Fast Quantum Modular Exponentiation

We present a detailed analysis of the impact on modular exponentiation of architectural features and possible concurrent gate execution. Various arithmetic algorithms are evaluated for execution time, potential concurrency, and space tradeoffs. We find that, to exponentiate an n-bit number, for storage space 100n (twenty times the minimum 5n), we can execute modular exponentiation two hundred to seven hundred times faster than optimized versions of the basic algorithms, depending on architecture, for n=128. Addition on a neighbor-only architecture is limited to O(n) time when non-neighbor architectures can reach O(log n), demonstrating that physical characteristics of a computing device have an important impact on both real-world running time and asymptotic behavior. Our results will help guide experimental implementations of quantum algorithms and devices.Comment: to appear in PRA 71(5); RevTeX, 12 pages, 12 figures; v2 revision is substantial, with new algorithmic variants, much shorter and clearer text, and revised equation formattin

Adder Based Residue to Binary Number Converters for (2n - 1; 2n; 2n + 1)

Copyright © 2002 IEEEBased on an algorithm derived from the new Chinese remainder theorem I, we present three new residue-to-binary converters for the residue number system (2n-1, 2n, 2n+1) designed using 2n-bit or n-bit adders with improvements on speed, area, or dynamic range compared with various previous converters. The 2n-bit adder based converter is faster and requires about half the hardware required by previous methods. For n-bit adder-based implementations, one new converter is twice as fast as the previous method using a similar amount of hardware, whereas another new converter achieves improvement in either speed, area, or dynamic range compared with previous convertersYuke Wang, Xiaoyu Song, Mostapha Aboulhamid and Hong She

Efficient Unified Arithmetic for Hardware Cryptography

The basic arithmetic operations (i.e. addition, multiplication, and inversion) in finite fields, GF(q), where q = pk and p is a prime integer, have several applications in cryptography, such as RSA algorithm, Diffie-Hellman key exchange algorithm [1], the US federal Digital Signature Standard [2], elliptic curve cryptography [3, 4], and also recently identity based cryptography [5, 6]. Most popular finite fields that are heavily used in cryptographic applications due to elliptic curve based schemes are prime fields GF(p) and binary extension fields GF(2n). Recently, identity based cryptography based on pairing operations defined over elliptic curve points has stimulated a significant level of interest in the arithmetic of ternary extension fields, GF(3^n)

An algorithmic and architectural study on Montgomery exponentiation in RNS

The modular exponentiation on large numbers is computationally intensive. An effective way for performing this operation consists in using Montgomery exponentiation in the Residue Number System (RNS). This paper presents an algorithmic and architectural study of such exponentiation approach. From the algorithmic point of view, new and state-of-the-art opportunities that come from the reorganization of operations and precomputations are considered. From the architectural perspective, the design opportunities offered by well-known computer arithmetic techniques are studied, with the aim of developing an efficient arithmetic cell architecture. Furthermore, since the use of efficient RNS bases with a low Hamming weight are being considered with ever more interest, four additional cell architectures specifically tailored to these bases are developed and the tradeoff between benefits and drawbacks is carefully explored. An overall comparison among all the considered algorithmic approaches and cell architectures is presented, with the aim of providing the reader with an extensive overview of the Montgomery exponentiation opportunities in RNS

Realizing arbitrary-precision modular multiplication with a fixed-precision multiplier datapath

Within the context of cryptographic hardware, the term scalability refers to the ability to process operands of any size, regardless of the precision of the underlying data path or registers. In this paper we present a simple yet effective technique for increasing the scalability of a fixed-precision Montgomery multiplier. Our idea is to extend the datapath of a Montgomery multiplier in such a way that it can also perform an ordinary multiplication of two n-bit operands (without modular reduction), yielding a 2n-bit result. This conventional (nxn->2n)-bit multiplication is then used as a “sub-routine” to realize arbitrary-precision Montgomery multiplication according to standard software algorithms such as Coarsely Integrated Operand Scanning (CIOS). We show that performing a 2n-bit modular multiplication on an n-bit multiplier can be done in 5n clock cycles, whereby we assume that the n-bit modular multiplication takes n cycles. Extending a Montgomery multiplier for this extra functionality requires just some minor modifications of the datapath and entails a slight increase in silicon area

Sign Detection and Signed Integer Comparison for the 3-Moduli Set {2^n±1,2^(n+k)}

Comparison, division and sign detection are considered complicated operations in residue number system (RNS). A straightforward solution is to convert RNS numbers into binary formats and then perform complicated operations using conventional binary operators. If efficient circuits are provided for comparison, division and sign detection, the application of RNS can be extended to the cases including these operations.For RNS comparison in the 3-moduli set , we have only found one hardware realization. In this paper, an efficient RNS comparator is proposed for the moduli set  which employs sign detection method and operates more efficient than its counterparts. The proposed sign detector and comparator utilize dynamic range partitioning (DRP), which has been recently presented for unsigned RNS comparison. Delay and cost of the proposed comparator are lower than the previous works and makes it appropriate for RNS applications with limited delay and cost

Design of reverse converters for the multi-moduli residue number systems with moduli of forms 2a, 2b - 1, 2c + 1

Residue number system (RNS) is a non-weighted integer number representation system that is capable of supporting parallel, carry-free and high speed arithmetic. This system is error-resilient and facilitates error detection, error correction and fault tolerance in digital systems. It finds applications in Digital Signal Processing (DSP) intensive computations like digital filtering, convolution, correlation, Discrete Fourier Transform, Fast Fourier Transform, etc. The basis for an RNS system is a moduli set consisting of relatively prime integers. Proper selection of this moduli set plays a significant role in RNS design because the speed of internal RNS arithmetic circuits as well as the speed and complexity of the residue to binary converter (R/B or Reverse Converter) have a large dependency on the form and number of the selected moduli. Moduli of forms 2a, 2b- 1, 2c + 1 (a, b and c are natural numbers) have the most use in RNS moduli sets as these moduli can be efficiently implemented using usual binary hardware that lead to simple design. Another important consideration for the reverse converter design is the selection of an appropriate conversion algorithm from Chinese Remainder Theorem (CRT), Mixed Radix Conversion (MRC) and the new Chinese Remainder Theorems (New CRT I and New CRT II). This research is focused on designing reverse converters for the multi-moduli RNS sets especially four and five moduli sets with moduli of forms 2a, 2b- 1, 2c + 1 . The residue to binary converters are designed by applying the above conversion algorithms in different possible ways and facilitating the use of modulo (2k) and modulo (2k – 1) adders that lead to simple design of adder based architectures and VLSI efficient implementations (k is a natural number). The area and delay of the proposed converters is analyzed and an efficient reverse converter is suggested from each of the various four and five moduli set converters for a given dynamic range