Abstract: Several different approaches to performing the modulus operation are presented. In one, a method of performing the modulus operation upon a dividend and a divisor within a limited range is discussed. The method involves storing a reference value, receiving a dividend value, and calculating a number of derived inputs. Each of the derived inputs corresponds to the dividend value minus the reference value, and is then further modified by a multiple of the divisor. Using the divisor to select between these derived inputs provides the answer.

Abstract: A method and apparatus for a modulo N operation are provided. The method for a modulo N operation on a positive integer X includes converting the positive integer X into a binary number, determining whether a modulo N is expressed by a product of 2 to the mth power and a value obtained by adding or subtracting one to or from 2 to the nth power, calculating the positive integers m and n, if the modulo N is expressed by the product of 2 to the mth power and the value obtained by adding or subtracting one to or from 2 to the nth power, and grouping the binary number of the positive integer X into bit units varying according to the positive integers m and n to perform operation on the binary number of the positive integer X. Accordingly, it is possible to reduce complexity of a modulo operation using a simple adder and logic circuit.

Abstract: The present disclosure provides a system and method for performing modular exponentiation. The method includes loading a first word of a vector from memory into a first register and subsequently loading the first word from the first register to a second register. The method may also include loading a second word into the first register and loading at least one bit from the second register into an arithmetic logic unit. The method may further include performing modular exponentiation on the at least one bit to generate a result and generating a public key based upon, at least in part, the result. Of course, many alternatives, variations and modifications are possible without departing from this embodiment.

Abstract: The electronic circuit arrangement is used for generating poly-phase sequences as synchronization sequences and/or reference sequences in radio communications systems. It comprises a first adder, a first multiplier, a first register, a second register, a first counter and a trigonometry device. The first adder adds a value (km) formed from the value (k) of the counter to the value (B) of the first register. The first multiplier multiplies the value (A) of the second register by a value (y) formed from the value (B) of the first register and the value (k) of the counter. The trigonometry device forms the real part and the imaginary part of the present value of the poly-phase sequence (ak) from a value formed at least from the output value (wk) of the first multiplier.

Abstract: A modular multiplication processing apparatus is provided that can process modular multiplication of data exceeding a bit length which a coprocessor can process, by using the coprocessor based upon Montgomery multiplication In the modular multiplication processing apparatus, data to be subjected to modular multiplication is decomposed, and the decomposed data elements are transformed into a form suitable for Montgomery multiplication, respectively. Further, after respective data elements are transformed to have sizes that can be inputted into a coprocessor, Montgomery multiplication is repeatedly performed in the coprocessor. A remainder of Montgomery multiplication of an original bit length is restored from the obtained remainder.

Abstract: An extension of the serial/parallel Montgomery modular multiplication method with simultaneous reduction as previously implemented by the applicants, adapted innovatively to perform both in the prime number and in the GF(2q) polynomial based number field, in such a way as to simplify the flow of operands, by performing a multiple anticipatory function to enhance the previous modular multiplication procedures.

Abstract: A method for masking several identical functional processes manipulating digital data, including dividing the functional processes into steps at the end of each of which the process can be interrupted with the storage of at least one intermediary result, and successively executing the steps of at least two processes and selecting, at each step end, the process of the next step according to the result of a non-deterministic drawing of a number.

Abstract: A modulo N calculating method for an M1*M2-bit binary integer, wherein N, M1 and M2 are integers, includes the steps of dividing the M1*M2-bit binary integer into M1 bits and performing AND operation on each M1 bits and a specific binary integer; and changing a value of an output register depending on the AND operation result and storing the value thereto. A modulo N calculating apparatus includes an input unit for receiving an M1*M2-bit binary integer, wherein N, M1 and M2 are integers; and an AND operation unit for performing AND operation on the M1*M2-bit binary integer and a specific binary integer. Furthermore, when the M1 and the N may be 4 and 3, respectively, the specific binary value may be 1010 or 0101.

