Abstract: Apparatus, methods, and computer program products are disclosed that enable a first computer and a second computer to mutually authenticate each other over a network. A first computer sends first authentication evidence to a second computer. The first authentication evidence is used to prove to the second computer that the first computer has access to a first plurality of authentication secrets without exposing the first plurality of authentication secrets. In addition, the second computer sends second authentication evidence to the first computer. The second authentication evidence is used to prove to the first computer that the second computer has access to a second plurality of authentication secrets without exposing the second plurality of authentication secrets. The first plurality of authentication secrets is related to the second plurality of authentication secrets. Thus, the first computer is authenticated to the second computer and the second computer is authenticated to the first computer.

Abstract: In response to executing an arithmetic instruction, a first number is multiplied by a second number, and a partial result from a previously executed single arithmetic instruction is fed back from a first carry save adder structure generating high order bits of the current arithmetic instruction to a second carry save adder tree structure being utilized to generate low order bits of the current arithmetic instruction to generate a result that represents the first number multiplied by the second number summed with the high order bits from the previously executed arithmetic instruction. Execution of the arithmetic instruction may instead generate a result that represents the first number multiplied by the second number summed with the partial result and also summed with a third number, the third number being fed to the carry save adder tree structure.

Abstract: In response to executing a single arithmetic instruction, a first number is multiplied by a second number, and a partial result from a previously executed single arithmetic instruction is added implicitly to generate a result that represents the first number multiplied by the second number summed with the partial result from a previously executed single arithmetic instruction. The high order portion of the generated result is saved in an extended carry register as a next partial result for use with execution of a subsequent single arithmetic instruction. Execution of a single arithmetic instruction may instead generate a result that represents the first number multiplied by the second number summed with the partial result and also summed with a third number.

Abstract: Modular multiplication of two elements X(t) and Y(t), over GF(2), where m is a field degree, may utilize field degree to determine, at least in part, the number of iterations. An extra shift operation may be employed when the number of iterations is reduced. Modular multiplication of two elements X(t) and Y(t), over GF(2), may include a shared reduction circuit utilized during multiplication and reduction. In addition, a modular multiplication of binary polynomials X(t) and Y(t), over GF(2), may utilize the Karatsuba algorithm, e.g., by recursively splitting up a multiplication into smaller operands determined according to the Karatsuba algorithm.

Abstract: Apparatus, methods, and computer program products are disclosed that enable a first computer and a second computer to mutually authenticate each other over a network. A first computer sends first authentication evidence to a second computer. The first authentication evidence is used to prove to the second computer that the first computer has access to a first plurality of authentication secrets without exposing the first plurality of authentication secrets. In addition, the second computer sends second authentication evidence to the first computer. The second authentication evidence is used to prove to the first computer that the second computer has access to a second plurality of authentication secrets without exposing the second plurality of authentication secrets. The first plurality of authentication secrets is related to the second plurality of authentication secrets. Thus, the first computer is authenticated to the second computer and the second computer is authenticated to the first computer.

Abstract: An elliptic curve processing apparatus that performs operations on elliptic curves specified over binary polynomial fields includes a functional unit that has a digit serial multiplier with a digit size of at least two bits. The elliptic curve processing apparatus performs reduction for respective generic curves using arbitrary irreducible polynomials, which correspond to respective ones of the generic curves. The elliptic curve processing apparatus may include hardwired reduction circuits in the functional unit for use with respective named curves. A storage location in the elliptic curve processing apparatus may be used to specify whether an operation is for one of the named curves or for one of the generic curves.

Abstract: Modular multiplication of two elements X(t) and Y(t), over GF(2), where m is a field degree, may utilize field degree to determine, at least in part, the number of iterations. An extra shift operation may be employed when the number of iterations is reduced. Modular multiplication of two elements X(t) and Y(t), over GF(2), may include a shared reduction circuit utilized during multiplication and reduction. In addition, a modular multiplication of binary polynomials X(t) and Y(t), over GF(2), may utilize the Karatsuba algorithm, e.g., by recursively splitting up a multiplication into smaller operands determined according to the Karatsuba algorithm.

Abstract: Modular multiplication of two elements X(t) and Y(t), over GF(2), where m is a field degree, may utilize field degree to determine, at least in part, the number of iterations. An extra shift operation may be employed when the number of iterations is reduced. Modular multiplication of two elements X(t) and Y(t), over GF(2), may include a shared reduction circuit utilized during multiplication and reduction. In addition, a modular multiplication of binary polynomials X(t) and Y(t), over GF(2), may utilize the Karatsuba algorithm, e.g., by recursively splitting up a multiplication into smaller operands determined according to the Karatsuba algorithm.

Abstract: A multiply execution unit that is operable to generate the integer product and the XOR product of a multiplicand and a multiplier. The multiply execution unit includes a summing circuit for summing a plurality of partial products. The partial products may be Booth encoded. The summing circuit can generate an integer sum of the plurality of partial products and can generate an XOR sum of the plurality of partial products. The summing circuit includes a first plurality of full adders. The first plurality of full adders each has three inputs, a carry output, and a sum output. The sum outputs of the first plurality of full adders are independent of the value of any carry output in the summing circuit. The summing circuit also includes a second plurality of full adders. The second plurality of full adders each has three inputs, a carry output, and a sum output.

Abstract: One embodiment of the present invention provides a system that performs modular division. This system contains a number of registers, including: a register A that is initialized with a value X; a register U that is initialized with a value Y; a register B that is initialized with a value M; and a register V that is initialized with a value 0. The system also includes a temporary register H, and a temporary register L. An updating mechanism is configured to iteratively reduce the contents of registers A and B to a value of one by applying a plurality of operations to registers A, B, U and V. During operation, this updating mechanism temporarily stores A+B in the temporary register H, and temporarily stores U+V in the temporary register L.

