[PDF] This is a Chapter from the Handbook of Applied Cryptography by A

View - Download This is a Chapter from the Handbook of Applied Cryptography by A

Previous PDF

Next PDF

This is a Chapter from theHandbook of Applied Cryptography, by A. Menezes, P. van

Oorschot, and S. Vanstone, CRC Press, 1996.

For further information, seewww.cacr.math.uwaterloo.ca/hac CRC Press has granted the following specic permissions for the electronic version of this book: Permission is granted to retrieve, print and store a single copy of this chapter for personal use. This permission does not extend to binding multiple chapters of the book, photocopying or producing copies for other than personal use of the person creating the copy, or making electronic copies available for retrieval by others without prior permission in writing from CRC Press. Except where over-ridden by the specic permission above, the standard copyright notice from CRC Press applies to this electronic version: Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microlming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specic permission must be obtained in writing from CRC Press for such copying. c ?1997 by CRC Press, Inc.

Chapter14

Ef®cient Implementation

Contents in Brief

14.1 Introduction:::::::::::::::::::::::::::::591

14.2 Multiple-precision integer arithmetic::::::::::::::::592

14.3 Multiple-precision modular arithmetic:::::::::::::::599

14.4 Greatest common divisor algorithms::::::::::::::::606

14.5 Chinese remainder theorem for integers::::::::::::::610

14.6 Exponentiation:::::::::::::::::::::::::::613

14.7 Exponent recoding:::::::::::::::::::::::::627

14.8 Notes and further references::::::::::::::::::::630

14.1 Introduction

Many public-key encryption and digital signature schemes, and some hash functions (see x9.4.3), require computations inZ m , the integers modulom(mis a large positive integer whichmayormaynotbeaprime). Forexample,theRSA,Rabin,andElGamalschemesre- quire ef®cient methods for performingmultiplication and exponentiationinZ m . Although Z m is prominent in many aspects of modern applied cryptography, other algebraic struc- turesarealsoimportant. Theseinclude,butarenotlimitedto,polynomialrings,®nite®elds, and ®nite cyclic groups. For example, the group formed by the points on an elliptic curve over a ®nite ®eld has considerable appeal for various cryptographicapplications. The ef®- ciency of a particular cryptographicscheme based on any one of these algebraic structures ing power available, software and/orhardwareoptimization,and mathematicalalgorithms. ing out computationsin the underlyingalgebraic structure. Since many of the most widely implemented techniques rely onZ m , emphasis is placed on ef®cient algorithms for per- forming the basic arithmetic operations in this structure (addition, subtraction, multiplica- tion, division, and exponentiation). Insome cases, severalalgorithmswill bepresentedwhichperformthesame operation. For example, a number of techniquesfor doing modular multiplication and exponentiation are discussed inx14.3 andx14.6, respectively. Ef®ciency can be measured in numerous ways; thus, it is dif®cultto de®nitivelystate which algorithmis the best. An algorithmmay be ef®cientin the time it takesto performa certain algebraicoperation,but quite inef®cient in the amount of storage it requires. One algorithm may require more code space than an- other. Dependingontheenvironmentinwhichcomputationsaretobeperformed,onealgo- rithm may be preferable over another. For example, current chipcard technology provides 591

592 Ch.14 Ef®cient Implementation

verylimitedstorageforbothprecomputedvaluesandprogramcode. Forsuchapplications, an algorithm which is less ef®cient in time but very ef®cient in memory requirements may be preferred. The algorithms described in this chapter are those which, for the most part, have re- ceived considerable attention in the literature. Although some attempt is made to point out their relative merits, no detailed comparisons are given.

