Abstract: A method in one aspect may include receiving a multiply instruction. The multiply instruction may indicate a first source operand and a second source operand. A product of the first and second source operands may be stored in one or more destination operands indicated by the multiply instruction. Execution of the multiply instruction may complete without writing a carry flag. Other methods are also disclosed, as are apparatus, systems, and instructions on machine-readable medium.

Abstract: A method in one aspect may include receiving an add instruction. The add instruction may indicate a first source operand, a second source operand, and a third source operand. A sum of the first, second, and third source operands may be stored as a result of the add instruction. The sum may be stored partly in a destination operand indicated by the add instruction and partly a plurality of flags. Other methods are also disclosed, as are apparatus, systems, and instructions on machine-readable medium.

Abstract: The present disclosure provides a system and method for performing modular exponentiation. The method may include dividing a first polynomial into a plurality of segments and generating a first product by multiplying the plurality of segments of the first polynomial with a second polynomial. The method may also include generating a second product by shifting the contents of an accumulator with a factorization base. The method may further include adding the first product and the second product to yield a first intermediate result and reducing the first intermediate result to yield a second intermediate result. The method may also include generating a public key based on, at least in part, the second intermediate result. Of course, many alternatives, variations and modifications are possible without departing from this embodiment.

Abstract: An area efficient multiplier having high performance at modest clock speeds is presented. The performance of the multiplier is based on optimal choice of a number of levels of Karatsuba decomposition. The multiplier may be used to perform efficient modular reduction of large numbers greater than the size of the multiplier.

Abstract: The present disclosure provides a method for performing modular exponentiation. The method may include generating a first remainder (xp) based on an encrypted message (X) modulo a first prime number (p) and generating a second remainder (xq) based on the encrypted message (X) modulo a second prime number (q). The method may further include generating a third remainder (v1) based on the first remainder (xp) raised to a first private key number (d1) modulo the first prime number (p) and simultaneously generating a fourth remainder (v2) based on the second remainder (xq) raised to a second private key number (d2) modulo the second prime number (q). The method may also include subtracting the fourth remainder (v2) from the third remainder (v1) to yield a result (v1?v2) and multiplying the result (v1?v2) by a constant (c) to produce a second result.

Abstract: A time-invariant method and apparatus for performing modular reduction that is protected against cache-based and branch-based attacks is provided. The modular reduction technique adds no performance penalty and is side-channel resistant. The side-channel resistance is provided through the use of lazy evaluation of carry bits, elimination of data-dependent branches and use of even cache accesses for all memory references.

Abstract: In one embodiment, circuitry is provided to generate a residue based at least in part upon operations and a data stream generated based at least in part upon a packet. The operations may include at least one iteration of at least one reduction operation including (a) multiplying a first value with at least one portion of the data stream, and (b) producing a reduction by adding at least one other portion of the data stream to a result of the multiplying. The operations may include at least one other reduction operation including (c) producing another result by multiplying with a second value at least one portion of another stream based at least in part upon the reduction, (d) producing a third value by adding at least one other portion of the another stream to the another result, and (e) producing the residue by performing a Barrett reduction based at least in part upon the third value.

Abstract: A method and apparatus for testing mathematical programs where code coverage is exceedingly difficult to hit with random data test vectors (probability <2?64) is provided. To enable testing of the mathematical program, instructions in the mathematical program are trapped. Errors are injected through the use of any status/control flag where an error can be created and be rectified later by a reversible operation so that the result of the mathematical operation is not modified by the injected error.

Abstract: A method and apparatus to optimize each of the plurality of reduction stages in a Cyclic Redundancy Check (CRC) circuit to produce a residue for a block of data decreases area used to perform the reduction while maintaining the same delay through the plurality of stages of the reduction logic. A hybrid mix of Karatsuba algorithm, classical multiplications and serial division in various stages in the CRC reduction circuit results in about a twenty percent reduction in area on the average with no decrease in critical path delay.

Abstract: In one aspect, circuitry to determine a modular remainder with respect to a polynomial of a message comprised of a series of segment. In another aspect, circuitry to access at least a portion of a first number having a first endian format, determine a second number based on a bit reflection and shift of a third number having an endian format opposite to that of the first endian format, and perform a polynomial multiplication of the first number and the at least a portion of the first number.

Abstract: A method and apparatus for testing mathematical programs where code coverage is exceedingly difficult to hit with random data test vectors (probability <2?64) is provided. To enable testing of the mathematical program, instructions in the mathematical program are trapped. Errors are injected through the use of any status/control flag where an error can be created and be rectified later by a reversible operation so that the result of the mathematical operation is not modified by the injected error.

Abstract: Modulus scaling applied a reduction techniques decreases time to perform modular arithmetic operations by avoiding shifting and multiplication operations. Modulus scaling may be applied to both integer and binary fields and the scaling multiplier factor is chosen based on a selected reduction technique for the modular arithmetic operation.

Abstract: The computation time to perform scalar point multiplication in an Elliptic Curve Group is reduced by modifying the Barrett Reduction technique. Computations are performed using an N-bit scaled modulus based a modulus m having k-bits to provide a scaled result, with N being greater than k. The N-bit scaled result is reduced to a k-bit result using a pre-computed N-bit scaled reduction parameter in an optimal manner avoiding shifting/aligning operations for any arbitrary values of k, N.

Abstract: Basis conversion from normal form to canonical form is provided for both generic polynomials and special irreducible polynomials in the form of “all ones”, referred to as “all-ones-polynomials” (AOP). Generation and storing of large matrices is minimized by creating matrices on the fly, or by providing an alternate means of computing a result with minimal hardware extensions.

Abstract: Time to perform scalar point multiplication used for ECC is reduced by minimizing the number of shifting operations. These operations are minimized by applying modulus scaling by performing selective comparisons of points at intermediate computations based on primality of the order of an ECC group.

Abstract: A unified integer/Galois-Field 2m multiplier performs multiply operations for public-key systems such as Rivert, Shamir, Aldeman (RSA), Diffie-Hellman key exchange (DH) and Elliptic Curve Cryptosystem (ECC). The multiply operations may be performed on prime fields and different composite binary fields in independent multipliers in an interleaved fashion.

Abstract: A system for performing public key encryption is provided. The system supports mathematical operations for a plurality of public key encryption algorithms such as Rivert, Shamir, Aldeman (RSA) and Diffie-Hellman key exchange (DH) and Elliptic Curve Cryptosystem (ECC). The system supports both prime fields and different composite binary fields.

Abstract: Basis conversion from polynomial-basis form to normal-basis form is provided for both generic polynomials and special irreducible polynomials in the form of “all ones”, referred to as “all-ones-polynomials” (AOP). Generation and storing of large matrices is minimized by creating matrices on the fly, or by providing an alternate means of computing a result with minimal hardware extensions.

Abstract: A key scheduler performs a key-expansion to generate round keys for AES encryption and decryption just-in-time for each AES round. The key scheduler pre-computes slow operations in a current clock cycle to reduce the critical delay path for computing the round key for a next AES round.

Abstract: The speed at which encrypt and decrypt operations may be performed in a general purpose processor is increased by providing a separate encrypt data path and decrypt data path. With separate data paths, each of the data paths may be individually optimized in order to reduce delays in a critical path. In addition, delays may be hidden in a non-critical last round.