This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Exponentiation Using Division Chains
July 1998 (vol. 47 no. 7)
pp. 757-765

Abstract—Exponentiation may be performed faster than the traditional square and multiply method by iteratively reducing the exponent modulo numbers which, as exponents themselves, require few multiplications. This mainly includes those with few nonzero bits. For a suitable choice of such divisors, the resulting mixed basis representation of the exponent reduces the expected number of nonsquaring multiplications by over half at the cost of a single extra register. Preprocessing effort depends entirely on the exponent and can be kept down to the work saved in a single exponentiation. Moreover, no precomputed look-up tables are required, so the method is especially applicable where space is at a premium. In particular, it outperforms the instance of the m-ary method which uses the same space. However, for 512-bit exponents, it beats every instance of the m-ary method, achieving well under 635 multiplications on average. Both hardware and software implementations of the RSA crypto-system can benefit from this algorithm.

[1] I.E. Bocharova and B.D. Kudryashov, "Fast Exponentiation in Cryptography," Lecture Notes in Computer Science, vol. 948, pp. 146-157. Springer-Verlag, 1995.
[2] J. Bos and M. Coster, "Addition Chain Heuristics," Proc. Crypto '89, Lecture Notes in Computer Science, vol. 435, pp. 400-407. Springer-Verlag, 1990.
[3] E.F. Brickell, D.M. Gordon, K.S. McCurley, and D.B. Wilson, "Fast Exponentiation with Precomputation," Proc. Eurocrypt '92, Lecture Notes in Computer Science, vol. 658, pp. 200-207. Springer-Verlag, 1993.
[4] C.-Y. Chen, C.-C. Chang, and W.-P. Yang, “Hybrid Method for Modular Exponentiation with Precomputations,” IEE Electronics Letters, vol. 32, no. 6, pp. 540-541, 1996.
[5] L.S. Danilchenko, "Efficient Algorithms for Remainder Computation and Exponentiation of Long Numbers," Cybernetics and Systems Analysis, vol. 32, no. 3, pp. 437-441, 1996.
[6] V. Dimitrov and T. Cooklev, "Two Algorithms for Modular Exponentiation Using Non-Standard Arithmetics," IEICE Trans. Fundamentals of Electronics, Comm., and Computer Sciences, vol. E78-A, no. 1, pp. 82-87, Jan. 1995.
[7] V.S. Dimitrov, G.A. Jullien, and W.C. Miller, "Theory and Applications for a Double-Base Number System," Proc. 13th IEEE Symp. Computer Arithmetic, pp. 44-51,Monterey, Calif.,6-9 July 1997.
[8] P. Downey, B. Leong, and R. Sethi, "Computing Sequences with Addition Chains," SIAM J. Computing, vol. 10, no. 3, pp. 638-646, 1981.
[9] Ö. Egecioglu and Ç. K. Koç, "Fast Modular Exponentiation," Comm., Contro,l and Signal Processing, E. Arikan, ed., pp. 188-194. Elsevier Science, 1990.
[10] Ö. Egecioglu and Ç. K. Koç, "Exponentiation Using Canonical Recoding," Theoretical Computer Science, vol. 129, no. 2, pp. 407-417, 1994.
[11] P. Erdös, "Remarks on Number Theory III: On Addition Chains," Acta Arithmetica, vol. 6, pp. 77-81, 1960.
[12] L.-C.-K. Hui and K.-Y. Lam, Fast Square-and-Multiply Exponentiation for RSA Electronics Letters, vol. 30, no. 17, pp. 1396-1397, 1994.
[13] S. Kawamura, K. Takabayashi, and A. Shimbo, "A Fast Modular Exponentiation Algorithm," IEICE Trans. Comm., Electronics, Information, and Systems, vol. E-74, no. 8, pp. 2,136-2,142, Aug. 1991.
[14] D. Knuth, The Art of Computer Programming, Vol. 2, Addison-Wesley, Reading, Mass., 1998.
[15] Ç.K. Koç, "High Radix and Bit Recoding Techniques for Modular Exponentiation," Int'l J. Computer Mathematics, vol. 40, nos. 3-4, pp. 139-156, 1991.
[16] Ç.K. Koç, "Analysis of Sliding Window Techniques for Exponentiation," Computers&Mathematics with Applications, vol. 30, no. 10, pp. 17-24, 1995.
[17] D.C. Lou and C.C. Chang, "Fast Exponentiation Method Obtained by Folding the Exponent in Half," Electronics Letters, vol. 32, no. 11, pp. 984-985, 1996.
[18] J. Olivos, "On Vectorial Addition Chains," J. Algorithms, vol. 2, no. 1, pp. 13-21, 1981.
[19] P. de Rooij, "Efficient Exponentiation using Precomputation and Vector Addition Chains," Proc. Eurocrypt '94, Lecture Notes in Computer Science, vol. 950, pp. 389-399. Springer-Verlag, 1995.
[20] Y. Tsuruoka and K. Koyama, "Fast Exponentiation Algorithms Based on Batch-Processing and Precomputation," IEICE Trans. Fundamentals of Electronics, Comm., and Computer Sciences, vol. E80-A, no. 1, pp. 34-39, Jan. 1997.
[21] C.D. Walter, "Space/Time Trade-Offs for Higher Radix Modular Multiplication Using Repeated Addition," IEEE Trans. Computers, vol. 46, no. 2, pp. 139-141, Feb. 1997.
[22] Y. Yacobi, "Exponentiating Faster with Addition Chains," Advances in Cryptology—Eurocrypt '90, Lecture Notes in Computer Science, vol. 473, pp. 222-229. Springer-Verlag, 1991.
[23] A. Yao, "On the Evaluation of Powers," SIAM J. Computing, vol. 5, pp. 100-103, 1976.
[24] S.M. Yen, "Improved Common-Multiplicand Multiplication and Fast Exponentiation by Exponent Decomposition," IEICE Trans. Fundamentals of Electronics Comm. and Computer Sciences, vol. E80-A, no. 6, pp. 1,160-1,163, 1997.
[25] S.M. Yen and C.-S. Laih, "Common-Multiplicand Multiplication and its Applications to Public Key Cryptography," Electronics Letters, vol. 29, no. 17, pp. 1,583-1,584, 1993.
[26] C.N. Zhang, H.L. Martin, and D.Y.Y. Yun, "Parallel Algorithms and Systolic Array Designs for RSA Cryptosystem," Proc. Int'l Conf. Systolic Arrays, K. Bromley, S.Y. Kung, and E. Swartzlander, eds., pp. 341-350,San Diego, Calif.,25-27 May 1988.

Index Terms:
Modular exponentiation, bit recoding, RSA cryptosystem, addition chains, m-ary method, mixed basis arithmetic, radix representation.
Citation:
Colin D. Walter, "Exponentiation Using Division Chains," IEEE Transactions on Computers, vol. 47, no. 7, pp. 757-765, July 1998, doi:10.1109/12.709375
Usage of this product signifies your acceptance of the Terms of Use.