95 results about "Montgomery reduction" patented technology

A multi-word arithmetic device, capable of executing a variety of types of multi-word arithmetic required for elliptic curve cryptology, includes the following. A memory 40, formed from two dual-port memories 41 and 42, temporarily stores n-word integers on which calculation is performed, and a calculation result. An arithmetic unit 20 executes two or more types of calculation, including addition and multiplication, on each word, and outputs a one-word result. A memory input/output unit 30 supplies a maximum of three pieces of one-word data from the memory 40 to the arithmetic unit 20, while simultaneously storing a one-word calculation result from the arithmetic unit 20 in the memory 40. A control unit 10 controls the arithmetic unit 20 and the memory input/output unit 30 so as to have the arithmetic unit execute one of modular addition and Montgomery reduction on n words.

The invention relates to an extended high base Montgomery analog multiplying algorithm and the circuit structure in the field of integrated circuit technology. It improves multiply characters high base Montgomery analog multiplying algorithm, wherein each step dose left shift operation to the batch N and the multiplicand B but not to the result S so that the delay between the two data path lines can de reduced from two clock weeks to one clock week. The circuit structure comprises: three storages used to store A, B and N operation numbers, a line type data path module which is formed by first stage to p stage processing units, a control module used to control the entire analog multiplier computing course and first-in first-out storage.

Scalable Montgomery multiplication methods and apparatus are provided that are reconfigurable to perform Montgomery multiplication on operands having arbitrary data precision. The methods perform Montgomery multiplication by combining bit-wise and word-wise operations and exhibit pipelined and parallel operation. Apparatus include a control unit that directs bits of an operand to processing elements that receive words of a second operand and a modulus, and produce intermediate values of a Montgomery product. After an intermediate value of a word of a Montgomery product is obtained in a first processing element based on a selected bit of the first operand, the intermediate value is directed to a second processing element and is updated based on another selected bit of the first operand.

According to an aspect of the invention, Montgomery arithmetic can be achieved while omitting division in an input stage. That is, the aspect of the invention is configured to obtain a Montgomery transform result m′ (=mR mod p) of n-bit from an input m of 2n-bit without using the division, with using Montgomery reduction and Montgomery multiplication instead of conventional mod arithmetic and the Montgomery transform. Accordingly, Montgomery arithmetic can be achieved while omitting the division in the input stage.

An extension of the serial/parallel Montgomery modular multiplication method with simultaneous reduction as previously implemented by the applicants, adapted innovatively to perform both in the prime number and in the GF(2^q) polynomial based number field, in such a way as to simplify the flow of operands, by performing a multiple anticipatory function to enhance the previous modular multiplication procedures.

The invention discloses an optimized Montgomery modular multiplication method, an optimized modular square method and optimized modular multiplication hardware. The optimization is carried out based on an original FIOS (Finely integrated operand scanning) algorithm. The optimized modular multiplication hardware mainly comprises three single-port SRAMs, a double-port SRAM, a 32-bit multiplier, a 34-bit adder, a 4-2 compressor, a 64-bit register and six 32-bit registers. According to the optimized Montgomery modular multiplication method, the optimized modular square method and the optimized modular multiplication hardware, a high-radix modular multiplier of a two-stage parallel assembly line is adopted, the AB operation is completed through a first-stage 32-bit multiplier, the T+AB+C operation is completed through a second-stage adder, the 32-2048-bit modular multiplication operation is achieved, the area of a chip is reduced, and the modular multiplication operation performance is improved.

The invention discloses an RSA key pair fast generation system and an RSA key pair fast generation method. The system comprises a CPU core, a cipher coprocessor, a prime number generator, and a memory. The prime number generator is used for filtering composite numbers, is implemented in hardware form, supports 256-bit, 512-bit, 1024-bit, 2048-bit and 4096-bit composite number filtering, and completes modular redundancy, calculation and identification table setting. According to the RSA key pair fast generation method, in order to realize fast key pair retrieving, filtering and judging in an asymmetric algorithm, a hardware-based composite number filtering scheme is adopted, optimized modular exponentiation and improved Montgomery modular multiplication are employed, and the existing prime number decision algorithm is optimized. Thus, efficient prime number screening is realized, the key pair generation speed is increased, and the problem that the generation of an RSA key pair takes long in the existing encryption and decryption technology is solved.

The invention discloses a pipelined Montgomery modular multiplication operation method and a pipelined Montgomery modular multiplication operation device, relates to the technical field of data cryptography algorithms, adopts a pipelined mode to improve Montgomery modular multiplication algorithm performance, increases throughput of a single Montgomery modular multiplier, and consumes less hardware resources and area than a traditional method using a plurality of Montgomery modular multipliers under the condition of the same throughput. Therefore, the modular multiplication number in unit timeis increased by dozens of times, and the Montgomery modular multiplier has higher performance/resource ratio than a non-pipelined Montgomery modular multiplier. Meanwhile, the asymmetric key algorithm hardware using the pipelined Montgomery modular multiplier can achieve higher performance with fewer hardware resources, and the throughput of Montgomery modular multiplication operation of any length is improved.

A cryptographic processing device, comprising: a storage unit; initial setting unit for setting a value to be stored in the storage unit; Montgomery modular multiplication operation unit for performing a Montgomery modular multiplication operation plural times for a value set by the initial setting unit; and fault attack detection unit for determining whether or not a fault attack occurred for each of at least some parts of the Montgomery modular multiplication operations performed plural times.