Abstract: A data encryption method performed with ring arithmetic operations using a residue number multiplication process wherein a first conversion to a first basis is done using a mixed radix system and a second conversion to a second basis is done using a mixed radix system. In some embodiments, a modulus C is be chosen of the form 2w?L, wherein C is a w-bit number and L is a low Hamming weight odd integer less than 2(w?1)/2. And in some of those embodiments, the residue mod C is calculated via several steps. P is split into 2 w-bit words H1 and L1. S1 is calculated as equal to L1+(H12x1)+(H12x2)+ . . . +(H12xk)+H1. S1 is split into two w-bit words H2 and L2. S2 is computed as being equal to L2+(H22x1)+(H22x2)+ . . . +(H22xk)+H2. S3 is computed as being equal to S2+(2x1+ . . . +2xk+1). And the residue is determined by comparing S3 to 2w. If S3<2w, then the residue equals S2. If S3?2w, then the residue equals S3?2w.

Abstract: A system and method for computing A mod (2n?1), where A is an m bit quantity, where n is a positive integer, where m is greater than or equal to n. The quantity A may be partitioned into a plurality of sections, each being at most n bits long. The value A mod (2n?1) may be computed by adding the sections in mod(2n?1) fashion. This addition of the sections of A may be performed in a single clock cycle using an adder tree, or, sequentially in multiple clock cycles using a two-input adder circuit provided the output of the adder circuit is coupled to one of the two inputs. The computation A mod (2n?1) may be performed as a part of an interleaving/deinterleaving operation, or, as part of an encryption/decryption operation.

Abstract: A method for protecting a generation, by an electronic circuit, of at least one prime number by testing the prime character of successive candidate numbers, including: for each candidate number: the calculation of a reference number involving at least one first random number, and at least one primality test based on modular exponentiation calculations; and for a candidate number having successfully passed the primality test: a test of consistency between the candidate number and its reference number.

Abstract: Provided are a modular multiplier apparatus in which a value of a long path carry (LPC) is predicted to reduce a critical path of an arithmetic operation of Montgomery modular multiplication, and a method of reducing the critical path of the arithmetic operation.

Abstract: To detect a change in data produced by a system, predicted data values for plural time points are computed. Actual data values for the plural time points are received, and residual values are derived from differences between the predicted data values and actual data values. Based on the computed residual values, a time point at which the change in data occurred is determined.

Abstract: In a method for modular multiplication using a multiplication look-ahead process for computing a multiplication shift value and a reduction look-ahead process for computing a reduction shift value, a modulus is first transformed into a transformed modulus that is greater than said modulus. The transformation is carried out such that a predetermined fraction of the transformed modulus has a higher-order digit with a first predetermined value that is followed by at least one low-order digit having a second predetermined value. During the iterative working off of the modular multiplication using the multiplication look-ahead process and the reduction look-ahead process, the transformed modulus is utilized so as to obtain at the end of the iteration a transformed result for the modular multiplication. Finally, the transformed result is re-transformed by modular reduction using the original modulus.

Abstract: A computer connected to a memory. The computer to execute an encryption program in the memory. The encryption program including an incremental modular multiplication portion to calculate a first product. The incremental modular multiplication portion to calculate a second product from a prefixed first product. A modular reduction portion to reduce the second product. The reduced second product is provided to a multiplication portion of the encryption program to generate encryption keys.

Abstract: In a Montgomery multiplier, a modulus product generator may select a modulus product from a plurality of selectable n-bit modulus numbers M, a given modulus number M being formed from a currently input extended chunk of bits among the n-bit modulus numbers. A partial product generator may select a multiplicand number from a plurality of selectable n-bit multiplicands A as a partial product, a given multiplicand A being formed from a currently input extended chunk of bits among the n-bit multiplicands. An accumulator may accumulate the selected modulus product and partial product to generate a multiplication result. The Montgomery multiplier may be part of an operation unit that may include a memory and host, and may be adapted to perform a Montgomery multiplication operation and a normal multiplication operation based on a logic state of a control signal input thereto.

Abstract: Montgomery multiplication can be computed quickly by using carry save adders and parallel multipliers. We present an enhanced technique for very fast Montgomery multiplication that can be used for RSA calculations. This invention utilizes a scalable bit word implementation, suitable for very large bit encryptions. Such designs can be deployed on mid-level FPGAs that have dedicated multiplier logic, on ASICs, or on custom circuits. To our knowledge, our technique yields some of the fastest RSA encryption times to be reported, having area requirements similar to related work. Such circuits can be ideal for increased security in sensitive communication fields.

