Unbridle the Bit-Length of a Crypto-coprocessor with Montgomery Multiplication

  • Masayuki Yoshino
  • Katsuyuki Okeya
  • Camille Vuillaume
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)


We present a novel approach for computing 2n-bit Montgomery multiplications with n-bit hardware Montgomery multipliers. Smartcards are usually equipped with such hardware Montgomery multipliers; however, due to progresses in factoring algorithms, the recommended bit length of public-key schemes such as RSA is steadily increasing, making the hardware quickly obsolete. Thanks to our double-size technique, one can re-use the existing hardware while keeping pace with the latest security requirements. Unlike the other double-size techniques which rely on classical n-bit modular multipliers, our idea is tailored to take advantage of n-bit Montgomery multipliers. Thus, our technique increases the perenniality of existing products without compromises in terms of security.


Montgomery multiplication RSA crypto-coprocessor smartcard 


  1. 1.
    Chevallier-Mames, B., Joye, M., Paillier, P.: Faster Double-Size Modular Multiplication From Euclidean Multipliers. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 214–227. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Fischer, W., Seifert, J.P.: Increasing the bitlength of crypto-coprocessors. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 71–81. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Handschuh, H., Paillier, P.: Smart card crypto-coprocessors for public-key cryptography. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 372–379. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Koc, C.: Montgomery reduction with even modulus. IEE Proceedings Computer and Digital Techniques 141(5), 314–316 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)Google Scholar
  6. 6.
    Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Naccache, D., M’Raïhi, D.: Arithmetic co-processors for public-key cryptography: The state of the art. In: CARDIS, pp. 18–20 (1996)Google Scholar
  8. 8.
    Paillier, P.: Low-cost double-size modular exponentiation or how to stretch your cryptoprocessor. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 223–234. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  9. 9.
    Quisquater, J.J., Couvreur, C.: Fast decipherment algorithm for rsa public-key cryptosystem. Electronics Letters 18(21), 905–907 (1982)CrossRefGoogle Scholar
  10. 10.
    Rivest, R.L., Shamir, A., Adelman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefGoogle Scholar
  11. 11.
    RSA Laboratories: RSA challenges,

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Masayuki Yoshino
    • 1
  • Katsuyuki Okeya
    • 1
  • Camille Vuillaume
    • 1
  1. 1.Hitachi, Ltd., Systems Development Laboratory, KawasakiJapan

Personalised recommendations