Montgomery exponentiation needs no final subtractions

  title={Montgomery exponentiation needs no final subtractions},
  author={Colin D. Walter},
  journal={Electronics Letters},
  • C. D. Walter
  • Published 14 October 1999
  • Mathematics, Computer Science
  • Electronics Letters
Montgomery's modular multiplication algorithm is commonly used in implementations of the RSA cryptosystem. It has been observed that there is no need for extra cleaning up at the end of an exponentiation if the method is correctly set up. 
Montgomery Exponentiation with no Final Subtractions: Improved Results
This paper proposes an improved (faster) version of the Montgomery multiplication and provides figures about the overhead of these versions relatively to a speed optimised version (theoretically and experimentally).
Early-word-based montgomery modular multiplication algorithm
  • Rupali Verma, M. Dutta, R. Vig
  • Computer Science
    2015 2nd International Conference on Signal Processing and Integrated Networks (SPIN)
  • 2015
Compute early word based scalable Montgomery architecture is presented, which computes the most significant bit of word by applying 2 XOR operations.
Distinguishing Multiplications from Squaring Operations
A new approach to attacking a modular exponentiation and scalar multiplication based by distinguishing multiplications from squaring operations using the instantaneous power consumption is presented.
Fast Montgomery modular multiplication by pipelined CSA architecture
This paper uses carry save adder (CSA) architecture and shows that this architecture has greater performance for FPGA design than other architectures, appropriate for RSA processors based on FPGAs.
A new RSA encryption architecture and hardware implementation based on optimized Montgomery multiplication
A systolic, scalable, redundant carry-save modular multiplier and an RSA encryption architecture are proposed using the Montgomery modular multiplication algorithm, completely avoiding the transformations from redundant to non-redundant numbers at the intermediate stages of the architectures.
Montgomery Multiplication with Redundancy Check
It is shown that the proposed method of adding redundant code to the Montgomery multiplication algorithm is more secure than the previous work, as all the variables required to calculate Montgomery multiplication are protected.
Parallel Montgomery multipliers
  • M. O. Sanu, E. Swartzlander, C. Chase
  • Computer Science, Mathematics
    Proceedings. 15th IEEE International Conference on Application-Specific Systems, Architectures and Processors, 2004.
  • 2004
This work presents four designs for speeding up modular multiplication on application-specific crypto-processors that utilize small look-up tables and fast, massively parallel multipliers.
A Survey on Hardware Architectures for Montgomery Modular Multiplication Algorithm
This paper presents new architectures for the computation of modular multiplication and exponentiation using Montgomery multiplication algorithm, one of the fundamental operations used in cryptographic algorithms such as RSA, Diffie-Hellman key distribution and Elliptic Curve cryptosystems.
Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli
An optimal upper bound for the number of iterations and precise bounds for the output are established for the version of Montgomery Modular Multiplication from which conditional statements have been


A faster modular multiplication algorithm
  • S. Eldridge
  • Computer Science, Mathematics
    Int. J. Comput. Math.
  • 1991
AB mod N where N is odd is shown to have significant advantages over other algorithms which make it suitable for use in hardware for public key encryption and could run at approximately twice the speed of the best currently available.
Hardware Implementation of Montgomery's Modular Multiplication Algorithm
Hardware is described for implementing the fast modular multiplication algorithm developed by P.L. Montgomery (1985), showing that this algorithm is up to twice as fast as the best currently available and is more suitable for alternative architectures.
Montgomery modular exponentiation on reconfigurable hardware
  • Thomas Blum
  • Computer Science, Mathematics
    Proceedings 14th IEEE Symposium on Computer Arithmetic (Cat. No.99CB36336)
  • 1999
This contribution proposes arithmetic architectures which are optimized for modern field programmable gate arrays (FPGAs) and shows that it is possible to implement modular exponentiation at secure bit lengths on a single commercially available FPGA.
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
  • P. Kocher
  • Computer Science, Mathematics
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Modular multiplication without trial division
A method for multiplying two integers modulo N while avoiding division by N, a representation of residue classes so as to speed modular multiplication without affecting the modular addition and subtraction algorithms.
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important