This Article 
 Bibliographic References 
 Add to: 
High-Radix Montgomery Modular Exponentiation on Reconfigurable Hardware
July 2001 (vol. 50 no. 7)
pp. 759-764

Abstract—It is widely recognized that security issues will play a crucial role in the majority of future computer and communication systems. Central tools for achieving system security are cryptographic algorithms. This contribution proposes arithmetic architectures which are optimized for modern field programmable gate arrays (FPGAs). The proposed architectures perform modular exponentiation with very long integers. This operation is at the heart of many practical public-key algorithms such as RSA and discrete logarithm schemes. We combine a high-radix Montgomery modular multiplication algorithm with a new systolic array design. The designs are flexible, allowing any choice of operand and modulus. The new architecture also allows the use of high radices. Unlike previous approaches, we systematically implement and compare several variants of our new architecture for different bit lengths. We provide absolute area and timing measures for each architecture. The results allow conclusions about the feasibility and time-space trade-offs of our architecture for implementation on commercially available FPGAs. We found that 1,024-bit RSA decryption can be done in 3.1 ms with our fastest architecture.

[1] P. Montgomery, “Modular Multiplication without Trial Division,” Math. of Computation, vol. 44, pp. 519-521, Apr. 1985.
[2] J. Vuillemin, P. Bertin, D. Roncin, M. Shand, H. Touati, and P. Boucard, “Programmable Active Memories: Reconfigurable Systems Come of Age,” IEEE Trans. VLSI Systems, vol. 4, pp. 56-69, Mar. 1996.
[3] M. Shand and J. Vuillemin, “Fast Implementations of RSA Cryptography,” Proc. 11th IEEE Symp. Computer Arithmetic, pp. 252-259, 1993.
[4] S.E. Eldridge and C.D. Walter, “Hardware Implementation of Montgomery's Modular Multiplication Algorithm,” IEEE Trans. Computers, vol. 42, no. 7, pp. 693-699, July 1993.
[5] H. Orup, “Simplifying Quotient Determination in High-Radix Modular Multiplication,” Proc. 12th Symp. Computer Arithmetic, pp. 193-199, 1995.
[6] P. Kornerup, “A Systolic, Linear-Array Multiplier for a Class of Right-Shift Algorithms,” IEEE Trans. Computers, vol. 43, no. 8, pp. 892-898, Aug. 1994.
[7] C.K. Koc, T. Acar, and B. Kaliski, “Analyzing and Comparing Montgomery Multiplication Algorithms,” IEEE Micro, vol. 16, no. 3, pp. 26-33, June 1996.
[8] T. Blum and C. Paar, “Montgomery Modular Exponentiation on Reconfigurable Hardware,” Proc. 14th Symp. Computer Arithmetic, pp. 70-77, 1999.
[9] Xilinx, Inc., The Programmable Logic Data Book. 1996.
[10] T. Blum, “Modular Exponentiation on Reconfigurable Hardware,” master's thesis, Electrical and Computer Eng. Dept., Worcester Polytechnic Inst., May 1999.
[11] P. Alfke, “Xilinx M1 Timing Parameters,” electronic mail personal correspondence, Dec. 1999.
[12] R.L. Rivest,A. Shamir, and L.A. Adleman,"A Method for Obtaining Digital Signatures and Public Key Cryptosystems," Comm. ACM, vol. 21, pp. 120-126, 1978.
[13] D. Knuth, The Art of Computer Programming, Vol. 2, Addison-Wesley, Reading, Mass., 1998.
[14] J. Quisquater and C. Couvreur, “Fast Decipherment Algorithm for RSA Public-Key Cryptosystem,” Electronics Letters, vol. 18, pp. 905-907, Oct. 1982.
[15] E.D. Win, S. Mister, B. Preneel, and M. Wiener, “On the Performance of Signature Schemes Based on Elliptic Curves,” Proc. Algorithmic Number Theory Symp. III, pp. 252-266, 1998.

Index Terms:
Montgomery, modular arithmetic, FPGA, exponentiation, RSA, systolic array.
Thomas Blum, Christof Paar, "High-Radix Montgomery Modular Exponentiation on Reconfigurable Hardware," IEEE Transactions on Computers, vol. 50, no. 7, pp. 759-764, July 2001, doi:10.1109/12.936241
Usage of this product signifies your acceptance of the Terms of Use.