Addition-based exponentiation modulo 2

Introduction and background: The basic integer arithmetic operations of addition=subtraction, multiplication and division are implemented typically in hardware using k bits of precision with k usually 16, 32, or 64, and up to 1024 in the case of cryptography. Having a precision limited to k bits makes the arithmetic operations equivalent to their corresponding residue arithmetic modulo 2 operations along with appropriate overflow handling. When the hardware support does not include a large multiplier, there is a particular need for additive bit-serial algorithms for these and additional residue operations. In this Letter we present a bit-serial algorithm for the fundamental residue arithmetic operation of powering (or exponentiation). Following [1] we herein employ jnj2k1⁄4 j to denote the congruence relation n j (mod 2) with the residue j satisfying 0 j 2 1. When computing the exponentiation operation b (mod 2) of a basis b (our preferred case is b1⁄4 3), usually some variation of the square-andmultiply algorithm is being employed. In this method the squaring operation is performed sequentially obtaining j31j2k, j3 2j2k, j3 3j2k, . . . , j3k 1j2k. From these residues a subset is selected to be part of the product corresponding to j3ej2k: