• Publications
  • Influence
Analyzing and comparing Montgomery multiplication algorithms
The operations involved in computing the Montgomery product are studied, several high-speed, space-efficient algorithms for computing MonPro(a, b), and their time and space requirements are described.
Montgomery Multiplication in GF(2k)
  • Ç. Koç, T. Acar
  • Computer Science, Mathematics
    Des. Codes Cryptogr.
  • 1 April 1998
We show that the multiplication operation c=a · b · r-1 in the field GF(2k can be implemented significantly faster in software than the standard multiplication, where r is a special fixed element of
A Scalable Architecture for Modular Multiplication Based on Montgomery's Algorithm
A word-based version of MM is presented and used to explain the main concepts in the hardware design and gives enough freedom to select the word size and the degree of parallelism to be used, according to the available area and/or desired performance.
Mastrovito Multiplier for All Trinomials
An architecture based on a new formulation of the multiplication matrix is described and it is shown that the Mastrovito multiplier for the generating trinomial x/sup m/+x/sup n/+1, where m/spl ne/2n, also requires m/sup 2/-1 XOR and m/Sup 2/ AND gates.
Predicting Secret Keys Via Branch Prediction
A new software side-channel attack enabled by the branch prediction capability common to all modern high-performance CPUs, which allows an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization.
A Scalable Architecture for Montgomery Multiplication
The general view of the new architecture is described, hardware organization for its parallel computation is analyzed, and design tradeoffs which are useful to identify the best hardware configuration are discussed.
On the power of simple branch prediction analysis
The successful extraction of almost all secret key bits by the SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless.
The Montgomery Modular Inverse-Revisited
A new definition of the Montgomery inverse is given, and efficient algorithms for computing the classical modular inverse, the Kaliski-Montgomery inverse, and the new Montgomery inverse are introduced.
An Efficient Optimal Normal Basis Type II Multiplier
This paper presents a new parallel multiplier for the Galois field GF(2/sup m/) whose elements are represented using the optimal normal basis of type II, and the time complexities of the proposed and the Massey-Omura multipliers are similar.
Cache Based Remote Timing Attack on the AES
A new robust cache-based timing attack on AES that can be used to obtain secret keys of remote cryptosystems if the server under attack runs on a multitasking or simultaneous multithreading system with a large enough workload.