The operations involved in computing the Montgomery product are studied, several high-speed, space-efficient algorithms for computing MonPro(a, b), and their time and space requirements are described.Expand

We show that the multiplication operation c=a · b · r-1 in the field GF(2k can be implemented significantly faster in software than the standard multiplication, where r is a special fixed element of… Expand

A word-based version of MM is presented and used to explain the main concepts in the hardware design and gives enough freedom to select the word size and the degree of parallelism to be used, according to the available area and/or desired performance.Expand

An architecture based on a new formulation of the multiplication matrix is described and it is shown that the Mastrovito multiplier for the generating trinomial x/sup m/+x/sup n/+1, where m/spl ne/2n, also requires m/sup 2/-1 XOR and m/Sup 2/ AND gates.Expand

A new software side-channel attack enabled by the branch prediction capability common to all modern high-performance CPUs, which allows an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization.Expand

The general view of the new architecture is described, hardware organization for its parallel computation is analyzed, and design tradeoffs which are useful to identify the best hardware configuration are discussed.Expand

The successful extraction of almost all secret key bits by the SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless.Expand

A new definition of the Montgomery inverse is given, and efficient algorithms for computing the classical modular inverse, the Kaliski-Montgomery inverse, and the new Montgomery inverse are introduced.Expand

This paper presents a new parallel multiplier for the Galois field GF(2/sup m/) whose elements are represented using the optimal normal basis of type II, and the time complexities of the proposed and the Massey-Omura multipliers are similar.Expand

A new robust cache-based timing attack on AES that can be used to obtain secret keys of remote cryptosystems if the server under attack runs on a multitasking or simultaneous multithreading system with a large enough workload.Expand