论文信息 - Fast and Constant-Time Implementation of Modular Exponentiation

Fast and Constant-Time Implementation of Modular Exponentiation

Modular exponentiation is an important operation which requires a vast amount of computations. Therefore, it is crucial to build fast exponentiation schemes. Since Cache and data-dependent branching behavior can alter the runtime of an algorithm significantly, it is also important to build an exponentiation scheme with constant run-time. However, such approaches have traditionally added significant overhead to the performance of the exponentiation computations due to costly mitigation steps. We present a novel constant run-time approach that results in the world’s fastest modular exponentiation implementation on IA processors, bringing a 1.6X speedup to the fastest known modular exponentiation implementation in OpenSSL Keywordsmodular, exponentiation, reduction, folding, Montgomery

[1] Anatolij A. Karatsuba,et al. Multiplication of Multidigit Numbers on Automata , 1963 .

[2] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3] Paul Barrett,et al. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[4] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5] OpenSSL. OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[6] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.

[7] Gunnar Gaubatz,et al. Fast Modular Reduction , 2007, 18th IEEE Symposium on Computer Arithmetic (ARITH '07).