Abstract: A Montgomery multiplication device calculates a Montgomery product of an operand X and an operand Y with respect to a modulus M and includes a plurality of processing elements. In a first clock cycle, two intermediate partial sums are created by obtaining an input of length w?1 from a preceding processing element as w?1 least significant bits. The most significant bit is configured as either zero or one. Then, two partial sums are calculated using a word of the operand Y, a word of the modulus M, a bit of the operand X, and the two intermediate partial sums. In a second clock cycle, a selection bit is obtained from a subsequent processing element and one of the two partial sums is selected based on the value of the selection bit. Then, the selected partial sum is used for calculation of a word of the Montgomery product.

Abstract: Techniques are disclosed to provide randomized signal transforms and/or their applications. More particularly, a signal (e.g., an audio signal, an image, or a video signal) is transformed by applying randomly-selected basis functions to the signal. The applications of the randomized signal transforms include, but are not limited to, compression, denoising, hashing, identification, authentication, and data embedding (e.g., watermarking).

Abstract: A method for calculating a conversion parameter of the Montgomery modular multiplication to improve the efficiency of software installation, comprising a first step for calculating H0=2v×R (mod n) (where v is an integer, v?1, and (m×k)/v is an integer), a second step for calculating Hp=2v×2^p×R (mod n) from H0=2v×R (mod n) by repeating Hi=REDC(Hi?1, Hi?1)n with respect to i=1, 2, . . . , p (where p represents an integer satisfying the condition 2p?(m×k)/v>2p?1, REDC represents the Montgomery modular multiplication REDC(a, b)n=a×b×R?1 (mod n), and x^i represents exponential computation xi); and a third step for calculating Hp=R2 (mod n) by calculating Hp=REDC(Hp, g)n with respect to Hp obtained in the second step when 2p>(m×k)/v (where g=2k×E(p,m,k), E(p, m, k)=2×m?(v×2p)/k) and finally outputting Hp as R2 (mod n).

Abstract: The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.

Abstract: A parallel residue arithmetic operation unit is provided to make it possible to reduce processing delay, and to make an additional multiplier or a residue arithmetic circuit unnecessary, so that a circuit can become small in size. In the parallel residue arithmetic operation unit, a parallel CRC calculation circuit (100) is comprised of input terminals (101)-(104) to which input data are divided into a plurality of sub-blocks and the sub-blocks are input in parallel, an initial value generating unit (110) for generating a part CRC corresponding to the forefront of each sub-block as an initial value, a part CRC generating unit (111)-(114) for receiving the part CRC corresponding to the forefront of each sub-block as the initial value and sequentially generating a residue part CRC in accordance with a recurrent equation, AND units (121)-(124) for calculating logical multiplications of part CRC values, and a cumulative adding unit (130) for cumulatively adding values output from the AND units (121)-(124).

Abstract: The cryptographic method is used in transactions for which a first entity generates, by use of a private RSA key, a proof verifiable by a second entity by use of a public RSA key associated with said private key. The public key includes an exponent and a modulus. The first entity generates a first element of proof by a calculation that can be performed independently of the transaction, and a second element of proof related to the first element of proof and which depends on a common number shared by the first and the second entities specifically for the transaction. The second entity verifies that the first element of proof is related, modulo the modulus of the public key, to a power of a generic number, with an exponent equal to a linear combination of the common number and of a product of the exponent of the public key by the second element of proof.

Abstract: In one embodiment, circuitry is provided to generate a residue based at least in part upon operations and a data stream generated based at least in part upon a packet. The operations may include at least one iteration of at least one reduction operation including (a) multiplying a first value with at least one portion of the data stream, and (b) producing a reduction by adding at least one other portion of the data stream to a result of the multiplying. The operations may include at least one other reduction operation including (c) producing another result by multiplying with a second value at least one portion of another stream based at least in part upon the reduction, (d) producing a third value by adding at least one other portion of the another stream to the another result, and (e) producing the residue by performing a Barrett reduction based at least in part upon the third value.

