This Article 
 Bibliographic References 
 Add to: 
An RNS Montgomery Modular Multiplication Algorithm
July 1998 (vol. 47 no. 7)
pp. 766-776

Abstract—We present a new RNS modular multiplication for very large operands. The algorithm is based on Montgomery's method adapted to mixed radix, and is performed using a Residue Number System. By choosing the moduli of the RNS system reasonably large and implementing the system on a ring of fairly simple processors, an effect corresponding to a redundant high-radix implementation is achieved. The algorithm can be implemented to run in ${\cal O}(n)$ time on ${\cal O}(n)$ processors, where n is the number of moduli in the RNS system, and the unit of time is a simple residue operation, possibly by table look-up. Two different implementations are proposed, one based on processors attached to a broadcast bus, another on an oriented ring structure.

[1] E.F. Brickell, "A Survey of Hardware Implementations of RSA," Advances in Cryptology—CRYPTO '89, G. Brassard, ed., pp. 368-370. Springer-Verlag, 1990.
[2] S.E. Eldridge and C.D. Walter, “Hardware Implementation of Montgomery's Modular Multiplication Algorithm,” IEEE Trans. Computers, vol. 42, no. 7, pp. 693-699, July 1993.
[3] A. Fiat and A. Shamir, "How to Prove Yourself: Practical Solutions to Identification and Signature Problems," Proc. Crypto 86, Lecture Notes in Computer Science 263, Advances in Cryptology, Springer-Verlag, New York, 1987, pp. 186-194.
[4] D. Gamberger, "Incompletely Specified Numbers in the Residue Number System—Definition and Applications," Proc. Ninth IEEE Symp. Computer Arithmetic, M.D. Ercegovac and E. Swartzlander, eds., pp. 210-215,Santa Monica, Calif., 1989.
[5] D. Knuth, The Art of Computer Programming, Vol. 2, Addison-Wesley, Reading, Mass., 1998.
[6] P. Kornerup, "High-Radix Modular Multiplication for Cryptosystems," Proc. 11th IEEE Symp. Computer Arithmetic, G. Jullien, M.J Irwin, and E. Swartzlander, eds., pp. 277-283,Windsor, Canada, 1993.
[7] P. Montgomery, "Modular Multiplication without Trial Division," Mathematics of Computation, vol. 44, no. 170, pp. 519-521, Apr. 1985.
[8] S. Micali and A. Shamir, "An Improvement of the Fiat-Shamir Identification and Signature Scheme," Advances in Cryptology—Proc. Crypto '88, pp. 244-247, 1988.
[9] H. Orup, “Simplifying Quotient Determination in High-Radix Modular Multiplication,” Proc. 12th Symp. Computer Arithmetic, pp. 193-199, 1995.
[10] R.L. Rivest,A. Shamir, and L.A. Adleman,"A Method for Obtaining Digital Signatures and Public Key Cryptosystems," Comm. ACM, vol. 21, pp. 120-126, 1978.
[11] A.P. Shenoy and R. Kumaresan, Fast Base Extension Using a Redundant Modulus in RNS IEEE Trans. Computers, vol. 38, no. 2, pp. 292-297, Feb. 1989.
[12] N. Szabo and R.I. Tanaka, Residue Arithmetic and Its Application to Computer Technology. McGraw-Hill, 1967.
[13] M. Shand and J. Vuillemin, “Fast Implementations of RSA Cryptography,” Proc. 11th IEEE Symp. Computer Arithmetic, pp. 252-259, 1993.
[14] N. Takagi, "Modular Multiplication Algorithm with Triangle Addition," Proc. 11th IEEE Symp. Computer Arithmetic, M.J. Irwin, E. Swartzlander, and G. Jullien, eds., pp. 272-276, 1993.
[15] F.J. Taylor, "Residue Arithmetic: A Tutorial with Examples," Computer, pp. 50-62, May 1984.
[16] C.D. Walter, “Systolic Modular Multiplier,” IEEE Trans. Computers, vol. 42, no. 3, pp. 376-378, Mar. 1993.

Index Terms:
Computer arithmetic, residue number system, modular multiplication, cryptography.
Jean-Claude Bajard, Laurent-Stéphane Didier, Peter Kornerup, "An RNS Montgomery Modular Multiplication Algorithm," IEEE Transactions on Computers, vol. 47, no. 7, pp. 766-776, July 1998, doi:10.1109/12.709376
Usage of this product signifies your acceptance of the Terms of Use.