Abstract: Two related extended precision operand formats provide for efficient multiply/accumulate operations in a SIMD data processing system. Each format utilizes a group of “b” bit elements in a vector register. Each of the elements provides “m” bits of precision, with b>m. The remaining b−m bits in each element accumulate overflows and carries across multiple additions and subtractions. Existing SIMD multiply-sum instructions can be used to efficiently take input operands from the first format and produce output results in the second extended precision format when b2=2b1 and m2=2m1.

Abstract: A modular arithmetic method and microelectronic apparatus therefore, operative to perform a sequence of interleaved Montgomery type multiplications and squaring operations, involves performing a sequence of modular multiplications and squarings using only a single carry save adder. Each multiplication is operative to perform the equivalent of three natural integer multiplication operations using an anticipatory device to determine a Y0 value, such that a result is an exponentiation.

Abstract: A scheme for carrying out modular calculations which is capable of carrying out modular calculations using redundant binary calculation even when a number of bits of the mantissa (dividend) is larger than a number of bits of the modulus (divisor). In this scheme, the divisor c in the divisor register is left shifted by (i−j) digits when a number of digits j of the divisor c is less than a number of digits i that can be stored in the divisor register, and the modular reduction a mod c is calculated up to (i−j)-th decimal place using the dividend a and the left shifted divisor c.

Abstract: A modular arithmetic coprocessor designed to perform computations according to the Montgomery method includes a division circuit to perform integer divisions. The integer division circuit computes the division of a binary data element A encoded on n+n (bits by a binary data element B encoded on n bits, A, B, n, n' and n" being on-zero integers. For this function, the integer division circuit includes: a first n-bit register and a second n-bit register to contain the binary data element A and the result of the division, a third n-bit register to contain an intermediate result, a fourth n-bit register to contain the binary data element B, two subtraction circuits each having a first series input and a second series input and a series output, and a test circuit having an input and an output.

Abstract: A method and apparatus are disclosed for performing modular multiplication. Modular multiplication in accordance with the present invention includes precalculating a 2's complement of a given modulus and multiples of the 2's complement and calculating a total magnitude of end-around carries during the modular multiplication. The calculated multiples are selected depending on the total magnitude of the end-around carries, and the selected multiples are added. The disclosure includes array structures in accordance with the present invention. The invention includes an algorithm designed for Rivest-Shamir-Adelman (RSA) cryptography and based on the familiar iterative Homer's rule, but uses precalculated complements of the modulus. The problem of deciding which multiples of the modulus to subtract in intermediate iteration stages has been simplified using simple look-up of precalculated complement numbers, thus allowing a finer-grain pipeline.

Abstract: An MPEG-1 or an MPEG-2 motion compensation vector encoder circuit achieves smaller circuit area, and hence lower cost, by using circuitry, including ROMs, designed to implement residue arithmetic to calculate sum squared error in a parallel pipelined fashion. A residue-to-binary converter is implemented using distributed arithmetic and a reduction circuit that removes powers of two times the modulus M, both of which use carry save arithmetic operators. An improved ROM-accumulator, used in the residue-to-binary converter, is implemented using carry-save addition within the ROM-accumulator, and ripple-carry or carry-lookahead addition on the output of the ROM-accumulator.

Abstract: An elliptic curve encryption system represents coordinates of a point on the curve as a vector of binary digits in a normal basis representation in F.sub.2.spsb.m. A key is generated from multiple additions of one or more points in a finite field. Inverses of values are computed using a finite field multiplier and successive exponentiations. A key is represented as the coordinates of a point on the curve and key transfer may be accomplished with the transmission of only one coordinate and identifying information of the second. An encryption protocol using one of the coordinates and a further function of that coordinate is also described.

Abstract: A RSA encryption scheme includes a modulus in which at least one set of bits is of a predetermined configuration. The configuration may be selected to replicate the identity of the recipient or other information normally transmitted between the parties or may be information stored by the sender to allow only the balance of the modulus to be transmitted with the sender subsequently reconstructing the modulus.

Abstract: High-speed multiplication and exponentiation are performed by performing a modulus multiplication operation on received operands. A memory stores the operands and intermediate mathematical operation results of the modulus multiplication operation. A software-controllable, hardware state machine controls performance of the modulus multiplication operation according to a Montgomery multiplication algorithm.

Abstract: The public key encryption system of the present invention has short and easily created encryption keys and wherein the encoding and decoding processes are performed extremely rapidly, and has low memory requirements. The encoding and decoding processes use both the addition and multiplication operations in a ring modulo with two different ideals. The cryptosystem of the present invention allows encryption keys to be chosen essentially at random from a large set of binary vectors, for which key lengths are comparable to the key lengths of the most widely used prior art cryptosystems. The present invention features an appropriate security level (.about.2.sup.80), with encoding and decoding processes ranging from approximately one to two orders of magnitude faster than the prior art, particularly the exponentiation cryptosystems.

Abstract: An improved multiple modulus conversion (MMC) procedure is provided that employs an alternate scheme for obtaining the MMC outputs in response to a binary input of a number of bits. The alternate MMC procedure utilizes short-word division operations such that a practical digital processor may efficiently perform the required binary divisions. An exemplary short-word division process partitions the original long-word binary input into a plurality of short binary words, each having an equal number of bits. Individual short words or a combination of two short words are then divided by the appropriate modulus in a systematic manner to obtain the quotient and remainder associated with the particular division operation. The short-word divisions technique may be employed throughout the entire MMC procedure to suitably obtain the output values associated with each modulus.