Abstract: Systems, methods and computer program products for providing a combined moduli-9 and 3 residue generator. The methods include receiving a number in binary coded decimal (BCD) or binary format. A modulus-9 residue of the number is calculated. The modulus-9 residue that is calculated includes a modulus-3 residue of the number. The modulus-3 residue of the number is output. If the number is in BCD format, then the modulus-9 residue of the number is output.

Abstract: The modular operation apparatus of the present invention that enables to improve the tamper resistance to the side channel attacks includes an operator that carries out a Montgomery multiplication according to one of a first multiplicand and a second multiplicand, a multiplier, and a divisor, a first multiplicand register that stores an operation result of the Montgomery multiplication as the first multiplicand, a subtractor that subtracts the divisor from the operation result of the Montgomery multiplication, a second multiplicand register that stores a subtraction result of the subtractor as the second multiplicand, and a selector that outputs one of a value of the first multiplicand register and a value of the second multiplicand register according to a comparison result between the operation result of the Montgomery multiplication and the divisor.

Abstract: A modular-3 calculation method for binary number includes: determining whether two 1s consecutive from MSB exist in a binary number, when a target value for modular-3 calculation is inputted, and generating a first binary number by substituting the two 1s with 0 whenever the consecutive two 1s exist; performing a modular-3 calculation on the first binary number; and determining the result of the modular-3 calculation.

Abstract: A residue generator for calculation and correction of a residue value. The residue generator includes a residue-generation tree connected with an operand register at an input of the residue generator including a plurality of register-bits receiving and carrying bits of numerical data.

Abstract: A modulo reduction is performed on a value a represented as an ordered sequence of computer readable words. The lowest order words are eliminated by substituting an equivalent value represented by higher order words for each of the lower order words. The lowest order words are eliminated until the sequence has a word length corresponding to the modulus. Carries and borrows resulting from the substitution are propagated from lower order words to higher order words. Further reduction is performed to maintain the word length of the sequence to that of the modulus. The further reduction may be determined by examination of a carryover bit or may be performed a predetermined number of times without examination.

Abstract: Provided is a method of calculating a negative inverse of a modulus, wherein the negative inverse, which is an essential element in Montgomery multiplication, is quickly obtained. The method includes setting a modulus, defining P obtained by converting the modulus to a negative number, and defining S obtained by subtracting 1 from P, and calculating a negative inverse of the modulus by using P and S.

Abstract: A cryptographic method is described. The method comprises storing binary data representing at least a portion of a field element of an odd-characteristic finite field GF(pk) in a register, p being an odd prime number, the field element comprising k coefficients in accordance with a polynomial-basis representation, the binary data comprising plural groups of data bits, wherein each group of data bits represents an associated one of the k coefficients and processing the binary data in accordance with a cryptographic algorithm such that the plural groups of data bits are processed in parallel. An apparatus comprising a memory and a processing unit coupled to the memory to carry out the method is also described.

Abstract: A method for determining, for use in ciphers, all of the prime numbers within the large numeric series: 5, 6, 7, 8, 9, 10, 11, 12, . . . , n, the method including steps of setting n?=?n/6?; establishing the small numeric series, 6(1)?1, 6(1)+1, 6(2)?1, 6(2)+1, 6(3)?1, 6(3)+1, . . .

Abstract: A distributed residue checking apparatus for a floating point unit having a plurality of functional elements performing floating-point operations on a plurality of operands. The distributed residue checking apparatus includes a plurality of residue generators which generate residue values for the operands and the functional elements, and a plurality of residue checking units distributed throughout the floating point unit. Each residue checking unit receives a first residue value and a second residue value from respective residue generators and compares the first residue value to the second residue value to determine whether an error has occurred in a floating-point operation performed by a respective functional element.

Abstract: Aspects relate to systems and methods implementing a scheme allowing a Verifier (V) to authenticate a Prover (P). The scheme comprises pre-sharing between V and P a graph of nodes. Each node is associated with a polynomial. V sends P data comprising data for selecting a polynomial of the graph, such as traversal data for proceeding from a known node to another node, a time interval, and a number k. P uses the time interval in an evaluation of the polynomial. P then uses the evaluation as a ? in a Poisson distribution, and determines a value related to a probability that a number of occurrences of an event equals k. P sends the determined value to V. V performs a similar determination to arrive at a comparison value. P authenticates V if the separately determined values match, or otherwise meet expectations. The process can be repeated to increase confidence in authentication.

