RNS-Based Public-Key Cryptography (RSA and ECC)

  • Dimitris SchinianakisEmail author
  • Thanos Stouraitis


As computer arithmetic advances for computation-bound systems like public-key cryptographic processors become increasingly incremental, researchers tend to focus their quest for advanced performance on alternative number system representations. The stake is not only to further boost up performance but also to explore new cryptanalytic properties offered by such representations. Among various options available, the ancient Residue Number System (RNS) stands out as the main player. This chapter focuses on RNS-based system design for public-key cryptography and highlights important concepts of residue arithmetic application in two of the most popular public-key cryptosystems, namely the RSA and Elliptic Curve Cryptography (ECC). Starting from basic arithmetic operations and algorithms and progressing to state-of-the-art hardware implementations and useful cryptanalytic properties, the reader will hopefully obtain a holistic overview of the implications, challenges, and unexplored issues of this emerging field.


Elliptic Curve Cryptography Modular Multiplication Chinese Remainder Theorem Residue Number System Modular Exponentiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Our warmest thanks to Mrs. Elli Kyrmanidou (PhD candidate in LMU Munich) for editing the chapter.


  1. 1.
    C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, J.P. Seifert, Fault attacks on RSA with CRT: concrete results and practical counter-measures, in Proceedings of International Workshop Cryptographic Hardware and Embedded Systems (CHES’02) (2002), pp. 260–275Google Scholar
  2. 2.
    J.C. Bajard, L. Imbert, A full RNS implementation of RSA. IEEE Trans. Comput. 53, 769–774 (2004)CrossRefGoogle Scholar
  3. 3.
    J.C. Bajard, L.S. Didier, P. Kornerup, Modular multiplication and base extensions in residue number systems, in Proceedings of the 15th Symposium on Computer Arithmetic, ARITH’01 (2001), pp. 59–65Google Scholar
  4. 4.
    J. Bajard, M. Kaihara, T. Plantard, Selected RNS bases for modular multiplication, in 19th IEEE International Symposium on Computer Arithmetic (2009), pp. 25–32Google Scholar
  5. 5.
    J. Bajard, J. Eynard, F. Gandino, Fault detection in RNS Montgomery modular multiplication, in 2013 21st IEEE Symposium on Computer Arithmetic (ARITH) (2013), pp. 119–126Google Scholar
  6. 6.
    I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography (Cambridge University Press, Cambridge, 2002)zbMATHGoogle Scholar
  7. 7.
    J. Blömer, M. Otto, J.P. Seifert, A new CRT-RSA algorithm secure against bellcore attacks, in In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS’03 (2003), pp. 311–320Google Scholar
  8. 8.
    D. Boneh, R. DeMillo, R. Lipton, On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14, 101–119 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    M. Esmaeildoust, D. Schinianakis, H. Javashi, T. Stouraitis, K. Navi, Efficient RNS implementation of elliptic curve point multiplication over GF(p). IEEE Trans. Very Large Scale Integr. VLSI Syst. 8 (21), 1545–1549 (2013)CrossRefGoogle Scholar
  10. 10.
    A.P. Fournaris, N. Klaoudatos, N. Sklavos, C. Koulamas, Fault and power analysis attack resistant RNS based Edwards curve point multiplication, in Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, CS2’15 (ACM, New York, 2015), pp. 43:43–43:46
  11. 11.
    F. Gandino, F. Lamberti, P. Montuschi, J. Bajard, A General Approach for Improving RNS Montgomery exponentiation using pre-processing, in 2011 20th IEEE Symposium on Computer Arithmetic (ARITH) (2011), pp. 195–204Google Scholar
  12. 12.
    F. Gandino, F. Lamberti, G. Paravati, J.C. Bajard, P. Montuschi, An algorithmic and architectural study on Montgomery exponentiation in RNS. IEEE Trans. Comput. 61 (8), 1071–1083 (2012)CrossRefMathSciNetGoogle Scholar
  13. 13.
    C. Giraud, An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55 (9), 1116–1120 (2006)CrossRefGoogle Scholar
  14. 14.
    O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, in Advances in Cryptology CRYPTO’97, ed. by B.J. Kaliski. Lecture Notes in Computer Science, vol. 1294 (Springer Berlin, 1997), pp. 112–131. doi: 10.1007/BFb0052231.
  15. 15.
    M. Joye, S.M. Yen, The Montgomery powering ladder, in: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES’02) LNCS (2002), pp. 291–302Google Scholar
  16. 16.
    S. Kawamura, M. Koike, F. Sano, A. Shimbo, Cox-Rower architecture for fast parallel Montgomery multiplication, in EUROCRYPT’00: Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (Springer, Berlin, 2000), pp. 523–538zbMATHGoogle Scholar
  17. 17.
    D.E. Knuth, The Art of Computer Programming, Seminumerical Algorithms, vol. 2 (3rd ed.) (Addison-Wesley Longman, Boston, 1997)Google Scholar
  18. 18.
    N. Koblitz, Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  19. 19.
    I. Koren, Computer Arithmetic Algorithms (A K Peters, Natick, 2002)zbMATHGoogle Scholar
  20. 20.