The invention provides an elliptic curve cryptographic coprocessor, comprising an arithmetic controller, an arithmetic device, a parameter register and a RAM (Random-Access Memory), wherein the arithmetic controller is respectively in electrical connection with the arithmetic device, the parameter register and the RAM, and is used for elliptic curve point multiplication and generating a control signal for the arithmetic device to finish modular addition and modular multiplication on a base field; the arithmetic device is respectively in electrical connection with the parameter register and the RAM, and is used for modular addition and modular multiplication on the base field; the parameter register is used for storing parameters of an elliptic curve equation and pre-computing the parameters; and the RAM is used for receiving the data transmitted from the outside and storing the computation result, and exchanging data with the outside. The elliptic curve cryptographic coprocessor has simple interface manners; the computation speed is increased greatly by means of a state machine; the elliptic curve point multiplication process is optimized, intermediate variables are reduced, and consequently, the number of registers is reduced; and a modular addition and modular multiplication circuit on the base field is reused to the greatest extent, so that the circuit area is reduced.

The invention relates to the technical field of information safety, in particular to a low-energy-consumption small-area data processing method and a data processing device of the method. The low-energy-consumption small-area data processing method comprises the steps that large integers, the word length s of the large integers and constants are respectively stored; a control module receives external control commands, the external control commands are forwarded to a finite state machine module to be processed, then control signals are output, and Montgomery modular multiplication is carried out through an arithmetic logic module according to the control signals; HW=HW+d, X (s-1)=HW (omega-1:0) and HW=HW>=omega are calculated in each circulation of the Montgomery modular multiplication so that HW can be updated; multiply-add operation (d, ei)=a*bi+ci+d in the Montgomery modular multiplication is calculated through the arithmetic logic module; the operation result is stored. Due to the fact that omega+1 temporary variables HW are introduced in to reduce the circulation frequency in the process of achieving a Montgomery modular multiplication algorithm, the number of clock periods is reduced, energy consumption is lowered, and the method and device are very suitable for application of an intelligent card.

The invention provides a data processing method and a modular multiplication operation method and an apparatus based on the Montgomery modular-multiplication. The data processing method based on the Montgomery modular-multiplication comprises the steps of using the following steps to calculate a first value S2: acquiring an initial value s10 of a first memory, wherein the initial value s10 is an n-digit number, the digit n plus n-c is 0, the digit n-c is 1; the calculation is made to let s10 be subtracted by a modular number N, and the result is made to be added by 1 to get a result s11, which is written in the first memory; n-c times of modular addition is made to the s11 in the first memory to get a calculated result s1n-c+1; the calculated result s1n-c+1 takes a modular from N, the result s1 is written in the first memory, the Montgomery modular multiplier is called to implement n-1 times of modular multiplication to the initial value of a second memory, the result R2mod N of the n-1th time of modular multiplication is treated as a first value s2 to be exported. The data processing method and the modular multiplication operation method based on Montgomery modular-multiplication can be used for reducing the calculation amount of the Montgomery modular multiplier calculation, and enhance the calculation efficiency.

The invention provides a method and a device for processing data on the basis of Montgomery modular multiplication. The method includes respectively acquiring bit lengths a of first numbers A in first storages and bit lengths b of second numbers B in second storages; determining module numbers N according to the bit lengths a and b and writing the module numbers N into first arithmetic registers; calling Montgomery modular multipliers to execute modular multiplication on values of the first storages and values of the second storages; outputting products of the first numbers A and the second numbers B. Bit lengths n of the module numbers N are larger than or equal to the sums of the bit lengths a and b. Module numbers of modular multiplication are values of the first arithmetic registers. The products of the first numbers A and the second numbers B are results of modular multiplication. The method and the device have the advantage that the encryption processing efficiency can be improved by the aid of the method and the device.

A method for calculating a conversion parameter of the Montgomery modular multiplication to improve the efficiency of software installation, comprising a first step for calculating H₀=2^v×R (mod n) (where v is an integer, v≧1, and (m×k)/v is an integer), a second step for calculating H_p=2^{v×2<?img id="custom-character-00001" he="3.13mm" wi="2.12mm" file="US20060235921A1-20061019-P00900.TIF" alt="custom character" img-content="character" img-format="tif" ?>p}×R (mod n) from H₀=2^v×R (mod n) by repeating H_i=REDC(H_i-1, H_i-1)_n with respect to i=1, 2, . . . , p (where p represents an integer satisfying the condition 2^p≧(m×k)/v>2^p−1, REDC represents the Montgomery modular multiplication REDC(a, b)_n=a×b×R⁻¹ (mod n), and xˆi represents exponential computation xⁱ); and a third step for calculating H_p=R² (mod n) by calculating H_p=REDC(H_p, g)_n with respect to H_p obtained in the second step when 2^p>(m×k)/v (where g=2^k×E(p,m,k), E(p, m, k)=2×m−(v×2^p)/k) and finally outputting H_p as R² (mod n).

The invention provides an embedded security chip and a Montgomery modular multiplication operational method thereof. The operational method comprises the steps that two first preset parameters and two second preset parameters are obtained, and the first preset parameters are constant one; according to the two first preset parameters and a Montgomery modular multiplication function, a first operation result A is obtained; according to the first operation result A, the first preset parameters, the second preset parameters and a power calculation function, a second operation result B is obtained; according to the first operation result A, the second operation result B and the Montgomery modular multiplication function, a Montgomery modular multiplication conversion coefficient D is obtained; according to a first input parameter NA, a second input parameter NB, the Montgomery modular multiplication conversion coefficient and the Montgomery modular multiplication conversion coefficient, the final modular multiplication result is obtained. According to the Montgomery modular multiplication operational method, a calculation conversion coefficient of a large module power mode can be avoided, the coefficient does not need to be calculated in advance, and the storage space can be saved.