Improving Modular Inversion in RNS Using the Plus-Minus Method

Bigou, Karim; Tisserand, Arnaud

doi:10.1007/978-3-642-40349-1_14

Cited by 13 publications

(9 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we first present the algorithm and the classical ALU used to compute the reduction inside the Rower. To our knowledge, it is the only ALU used with the RNS Cox-Rower architecture [8,5,3,13,2].…”

Section: A New Cox-rower Architecturementioning

confidence: 99%

“…It is also possible to reduce the last addition during the computation of the multiplications, if the adder/reducer block are not the critical path of the design compared to the multipliers. Such implementation gives good results for efficient implementation and computation for F p /RSA and ECC [6,8,5,3,13,2]. Figure 1 presents the ALU of the Rower unit introduced by Guillermin [5].…”

Section: Classical Rower Unitmentioning

confidence: 99%

“…The condition given for efficient reduction, when r is large, is sufficient to be in (ii), which is the case in [6,8,5,3,13,2].…”

Section: New Rower Unitmentioning

confidence: 99%

“…Recently, it has also been demonstrated to be suitable for pairing computations [3,13]. Improvement has been made for efficient computation of the final exponentiation in [2]. All these implementations are based on the Cox-Rower architecture proposed by Kawamura for RSA [6] and improved by Guillermin for ECC computations [5].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Double Level Montgomery Cox-Rower Architecture, New Bounds

Bajard

Merkiche²

2015

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. Recently, the Residue Number System and the Cox-Rower architecture have been used to compute efficiently Elliptic Curve Cryptography over FPGA. In this paper, we are rewriting the conditions of Kawamura's theorem for the base extension without error in order to define the maximal range of the set from which the moduli can be chosen to build a base. At the same time, we give a procedure to compute correctly the truncation function of the Cox module. We also present a modified ALU of the Rower architecture using a second level of Montgomery Representation. Such architecture allows us to select the moduli with the new upper bound defined with the condition. This modification makes the Cox-Rower architecture suitable to compute 521 bits ECC with radix downto 16 bits compared to 18 with the classical Cox-Rower architecture. We validate our results through FPGA implementation of a scalar multiplication at classical cryptography security levels (NIST curves). Our implementation uses 35% less LUTs compared to the state of the art generic implementation of ECC using RNS for the same performance [5]. We also slightly improve the computation time (latency) and our implementation shows best ratio throughput/area for RNS computation supporting any curve independently of the chosen base.

show abstract

Section: A New Cox-rower Architecturementioning

confidence: 99%

Section: Classical Rower Unitmentioning

confidence: 99%

“…The condition given for efficient reduction, when r is large, is sufficient to be in (ii), which is the case in [6,8,5,3,13,2].…”

Section: New Rower Unitmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Double Level Montgomery Cox-Rower Architecture, New Bounds

Bajard

Merkiche²

2015

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

show abstract

“…Residue Number Systems (RNS) have been proven to be a good candidate for achieving fast computation in finite fields [5], [6], [9], [15], [18], which is a critical issue for limiting latency of public key cryptography. In practice, most of the competitive hardware implementations rely on the so-called Cox-Rower architecture, introduced by Kawamura et al [15], which is designed to fit with natural properties of RNS.…”

Section: Introductionmentioning

confidence: 99%

Multi-fault Attack Detection for RNS Cryptographic Architecture

Bajard¹,

Eynard²,

Merkiche³

2016

2016 IEEE 23nd Symposium on Computer Arithmetic (ARITH)

View full text Add to dashboard Cite

International audienceResidue Number Systems (RNS) have been a topic of interest for years. Many previous works show that RNS is a good candidate for fast computations in asymmetric cryptography by using its intrinsic parallelization features. A recent result demonstrates that redundant RNS and modular reduction can fit together efficiently, providing an efficient RNS modular reduction algorithm owning a single-fault detection capability. In this paper, we propose to generalize this approach by protecting the classical Cox-Rower architecture against multi-fault attacks. We prove that faults occuring at different places and at different times can be detected with a linear cost for the architecture and a constant time for the execution

show abstract