Efficient regular modular exponentiation using multiplicative half-size splitting

In this paper, we consider efficient RSA modular exponentiations $$x^K \mod N$$xKmodN which are regular and constant time. We first review the multiplicative splitting of an integer x modulo N into two half-size integers. We then take advantage of this splitting to modify the square-and-multiply exponentiation as a regular sequence of squarings always followed by a multiplication by a half-size integer. The proposed method requires around 16 % less word operations compared to Montgomery-ladder, square-always and square-and-multiply-always exponentiations. These theoretical results are validated by our implementation results which show an improvement by more than 12 % compared approaches which are both regular and constant time.

[1]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[2]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[3]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[4]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[5]  Thomas Plantard,et al.  Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand , 2015, 2015 IEEE 22nd Symposium on Computer Arithmetic.

[6]  Stefan Mangard Exploiting Radiated Emissions - EM Attacks on Cryptographic ICs , 2003 .

[7]  Christophe Clavier,et al.  Square Always Exponentiation , 2011, INDOCRYPT.

[8]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[9]  Marc Joye,et al.  Coordinate Blinding over Large Prime Fields , 2010, CHES.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Benoit Feix,et al.  Distinguishing Multiplications from Squaring Operations , 2009, Selected Areas in Cryptography.

[12]  Joos Vandewalle,et al.  Comparison of Three Modular Reduction Functions , 1993, CRYPTO.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[15]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[16]  Marc Joye,et al.  Exponent Recoding and Regular Exponentiation Algorithms , 2009, AFRICACRYPT.

[17]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[18]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[19]  Marc Joye,et al.  (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography , 2003, ICICS.