Abstract: One embodiment of the present invention provides a system that performs modular division. This system contains a number of registers, including: a register A that is initialized with a value X; a register U that is initialized with a value Y; a register B that is initialized with a value M; and a register V that is initialized with a value 0. The system also includes a counter CA that indicates an upper bound for the most-significant non-zero bit of register A. It also includes a counter CB that indicates an upper bound for the most-significant non-zero bit of register B. The system additionally includes a temporary register H, and a temporary register L. An updating mechanism is configured to iteratively reduce the contents of registers A and B to a value of one by applying a plurality of operations to registers A, B, U and V. During operation, this updating mechanism temporarily stores A+B in the temporary register H, and temporarily stores U+V in the temporary register L.

Abstract: In response to executing a single arithmetic instruction, a first number is multiplied by a second number, and a partial result from a previously executed single arithmetic instruction is added implicitly to generate a result that represents the first number multiplied by the second number summed with the partial result from a previously executed single arithmetic instruction. The high order portion of the generated result is saved in an extended carry register as a next partial result for use with execution of a subsequent single arithmetic instruction. Execution of a single arithmetic instruction may instead generate a result that represents the first number multiplied by the second number summed with the partial result and also summed with a third number.

Abstract: In response to executing an arithmetic instruction, a first number is multiplied by a second number, and a partial result from a previously executed single arithmetic instruction is fed back from a first carry save adder structure generating high order bits of the current arithmetic instruction to a second carry save adder tree structure being utilized to generate low order bits of the current arithmetic instruction to generate a result that represents the first number multiplied by the second number summed with the high order bits from the previously executed arithmetic instruction. Execution of the arithmetic instruction may instead generate a result that represents the first number multiplied by the second number summed with the partial result and also summed with a third number, the third number being fed to the carry save adder tree structure.

Abstract: The present invention provides a method for performing a point doubling operation with only one modular division and no multiply per operation. As a result, the invention reduces the number of mathematical operations needed to perform point doubling operations in elliptic curve computation. An elliptic curve cryptosystem using the present invention can be made to operate more efficiently using the present invention. An elliptic curve crypto-accelerator can be implemented using the present invention to dramatically enhance the performance of the elliptic curve cryptosystem. The invention derives the slope of a curve independently of the y-coordinate. By avoiding the calculation of the y term, one additional multiply is eliminated from each point-doubling operation. Using the invention, n consecutive point doublings can be reduced to n modular divisions and 1 multiply. This avoids the 2n multiplies of prior art approaches.

Abstract: A multiply execution unit that is operable to generate the integer product and the XOR product of a multiplicand and a multiplier. The multiply execution unit includes a summing circuit for summing a plurality of partial products. The partial products may be Booth encoded. The summing circuit can generate an integer sum of the plurality of partial products and can generate an XOR sum of the plurality of partial products. The summing circuit includes a first plurality of full adders. The first plurality of full adders each has three inputs, a carry output, and a sum output. The sum outputs of the first plurality of full adders are independent of the value of any carry output in the summing circuit. The summing circuit also includes a second plurality of full adders. The second plurality of full adders each has three inputs, a carry output, and a sum output.

Abstract: The invention provides a method for performing modular division adapted for division in integer fields. Integer modular divisions are used in the computation of Elliptic Curve digital signature generation and verification. The algorithm can be implemented to provide division in integer fields completed in 2(m−1) steps. This method provides a solution to the elliptical curve cryptosystems based on prime integer fields.

Abstract: One embodiment of the invention is a general-purpose processor. The general-purpose processor is configured to receive and execute instructions. The processor includes an integer execution unit. The processor also includes a binary polynomial execution unit.

Abstract: The present invention provides a method for performing an inversion and multiply in a single operation as a polynomial divide operation. As a result, the invention reduces the number of mathematical operations needed to perform point doubling and point addition operations. An elliptic curve cryptosystem using the present invention can be made to operate more efficiently using the present invention. An elliptic curve crypto-accelerator can be implemented using the present invention to dramatically enhance the performance of the elliptic curve cryptosystem. The invention uses five registers A, B, U, V, and M, to accomplish a polynomial divide operation. Four registers A, B, U, and V are initialized with values so that the registers maintain a number of invariant relationships. The registers store initial values a(t)=x(t), u(t)=y(t), b(t)=prime(t), and v(t)=0. Here the polynomials in registers A, U, B, and V are denoted as a(t), u(t), b(t), and v(t), respectively.

Abstract: Modular multiplication of two elements X(t) and Y(t), over GF(2), where m is a field degree, may utilize field degree to determine, at least in part, the number of iterations. An extra shift operation may be employed when the number of iterations is reduced. Modular multiplication of two elements X(t) and Y(t), over GF(2), may include a shared reduction circuit utilized during multiplication and reduction. In addition, a modular multiplication of binary polynomials X(t) and Y(t), over GF(2), may utilize the Karatsuba algorithm, e.g., by recursively splitting up a multiplication into smaller operands determined according to the Karatsuba algorithm.

Abstract: An elliptic curve processing apparatus that performs operations on elliptic curves specified over binary polynomial fields includes a functional unit that has a digit serial multiplier with a digit size of at least two bits. The elliptic curve processing apparatus performs reduction for respective generic curves using arbitrary irreducible polynomials, which correspond to respective ones of the generic curves. The elliptic curve processing apparatus may include hardwired reduction circuits in the functional unit for use with respective named curves. A storage location in the elliptic curve processing apparatus may be used to specify whether an operation is for one of the named curves or for one of the generic curves.