• Publications
  • Influence
Montgomery exponentiation needs no final subtractions
Montgomery's modular multiplication algorithm is commonly used in implementations of the RSA cryptosystem. It has been observed that there is no need for extra cleaning up at the end of an
Sliding Windows Succumbs to Big Mac Attack
TLDR
An attack on an implementation of the RSA cryptosystem where digit-by-digit computations are performed sequentially on a single k-bit multiplier and information which leaks through differential power analysis (DPA) is described.
Distinguishing Exponent Digits by Observing Modular Subtractions
TLDR
It is shown that squarings and multiplications behave differently when averaged over a number of random observations, and if the modular multiplication algorithm cannot be made any safer, the exponent must be modified on every use.
Hardware Implementation of Montgomery's Modular Multiplication Algorithm
TLDR
Hardware is described for implementing the fast modular multiplication algorithm developed by P.L. Montgomery (1985), showing that this algorithm is up to twice as fast as the best currently available and is more suitable for alternative architectures.
Systolic Modular Multiplication
  • C. D. Walter
  • Computer Science, Mathematics
    IEEE Trans. Computers
  • 1 March 1993
TLDR
A systolic array for modular multiplication is presented using the ideally suited algorithm of P.L. Montgomery (1985), where its main use would be where many consecutive multiplications are done, as in RSA cryptosystems.
Simple Power Analysis of Unified Code for ECC Double and Add
TLDR
It is shown that SPA attacks may still be possible on selected single point multiplications if there is sufficient side channel leakage at lower levels, and Montgomery modular multiplication (MMM) is assumed to give such leakage, but other modular multipliers may be equally susceptible to attack.
Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli
  • C. D. Walter
  • Computer Science, Mathematics
    CT-RSA
  • 18 February 2002
An optimal upper bound for the number of iterations and precise bounds for the output are established for the version of Montgomery Modular Multiplication from which conditional statements have been
Breaking the Liardet-Smart Randomized Exponentiation Algorithm
  • C. D. Walter
  • Computer Science, Mathematics
    CARDIS
  • 21 November 2002
TLDR
It is shown that under certain apparently reasonable hypotheses about the countermeasures in place and the attacker's monitoring equipment, repeated use of the same secret key with the algorithm of Liardet and Smart is insecure against any side channel which leaks enough data to differentiate between the adds and doubles in a single scalar multiplication.
Still faster modular multiplication
By an appropriate choice of the modulus used in RSA cryptography, it is possible to simplify the hardware for performing the required modular multiplication steps, and thereby increase the speed of
...
...