldridge and C. D. Walter. Hardware Implementation of Montgomery’s Modular Multiplication Algorithm, IEEE Trans. Comp. 42: 693–699, 1993.
C. D. Walter. Systolic Modular Multiplication, IEEE Trans. Comp. 42, 1993, 376–378.
C. D. Walter. Montgomery Exponentiation Needs No Final Subtractions, Electronics Letters, 35 (21): 1831–1832, October 1999.
C. D. Walter and S. Thompson. Distinguishing Exponent Digits by Observing Modular Subtractions, Topics in Cryptology – CT-RSA 2001, D. Naccache (editor), LNCS 2020, pp. 192–207, Springer-Verlag, 2001.
C. D. Walter. Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli, Proceedings of CT-RSA 2002, LNCS 2271, pp. 30–39, Springer-Verlag, 2002.
C. D. Walter. Longer Keys may facilitate Side Channel Attacks, Selected Areas in Cryptography – SAC 2003, LNCS 3006, pp. 42–57, Springer-Verlag, 2004.
C. D. Walter. Simple Power Analysis of Unified Code for ECC Double and Add Proceedings of CHES 2004, LNCS 3156, pp. 191–204, Springer-Verlag, 2002.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Walter, C.D. (2009). Leakage from Montgomery Multiplication. In: Koç, Ç.K. (eds) Cryptographic Engineering. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-71817-0_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-71817-0_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-71816-3
Online ISBN: 978-0-387-71817-0
eBook Packages: EngineeringEngineering (R0)