Your search keyword '"Modular exponentiation"' showing total 9 results

1. Design and implementation of a novel cryptographically secure pseudorandom number generator.

Author

Di Mauro, Juan, Salazar, Eduardo, and Scolnik, Hugo D.

Abstract

The aim of this paper is to present a new design for a pseudorandom number generator (PRNG) that is cryptographically secure, passes all of the usual statistical tests referenced in the literature and hence generates high-quality random sequences, that is compact and easy to implement in practice, of portable design and offering reasonable execution times. Our procedure achieves those objectives through the use of a sequence of modular exponentiations followed by the application of Feistel-like boxes that mix up bits using a nonlinear function. The results of extensive statistical tests on sequences of about 2 40 bits in size generated by our algorithm are also presented. [ABSTRACT FROM AUTHOR]

Published

2022

2. Efficient Fixed-base exponentiation and scalar multiplication based on a multiplicative splitting exponent recoding.

Author

Robert, Jean-Marc, Negre, Christophe, and Plantard, Thomas

Abstract

Digital signature algorithm (DSA) (resp. ECDSA) involves modular exponentiation (resp. scalar multiplication) of a public and known base by a random one-time exponent. In order to speed up this operation, well-known methods take advantage of the memorization of base powers (resp. base multiples). Best approaches are the Fixed-base radix-R method and the Fixed-base Comb method. In this paper, we present a new approach for storage/online computation trade-off, by using a multiplicative splitting of the digits of the exponent radix-R representation. We adapt classical algorithms for modular exponentiation and scalar multiplication in order to take advantage of the proposed exponent recoding. An analysis of the complexity for practical size shows that our proposed approach involves a lower storage for a given level of online computation. This is confirmed by implementation results showing significant memory saving, up to 3 times for the largest NIST standardized key sizes, compared to the state-of-the-art approaches. [ABSTRACT FROM AUTHOR]

Published

2019

3. Parallel modular multiplication using 512-bit advanced vector instructions

Author

Clifton R. Haider, Benjamin Buhrow, and Barry K. Gilbert

Subjects

Modular exponentiation, Xeon, Modular arithmetic, Computer Networks and Communications, Computer science, Karatsuba algorithm, Multiplication, Parallel computing, 512-bit, Throughput (business), Software, Xeon Phi

Abstract

Applications such as public-key cryptography are critically reliant on the speed of modular multiplication for their performance. This paper introduces a new block-based variant of Montgomery multiplication, the Block Product Scanning (BPS) method, which is particularly efficient using new 512-bit advanced vector instructions (AVX-512) on modern Intel processor families. Our parallel-multiplication approach also allows for squaring and sub-quadratic Karatsuba enhancements. We demonstrate $$1.9\,\times $$ 1.9 × improvement in decryption throughput in comparison with OpenSSL and $$1.5\,\times $$ 1.5 × improvement in modular exponentiation throughput compared to GMP-6.1.2 on an Intel Xeon CPU. In addition, we show $$1.4\,\times $$ 1.4 × improvement in decryption throughput in comparison with state-of-the-art vector implementations on many-core Knights Landing Xeon Phi hardware. Finally, we show how interleaving Chinese remainder theorem-based RSA calculations within our parallel BPS technique halves decryption latency while providing protection against fault-injection attacks.

Published

2021

4. Timing attacks and local timing attacks against Barrett’s modular multiplication algorithm

Author

Johannes Mittmann and Werner Schindler

Subjects

Modular exponentiation, Multiplication algorithm, Modular arithmetic, Computer Networks and Communications, business.industry, Computer science, Markov process, Cryptography, 02 engineering and technology, Modular design, 020202 computer hardware & architecture, symbols.namesake, Timing attack, 0202 electrical engineering, electronic engineering, information engineering, symbols, 020201 artificial intelligence & image processing, business, Algorithm, Software, Integer (computer science)

Abstract

Montgomery’s and Barrett’s modular multiplication algorithms are widely used in modular exponentiation algorithms, e.g. to compute RSA or ECC operations. While Montgomery’s multiplication algorithm has been studied extensively in the literature and many side-channel attacks have been detected, to our best knowledge no thorough analysis exists for Barrett’s multiplication algorithm. This article closes this gap. For both Montgomery’s and Barrett’s multiplication algorithm, differences of the execution times are caused by conditional integer subtractions, so-called extra reductions. Barrett’s multiplication algorithm allows even two extra reductions, and this feature increases the mathematical difficulties significantly. We formulate and analyse a two-dimensional Markov process, from which we deduce relevant stochastic properties of Barrett’s multiplication algorithm within modular exponentiation algorithms. This allows to transfer the timing attacks and local timing attacks (where a second side-channel attack exhibits the execution times of the particular modular squarings and multiplications) on Montgomery’s multiplication algorithm to attacks on Barrett’s algorithm. However, there are also differences. Barrett’s multiplication algorithm requires additional attack substeps, and the attack efficiency is much more sensitive to variations of the parameters. We treat timing attacks on RSA with CRT, on RSA without CRT, and on Diffie–Hellman, as well as local timing attacks against these algorithms in the presence of basis blinding. Experiments confirm our theoretical results.