Abstract: Embodiments of apparatuses and methods for multiplicand shifting in a linear systolic array modular multiplier are disclosed. In one embodiment, an apparatus includes two processing elements of a linear systolic array. One processing element includes multiplication logic, multiplicand shift logic, an adder, modulus logic, and modulus shift logic. The multiplication logic is to multiply a word of the multiplicand and a bit of the multiplier to generate a product. The multiplicand shift logic is to shift the word of the multiplicand. The adder is to add the product to a first running sum to generate a second running sum. The modulus logic is to conditionally add a word of a modulus and the second running sum. The modulus shift logic is to shift the word of the modulus. The next processing element includes logic to multiply the shifted word of the multiplicand and the next bit of the multiplier.

Abstract: A system to process multiplier X and multiplicand Y may include multiplication of a least-significant bit of X and a least-significant w bits of Y to generate a least-significant w bits of product Z. The system may further include determination of whether a least-significant bit of product Z is 1, addition of a least-significant w bits of modulus M to the least-significant w bits of product Z if the least-significant bit of product Z is 1, multiplication of the least-significant bit of X and bits 2w-1:w of Y to generate bits 2w-1:w of product Z, and addition of bits 2w-1:w of modulus M to bits 2w-1:w of product Z if the least-significant bit of product Z is 1.

Abstract: In general, in one aspect, the invention features a circuit, method, and computer-readable media for calculating xmody, wherein x and y are binary numbers, and wherein y is an even number.

Abstract: A method for calculating a modulo operation a mod p uses a table (1) containing the values n*p for n=1, 2, . . . . In this case, a and p are positive integers where a mod p=a?n*p. An integral hypothesis nH is calculated for the unknown value n. Afterwards, the values nH*p and also at least one adjacent value (nH+1)*p and/or (nH?1)*p are looked up in the table (1). The expressions a?nH*p and also a?(nH+1)*p and/or a?(nH?1)*p are calculated and at least one of these expressions is compared with the value 0. n is thereupon determined.

Abstract: A technique is provided for performing modular multiplication. In one embodiment, an apparatus in a microprocessor is provided for accomplishing modular multiplication operations. The apparatus includes translation logic and execution logic. The translation logic receives an atomic Montgomery multiplication instruction from a source therefrom, where the atomic Montgomery multiplication instruction prescribes generation of a Montgomery product. The translation logic translates the atomic Montgomery multiplication instruction into a sequence of micro instructions specifying sub-operations required to accomplish generation of the Montgomery product. The execution logic is operatively coupled to the translation logic. The execution logic receives the sequence of micro instructions, and performs the sub-operations to generate the Montgomery product.

Abstract: A cryptographic processing device, comprising: a storage unit; initial setting unit for setting a value to be stored in the storage unit; Montgomery modular multiplication operation unit for performing a Montgomery modular multiplication operation plural times for a value set by the initial setting unit; and fault attack detection unit for determining whether or not a fault attack occurred for each of at least some parts of the Montgomery modular multiplication operations performed plural times.

Abstract: The subject invention pertains to a method and apparatus for performing computations using residue arithmetic. The subject method and apparatus can utilize logic gates for performing calculations such as multiplication by a constant, computing a number theoretic logarithm of a residue for a given base ?i and modulus pi and computing the product of two residues, modulo Pi- The use of logic gates can offer advantages when compared with the use of ROMs for table look-up functions in integrated RNS digital signal processor implementations.

Abstract: REDC (A*B) is calculated for the values A and B by using a Montgomery's algorithm REDC. The part related to the A*B is performed by the three-input two-output product-sum calculation circuit. One digit ai of the value A, one digit bj of the value B and a carry value c1 are input to the product-sum calculation circuit, and ai*bj+c1 is calculated thereat. The higher-order digit of the r-adic two-digit of the calculation result is used as the carry value c1, and the lower digit is used for a later calculation. Further, one digit ni of a modulo N for the REDC, a predetermined value m and a carry value c2 are input into the product-sum calculation circuit, and n*ni+c2 is calculated thereat. The higher-order digit is used as the carry value c2, and the lower digit is used for a later calculation.