    R. Lab, High-Speed RSA Implementation (2011).
  21. 21.
    R. Lab, RSA Hardware Implementation (2011).
  22. 22.
    K. Ma, H. Liang, K. Wu, Homomorphic property-based concurrent error detection of RSA: a countermeasure to fault attack. IEEE Trans. Comput. 61 (7), 1040–1049 (2012)CrossRefMathSciNetGoogle Scholar
  23. 23.
    A.J. Menezes, S.A. Vanstone, P.C.V. Oorschot, Handbook of Applied Cryptography, 1st edn. (CRC Press, Boca Raton, 1996)CrossRefzbMATHGoogle Scholar
  24. 24.
    V. Miller, Use of elliptic curves in cryptography, in Advances in Cryptology (CRYPTO’85). LNCS, vol. 218 (1986), pp. 47–426Google Scholar
  25. 25.
    P. Mohan, RNS-to-binary converter for a new three-moduli set {2n+1 − 1, 2n, 2n − 1}. IEEE Trans. Circuits Syst. Express Briefs 54 (9), 775–779 (2007)Google Scholar
  26. 26.
    P.L. Montgomery, Modular multiplication without trial division. Math. Comput. 16, 519–521 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  27. 27.
    K. Navi, A. Molahosseini, M. Esmaeildoust, How to teach residue number system to computer scientists and engineers. IEEE Trans. Educ. 54 (1), 156–163 (2011)CrossRefGoogle Scholar
  28. 28.
    H. Nozaki, M. Motoyama, A. Shimbo, S. Kawamura, Implementation of RSA algorithm based on RNS Montgomery multiplication, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES’01). LNCS, vol. 2162 (2001), pp. 364–376Google Scholar
  29. 29.
    K. Posch, R. Posch, Base extension using a convolution sum in residue number systems. Computing 50, 93–104 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  30. 30.
    K. Posch, R. Posch, Modulo reduction in residue number systems. Trans. Parallel Distrib. Syst. 6 (5), 449–454 (1995)CrossRefzbMATHGoogle Scholar
  31. 31.
    O. Regev, Lattice-based cryptography, in Advances in Cryptology CRYPTO’06. Lecture Notes in Computer Science (Springer, Berlin, 2006), pp. 131–141Google Scholar
  32. 32.
    R. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  33. 33.
    D. Schinianakis, T. Stouraitis, Hardware-fault attack handling in RNS-based Montgomery multipliers, in 2013 IEEE International Symposium on Circuits and Systems (ISCAS) (2013), pp. 3042–3045Google Scholar
  34. 34.
    D. Schinianakis, T. Stouraitis, Multifunction residue architectures for cryptography. IEEE Trans. Circuits Syst. Regul. Pap. 61(4), 1156–1169 (2014)CrossRefGoogle Scholar
  35. 35.
    D. Schinianakis, A. Fournaris, H. Michail, A. Kakarountas, T. Stouraitis, An RNS implementation of an F p elliptic curve point multiplier. IEEE Trans. Circuits Syst. I 56 (6), 1202–1213 (2009)CrossRefMathSciNetGoogle Scholar
  36. 36.
    A. Shamir, Improved method and apparatus for protecting public key schemes from timing and fault attacks. US Patent 5,991,415 (1999)Google Scholar
  37. 37.
    M. Shenoy, R. Kumaresan, A fast and accurate RNS scaling technique for high speed signal processing. IEEE Trans. Acoust. Speech Signal Process. 37 (6), 929–937 (1989)CrossRefGoogle Scholar
  38. 38.
    A. Skavantzos, Y. Wang, New efficient RNS-to-weighted decoders for conjugate-pair-moduli residue number systems, in Conference Record of the Thirty-Third Asilomar Conference on Signals, Systems, and Computers, 1999 (1999), vol. 2, pp. 1345–1350Google Scholar
  39. 39.
    A. Skavantzos, M. Abdallah, T. Stouraitis, D. Schinianakis, Design of a balanced 8-modulus RNS, in 16th IEEE International Conference on Electronics, Circuits, and Systems, 2009. ICECS 2009 (2009), pp. 61–64Google Scholar
  40. 40.
    N. Szabo, R. Tanaka, Residue Arithmetic and its Applications to Computer Technology (McGraw-Hill, New York, 1967)zbMATHGoogle Scholar
  41. 41.
    F.J. Taylor, Residue arithmetic: a tutorial with examples. IEEE Comput. 17, 50–62 (1988)CrossRefGoogle Scholar
  42. 42.
    D. Vigilant, RSA with CRT: a new cost-effective solution to thwart fault attacks, in Proceedings of International Workshop Cryptographic Hardware and Embedded Systems (CHES 08) (2008), pp. 130–145Google Scholar
  43. 43.
    W. Wang, M. Swamy, O. Ahmad, Y. Wang, New Chinese remainder theorems applications to special moduli sets, in CCECE99, vol. 2 (1999), pp. 1345–1350Google Scholar
  44. 44.
    Y. Wang, Residue-to-binary converters based on new Chinese remainder theorems. IEEE Trans. Circuits Syst. II, Analog Digit. Signal Process. 47 (3), 197–205 (2000)Google Scholar
  45. 45.
    H.M. Yassine, W. Moore, Improved mixed-radix conversion for residue number system architectures. IEE Proc. G Circuits Devices Syst. 138 (1), 120–124 (1991)CrossRefGoogle Scholar
  46. 46.
    S. Yen, M. Joye, Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49 (9), 967–970 (2000)CrossRefzbMATHGoogle Scholar
  47. 47.
    S. Yen, S. Kim, S. Lim, S. Moon, RSA Speedup with Chinese remainder theorem immune against hardware fault cryptanalysis. IEEE Trans. Comput. 52 (4), 461–472 (2003)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.NOKIA Bell LabsMunichGermany
  2. 2.University of PatrasPatrasGreece
  3. 3.KUSTARAbu DhabiUnited Arab Emirates

Personalised recommendations