Abstract: A systolic linear-array modular multiplier is provided, which can perform the modular multiplication algorithm of P. L. Montgomery more efficiently. The total execution time for n-bit modular multiplication is 2n+11 cycles. The modular multiplier includes a linear array of processing elements which is constructed based on a pipeline architecture that can reduce the computation procedure by one clock period. Each of the processing elements is simple in structure, which is composed of four full adders and fourteen flip-flops. For n-bit modular multiplication, a total number of 46n+184 gates is required, which is substantially less as compared to the prior art, so that manufacturing cost of the modular multiplier can be significantly reduced. These features make the modular multiplier suitable for use in VLSI implementation of modular exponentiation which is the kernel computation in many public-key cryptosystems, such as the RSA (Rivest-Shamir-Adleman) system. With the 0.8 .mu.

Abstract: An optimized approach for machine computation of exponential values or functions is disclosed. The determination of the exponential values is performed using a "Big Multiply" approach and a "Big Mod" approach which involve dynamically determining the maximum size of an intermediate value required to determine an encryption key and allocating memory sufficiently large to store the maximum size intermediate value so that no additional memory allocation operations are required during the determination of the encryption keys. In addition, iterative multiplication and shift operations are performed on portions of the intermediate value in a cascade fashion to prevent spilling of the intermediate value. In one context, the computation of the exponential values is used in generating a key for exchange in a public key cryptosystem, such as the Diffie-Hellman public key cryptosystem.

Abstract: A system and method for performing multiplication and modular reduction of large integers. The system includes at least one large integer unit, each large integer unit having a multiplier, an adder, and a register. First and second multiplier inputs are applied to the multiplier, and first and second adder inputs are applied to the adder. One output of the multiplier is also applied to the adder. A plurality of large integer units may be connected into a large integer unit array that includes a complementing gate and a latching register. A second output of the multiplier is applied to the first adder input of a next large integer unit, with processing speed increasing as additional large integer units are added to the array.

Abstract: Methods and apparatus for the processing of digital signals having high speed and low power dissipation. The apparatus uses Residue Number Systems (RNSs) to represent the signals and/or parameters, with each digit within an RNS system being encoded in a "one-hot" encoding scheme wherein each possible value of a digit has an associated single line, one and only one of which will be high at any one time. The combination of an RNS system with the one-hot scheme results in low signal activity and low loading of signal lines which in turn result in low power. Methods and apparatus for addition, subtraction, multiplication and other operations, and conversion from and to natural numbers. The speed advantage offered by other RNS-based architectures is retained.

Abstract: In a microcomputer incorporating a microprocessor, the coprocessor having product-sum operation arithmetic units executes residue multiplications given by "A=A.multidot.B.multidot.R.sup.-1 mod N+kN", "A=A.sup.2 .multidot.R.sup.-1 mod N+kN" and "A=A.multidot.R.sup.-1 mod N 30 kN" and is provided with a multiplication function of executing a preprocessing "R.sup.2 mod N" at high speed. It is possible to perform a power-residue operation "X.sup.Y mod N" at high speed by the microprocessor, using these calculation functions of the coprocessor.

Abstract: An apparatus for performing a modular multiplication, including a multiplicand register storing a multiplicand; a multiplier register storing a multiplier; a multiplier word counter counting the number of words of the multiplier register; a partial product calculator calculating a partial product for each word of an output of the multiplicand register and an output of the multiplier register; a first adder adding an output of the partial product calculator to an output of a left word shifter; a quotient estimation calculator estimating a quotient from an output of the first adder and an output of an N modular register; a multiplier multiplying an output of the 2N modular register from an output of the quotient estimation calculator; a multiplexer selecting one of an output of the multiplier and the output of the N modular register from an output of the multiplier word counter; a subtracter subtracting an output of the multiplexer from the output of the first adder; the left word shifter shifting an output of

Abstract: Disclosed is an integrated circuit device enabling the computation of multiplication of A by B, especially a computation of the P.sub.field (A,B).sub.N type as defined in the Montgomery method, using a subdivision into words of Bt bits to carry out the different computations. This device is improved by the addition of a register of m * Bt bits containing the totality of the data element A. The invention also relates to a device for the implementation of a modular P.sub.field (A,B).sub.N operation according to the Montgomery method using the improved device presented by the invention.

Abstract: Apparatus method for calculating the remainder of B.sup.C modulo n at high speed with minimum hardware resources, while securing the safety of the key in a cryptographic system. The apparatus comprises circuitry including registers for executing an initial and normal cycles, cumulating and storing the calculation result of each cycle and for outputting from a least significant bit. The initial cycle of the calculation includes a step of calculating a remainder of an m-bit input modulo n and a step of holding the result of the calculation. The normal cycle of the calculation includes a step of doubling the result of the calculation, and calculating a remainder of the doubled result of the calculation modulo n and a step of holding the next result of the calculation and for repeatedly executing the normal cycle m-2 times after the first normal cycle. The calculation result of each previous normal cycle is used in each successive normal cycle.