Abstract: According to some embodiments of the invention, a message is processed before encryption so that the encryption method generates a short ciphertext. The message processing can be viewed as a mapping (610) that maps the message into another message that generates the short ciphertext. The mapping is reversible at least if the (possibly encoded) message (H(M)) is in a restricted set, e.g. a set [0,h?] of short messages. In some embodiments of the present invention, short signatures are provided by mapping the signature into a short signature. The mapping (810) is reversible at least if the original message (H(M)) used to generate the signature is short. Signcryption, aggregate signature, and ring signature outputs are also shortened.

Abstract: A system, method, and apparatus for performing hardware-based cryptographic operations are disclosed. The apparatus can include an encryption device with a hardware accelerator having an accumulator, a multiplier circuit, an adder circuit, and a state machine. The state machine can control successive operation of the hardware accelerator to carry out a rapid, multiplier-based reduction of a large integer by a prime modulus value. Optionally, the hardware accelerator can include a programmable logic device such as a field-programmable gate array with one or more dedicated multiple-accumulate blocks.

Abstract: An apparatus for calculating a modular multiplication includes an examiner for examining digits of the multiplier with a lookahead algorithm to obtain a multiplication shift value. In addition, a determinator and intermediate-result shift value are provided which determine a positive intermediate-result shift value. A calculator for calculating a multiplicand shift value as the difference between the intermediate-result shift value and the multiplication shift value. The intermediate result from the preceding iteration step as well as the multiplicand are then shifted by the corresponding shifting magnitudes to then perform a three-operands addition with the shifted values, if need be while considering lookahead parameters.

Abstract: An apparatus and method for generation of an M-length permutation sequence in a broadband wireless communication system are provided. Operations of a generator include splitting an L2-length seed value into a first part and a second part, determining coefficients of a generator polynomial using values of the first part and the second part, and calculating the permutation sequence using the generator polynomial.

Abstract: A power-residue calculating unit according to one embodiment of the present invention includes a multiplication residue calculating unit performing a multiplication calculation and a residue calculation based on a multiplicand, a multiplier, and a divisor, a power storing portion separately storing value of each bit when a power is shown by a binary number, a first selecting circuit outputting one of an output of the multiplication residue calculating unit and the multiplicand depending on the value of the bit that is referred, and a result storing register storing an output value of the first selecting circuit as a calculation result.

Abstract: An apparatus and method for generation of an M-length permutation sequence in a broadband wireless communication system are provided. Operations of a generator include splitting an L2-length seed value into a first part and a second part, determining coefficients of a generator polynomial using values of the first part and the second part, and calculating the permutation sequence using the generator polynomial.

Abstract: A method for generating an accelerated and/or decelerated chaotic sequence. The method involves selecting a plurality of polynomial equations constructed from an acc-dec variable v. The method also involves selecting a value for the acc-dec variable v for advancing or stepping back a chaotic sequence generation by at least one cycle at a given time. The method further involves using residue number system (RNS) arithmetic operations to respectively determine solutions for the polynomial equations using the acc-dec variable v. The solutions iteratively computed and expressed as RNS residue values. The method involves determining a series of digits in a weighted number system based on the RNS residue values.

Abstract: A cryptographic system (1000) is provided. The cryptographic system includes a data stream receiving means (DSRM), a number generator (NG), a mixed radix accumulator (MRA) and an encryptor. The DSRM (1002) receives a data stream (DS). The NG (702) generates a first number sequence (FNS) contained within a Galois Field GF[M]. The MRA (750) is configured to perform a first modification to a first number (FN) in FNS. The first modification involves summing the FN with a result of a modulo P operation performed on a second number in FNS that proceeds FN. The MRA is also configured to perform a second modification to FN utilizing a modulo P operation. The MRA is further configured to repeat the first and second modification for numbers in FNS to generate a second number sequence (SNS). The encryptor (1004) is configured to generate a modified data stream by combining SNS and DS.