Published

2021

5. Efficient software implementations of modular exponentiation.

Author

Gueron, Shay

Abstract

The significant cost of RSA computations affects the efficiency and responsiveness of SSL/TLS servers, and therefore software implementations of RSA are an important target for optimization. To this end, we study here efficient software implementations of modular exponentiation, which are also protected against software side channel analyses. We target superior performance for the ubiquitous ×86_64 architectures, used in most server platforms. The paper proposes optimizations in several directions: the Montgomery multiplications primitives, the w-ary modular exponentiation flow, and reduced cost of side channel mitigation. For a comparison baseline, we use the current OpenSSL version, 1.0.0e. Our implementation-called 'RSAZ'-is more than 1.6 times faster than OpenSSL for both 1,024 and 2,048-bit keys, on the previous generation 2010 Intel Core processors and on the 2nd generation Intel Core processors. The RSAZ code was contributed to OpenSSL as a patch, and improvements proposed in an earlier version of this paper have already been incorporated into the future OpenSSL version. [ABSTRACT FROM AUTHOR]

Published

2012

6. CacheBleed: a timing attack on OpenSSL constant-time RSA

Author

Daniel Genkin, Nadia Heninger, and Yuval Yarom

Subjects

Modular exponentiation, Xeon, Computer Networks and Communications, Computer science, business.industry, 020207 software engineering, Cryptography, 02 engineering and technology, Parallel computing, 020202 computer hardware & architecture, Microarchitecture, Public-key cryptography, Timing attack, 0202 electrical engineering, electronic engineering, information engineering, Cache, Side channel attack, business, Software

Abstract

The scatter-gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.

Published

2017

7. Multi-exponentiation algorithm based on binary GCD computation and its application to side-channel countermeasure

Author

Sung-Ming Yen, Chien-Ning Chen, SangJae Moon, and Temasek Laboratories

Subjects

Modular exponentiation, Science::Mathematics::Discrete mathematics::Algorithms [DRNTU], Binary GCD algorithm, Exponentiation, Computer Networks and Communications, Euclidean algorithm, Greatest common divisor, Side channel attack, Arithmetic, Base (exponentiation), Exponentiation by squaring, Algorithm, Software, Mathematics

Abstract

A series of algorithms for evaluation of multi-exponentiation are proposed based on the binary greatest common divisor algorithm. The proposed algorithms are inversion free and have the capability to evaluate double or multi-exponentiation with non-fixed base numbers and exponents. They can also be employed in developing side-channel countermeasures. For n-bit double and triple exponentiation, they achieve the average complexity of 1.53n and 1.75n multiplications (including squarings), respectively. The proposed algorithms can be very useful for the implementation of many public-key cryptosystems on small devices with limited memory space, e.g., smart cards.

Published

2012

8. Efficient software implementations of modular exponentiation

Author

Shay Gueron

Subjects

Modular exponentiation, Modular arithmetic, Computer Networks and Communications, business.industry, Computer science, Cryptography, Parallel computing, Software, Server, Code (cryptography), Side channel attack, business, Reduced cost

Abstract

The significant cost of RSA computations affects the efficiency and responsiveness of SSL/TLS servers, and therefore software implementations of RSA are an important target for optimization. To this end, we study here efficient software implementations of modular exponentiation, which are also protected against software side channel analyses. We target superior performance for the ubiquitous ×86_64 architectures, used in most server platforms. The paper proposes optimizations in several directions: the Montgomery multiplications primitives, the w-ary modular exponentiation flow, and reduced cost of side channel mitigation. For a comparison baseline, we use the current OpenSSL version, 1.0.0e. Our implementation—called “RSAZ”—is more than 1.6 times faster than OpenSSL for both 1,024 and 2,048-bit keys, on the previous generation 2010 Intel® Core™ processors and on the 2nd generation Intel® Core™ processors. The RSAZ code was contributed to OpenSSL as a patch, and improvements proposed in an earlier version of this paper have already been incorporated into the future OpenSSL version.

Published

2012

9. SPA-resistant binary exponentiation with optimal execution time

Author

Carlos Moreno and M. Anwar Hasan

Subjects

Modular exponentiation, Theoretical computer science, Computer Networks and Communications, business.industry, Cryptography, Public-key cryptography, Power analysis, Bit-length, Cryptosystem, Side channel attack, Arithmetic, business, Exponentiation by squaring, Software, Mathematics

Abstract

Straightforward implementations of binary exponentiation algorithms make the cryptographic system vulnerable to side-channel attacks; specifically, to simple power analysis (SPA) attacks. Solutions proposed so far introduce a considerable performance penalty. In this paper, we present a new method that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage—\({O(\sqrt{\ell})}\), where l is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. Furthermore, we show that for practical applications, the same optimal execution time can be achieved with much less storage space, without noticeably sacrificing security or any other aspect of the cryptosystem’s performance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against differential power analysis may be obtained.

Published

2011