This Article 
 Bibliographic References 
 Add to: 
A Carry-Free Architecture for Montgomery Inversion
December 2005 (vol. 54 no. 12)
pp. 1508-1519
A new carry-free Montgomery inversion algorithm which is suitable for hardware implementation is presented. The algorithm utilizes a new redundant sign digit (RSD) representation and arithmetic to avoid carry propagation in addition and subtraction, which are the atomic operations in the Montgomery inversion algorithm. The proposed algorithm is described in such a way that its hardware realization is straightforward. The algorithm enables very fast computation of multiplicative inversion in GF(p), which is the most time-consuming operation in elliptic and hyperelliptic curve cryptography. Complexity analysis and a gate level implementation of the algorithm reveal that the proposed algorithm provides a speedup of at least 1.95 over the original Montgomery inversion algorithm.

[1] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Computation, vol. 48, no. 177, pp. 203-209, Jan. 1987.
[2] A.J. Menezes, Elliptic Curve Public Key Cryptosystems. Boston: Kluwer Academic, 1993.
[3] B.S. Kaliski Jr., “The Montgomery Inverse and Its Applications,” IEEE Trans. Computers, vol. 44, no. 8, pp. 1064-1065, Aug. 1995.
[4] T. Kobayashi and H. Morita, “Fast Modular Inversion Algorithm to Match Any Operand Unit,” IEICE Trans. Fundamentals, vol. E82-A(5), pp. 733-740, May 1999.
[5] E. Savaş and Ç.K. Koç, “The Montgomery Modular Inverse— Revisited,” IEEE Trans. Computers, vol. 49, no. 7, pp. 763-766, July 2000.
[6] R. Lórencz, “New Algorithm for Classical Modular Inverse,” Cryptographic Hardware and Embedded Systems, B.S. Kaliski Jr., Ç.K. Koç, and C. Paar, eds., pp. 57-70, Berlin: Springer-Verlag, 2002.
[7] A.A.-A. Gutub, A.F. Tenca, E. Savaş, and Ç.K. Koç, “Scalable and Unified Hardware to Compute Montgomery Inverse in ${GF}(p)$ and $GF(2^n)$ ,” Cryptographic Hardware and Embedded Systems, B.S. Kaliski Jr., Ç.K. Koç, and C. Paar, eds., pp. 57-70, Berlin: Springer-Verlag, 2002.
[8] M.A. Hasan, “Efficient Computation of Multiplicative Inverses for Cryptographic Applications,” Proc. 15th IEEE Symp. Computer Arithmetic, 2001.
[9] J. Lutz, “High Performance Elliptic Curve Cryptographic Co-Processor,” master's thesis, Univ. of Waterloo, 2003.
[10] D.E. Knuth, The Art of Computer Programming, vol. 2, second ed. Reading, Mass.: Addison-Wesley, 1981.
[11] B. Parhami, Computer Arithmetic: Algorithms and Hardware Designs. Oxford Univ. Press, 2000.
[12] N. Takagi, “A Modular Inversion Hardware Algorithm with a Redundant Binary Representation,” IEICE Trans. Information and Systems, vol. E76-D(8), pp. 863-869, Aug. 1993.
[13] E. Savaş, “A Carry-Free Montgomery Inversion Algorithm,” Embedded Cryptographic Hardware: Methodologies and Architectures, N. Nedjah and L. de M. Mourelle, eds., Nova Science Publishers, 2004.
[14] IEEE, “P1363: Standard Specifications for Public-Key Cryptography,” 2000.
[15] A. Avizienis, “Signed-Digit Number Representation for Fast Parallel Arithmetic,” IRE Trans. Electronic Computers, vol. 10, pp. 389-400, Sept. 1961.
[16] A. Vandemeulebroecke, E. Vanzieleghem, T. Denayer, and P.G.A. Jespers, “A New Carry-Free Division Algorithm and its Application to a Single-Chip 1024-b RSA Processor,” IEEE J. Solid-State Circuits, vol. 25, no. 3, pp. 748-755, June 1990.
[17] Austrian Mikro Systeme 0.35µm CMOS process family, cmos.htm, 2004.
[18] R.P. Brent and H.T. Kung, “A Regular Layout for Parallel Adders,” IEEE Trans. Computers, vol. 31, pp. 260-264, 1982.

Index Terms:
Index Terms- Montgomery inversion, redundant signed representation, elliptic curve cryptography.
Erkay Savas, "A Carry-Free Architecture for Montgomery Inversion," IEEE Transactions on Computers, vol. 54, no. 12, pp. 1508-1519, Dec. 2005, doi:10.1109/TC.2005.188
Usage of this product signifies your acceptance of the Terms of Use.