Chapter outline

x14.2 deals with the basic arithmetic operations of addition, subtraction, multiplication, squaring, and division for multiple-precision integers.x14.3 describes the basic arithmetic m . Techniquesdescribedforper- forming modular reduction for an arbitrary modulusmare the classical method (x14.3.1), Montgomery's method (x14.3.2), and Barrett's method (x14.3.3).x14.3.4 describes a re- duction procedure ideally suited to moduli of a special form. Greatest common divisor (gcd) algorithms are the topic ofx14.4, including the binary gcd algorithm (x14.4.1) and Lehmer's gcd algorithm (x14.4.2). Ef®cient algorithms for performing extended gcd com- putations are given inx14.4.3. Modular inverses are also considered inx14.4.3. Garner's algorithmfor implementingthe Chinese remaindertheoremcanbe foundinx14.5.x14.6is a treatment of several of the most practical exponentiation algorithms.x14.6.1 deals with exponentiation in general, without consideration of any special conditions.x14.6.2 looks at exponentiationwhen the base is variable and the exponentis ®xed.x14.6.3considersal- gorithmswhich take advantage of a ®xed-base elementand variable exponent. Techniques ponentmay allow signi®cant performanceenhancements.x14.8 containsfurther notes and references.

14.2 Multiple-precision integer arithmetic

This section deals with the basic operations performed on multiple-precision integers: ad- dition, subtraction, multiplication, squaring,and division. The algorithms presentedin this section are commonly referred to as theclassical methods.

14.2.1 Radix representation

Positive integers can be represented in variousways, the most commonbeingbase10.For example,a= 123base10meansa=110 2 +210
1 +310
0 . For machinecomputations, base2(binary representation) is preferable. Ifa= 1111011base2,thena=2 6 +2 5 2 4 +2 3 +02 2 +2 1 +2 0

14.1 FactIfb2is an integer, then any positive integeracan be expressed uniquely asa=

a n b n +a n-1 b n-1 ++a 1 b+a 0 ,wherea i is an integer with0a i 14.2 De®nitionThe representation of a positive integeraas a sum of multiples of powers of b, as given in Fact 14.1, is called thebaseborradixbrepresentation ofa. c ?1997 by CRC Press, Inc. Ð See accompanying notice at front of chapter. x14.2 Multiple-precision integer arithmetic 593

14.3 Note(notation and terminology)

(i) The basebrepresentation of a positive integeragiven in Fact 14.1 is usually written asa=(a n a n-1 a 1 a 0 b . The integersa i ,0in, are calleddigits.a n is called themost signi®cant digitorhigh-order digit;a 0 theleast signi®cant digitor low-order digit.Ifb=10, the standard notation isa=a n a n-1 a 1 a 0 (ii) It is sometimes convenient to pad high-order digits of a basebrepresentation with

0's; such a padded number will also be referred to as the basebrepresentation.

(iii) If(a n a n-1 a 1 a 0 b is the basebrepresentationofaanda n 6 =0, thentheprecision orlengthofaisn+1.Ifn=0,thenais calledasingle-precisioninteger; otherwise, ais amultiple-precision integer.a=0is also a single-precision integer. The division algorithm for integers (see De®nition 2.82) provides an ef®cient method for determiningthe basebrepresentationof a non-negativeinteger,for a givenbaseb.This provides the basis for Algorithm 14.4.

14.4 AlgorithmRadixbrepresentation

INPUT: integersaandb,a0,b2.

OUTPUT: the basebrepresentationa=(a

n a 1 a 0 b ,wheren0anda n 6 =0ifn1.

1.i 0,x a,q b

x bquotesdbs_dbs27.pdfusesText_33

[PDF] decors chretiens de sainte sophie

[PDF] basilique sainte-sophie vikidia

[PDF] frise chronologique de sainte sophie

[PDF] chapelle du palais d'aix

[PDF] fonction dune basilique

[PDF] plan de la basilique sainte sophie

[PDF] sainte sophie plan

[PDF] conseiller d'animation sportive salaire

[PDF] fiches ressources eps lycée professionnel

[PDF] conseiller technique sportif salaire

[PDF] programme eps lycée professionnel 2016

[PDF] conseiller d'animation sportive fiche métier

[PDF] conseiller technique sportif fiche métier

[PDF] programme eps lycée 2010

[PDF] cqp aquagym