370 likes | 386 Views
This lecture covers methods to compare numbers in RNS, represent numbers in DBNS, perform addition on DBNS numbers, and implement modular exponentiation using Montgomery multiplication.
E N D
CSE 246: Computer Arithmetic Algorithms and Hardware DesignNumbers: RNS, DBNS, Montgomory Prof Chung-Kuan Cheng Lecture 3
How to compare two RNS numbers • We can approximate the magnitude of a RNS number by the following formula where
An Example Suppose, x = (6|3|0) RNS (7|5|3) y = (3|0|1) RNS (7|5|3) Then we have x/105 = [6(1/7) + 3(1/5) + 0(2/3)] mod 1 ≈ 0.457 y/105 = [3(1/7) + 0(1/5) + 1(2/3)] mod 1 ≈ 0.095 Clearly, x (48) is greater than y (10).
Double Base Number System (DBNS) • DBNS is a new kind of number system, where there are two bases, p and q. • Any number x is represented by the equation Also, this number system could be redundant, e.g. 54 = 2030+2130+2131+2031+2032+2232 = 2133
Double Base Number System (DBNS) • We can represent DBNS numbers in a two-dimensional table. For example we can express 54 by this tabular representation. For each entry in the table, we multiply the corresponding row-value and column-value. Then we add up all such entries to get the value of the number represented by the table.
Double Base Number System (DBNS) • DBMS can be of practical use too in some scenarios. • In binary number representation, each bit has approximately 0.5 probability of being 1. • But in DBNS, the number of bits that are logic 1 in the tabular representation could be much less. • Effectively, we can reduce the number of 01 and 10 transitions, thus saving power.
Double Base Number System (DBNS) A greedy approach to minimize the number of TRUE bits in the tabular representation of any integer : GREEDY (x) { if (x > 0) then do{ find the largest 2-integer w such that w ≤ x; write(w); x = x-w; greedy(x); } }
Double Base Number System (DBNS) • It can be shown that expected number of bits that are ‘turned on’ in a DBNS representation of integer is • O[lg x/(lg lg x)], which is significantly lower than the corresponding number in the positional binary system, O(lg x). • As an example, consider the integer 2215 • In binary system, number of ‘1’s ≈ 100 • In DBNS, number of ‘1’s ≈ 30 • In the next few slides we shall discuss how we can implement ADDITION operation on two DBNS numbers.
DBNS Numbers: Addition Consider the integers 14 and 20. In DBNS system, 14 = 2231 + 2130 [We represent this number by a green cross] 20 = 2132 + 2130 [We represent this number by a red cross] The addition operation is performed by representation the numbers in tabular form, and then ‘merging’ the tables.
DBNS System: Addition The final merged table is : And the sum of 14 and 20 is 2230 + 2231 + 2132 = 34, which is indeed correct
DBNS System: Addition • Few rules for ‘shifting’ values in the merged table • We can always use algebraic manipulations to minimize number of entries in a DBNS table, e.g. • 2i3j + 2i3j+1 = 2i+23j • 2i3j + 2i+13j = 2i3j+1 • A variant of 2-integers are represented by using only single digit. They are of the form 2s3t, and might be useful in logarithmic operations.
MontgomeryMultiplication David Harris Harvey Mudd College Claremont, CA 91711 David_Harris@hmc.edu
Outline • Cryptography Overview • Finite Field Mathematics • Montgomery Multiplication
Cryptography Overview • Encryption has become essential • E-commerce (SSL) • Communications / network processors • Smart cards / digital cash • Military • Two major classes of algorithms • Symmetric cryptosystems (e.g. DES) • Public key cryptosystems (e.g. RSA)
Cryptographic Protocols • Alice and Bob would like to communicate securely. Eve wants to listen in. • Symmetric key: • Alice and Bob must share a key for encryption and decryption. • If Eve hears it, she can read the messages. • Public key: • Alice publishes her public key to the world. • Bob encrypts with Alice’s public key. • Alice can decrypt only with her private key. • Eve can’t decrypt with the public key.
Digital Signatures • Alice wants to sign a contract in a way that only she can do. • Alice publishes her public key and keeps the private key secret. • Encrypt the document with her secret key. • Anyone can decrypt the document with her public key • But nobody can forge her signature.
Key Exchange • Public key encryption is slow • Use it to share a symmetric key • Use symmetric key to encrypt large blocks of data
RSA Encryption • Most widely used public key system. • Good for encryption and signatures. • Invented by Rivest, Shamir, Adleman (1978) • Public e and private d keys are long #s • n = 256-2048+ bits • Satisfy xde mod M = x for all x • Finding d from e is as hard as factoring M • Encryption: B = Ae mod M • Decryption: C = Bd mod M = Aed = A
Modular Exponentiation • Critical operation in RSA and for • Digital signature algorithm • Diffie-Hellman key exchange • Elliptic curve cryptosystems • Done with 2n modular multiplications • Ex: A27 = ((((((A2) * A)2)2) * A)2) * A • Division required after each multiplication to compute modulo
Finite Field Mathematics • +, * modulo prime p form a finite field • p elements • Additive identity: 0 • Multiplicitive identity: 1 • Each nonzero number has a unique inverse x-1 • Named GF(p) • For Evariste Galois, a 19th century number theorist killed in a duel at age 20
Binary Extension Fields • Building blocks are polynomials in x • Operations performed modulo some irreducible polynomial f(x) of degree n • Arithmetic done modulo 2 • Called GF(2n) • Example: GF(23) • Computation is the same as GF(p) • Except that no carries are propagated
Montgomery Multiplication • Faster way to do modular exponentation • Operate on Montgomery residues • Division becomes a simple shift • Requires conversion to and from residues only once per exponentiation
Montgomery Residues • Let the modulus M be a prime n-bit integer • Define r = 2n • Define the M-residue of an integer a < M as • There is a one-to-one correspondence between integers and M-residues for 0 < a < M-1
M-Residue Examples • M = 11, r = 16
Montgomery Multiplicaton • Define • Where r-1 is the inverse of r mod M: • r-1r = 1 (mod M) • This gives the Montgomery residue of • z = xy mod M
Mont. Multiplication Example • It may not be obvious that this is easier to do than regular modular multiplication. Red(T)= Tr-1mod M
Algorithm Red(T)= T r-1 mod M • m= T M’ mod r (0<= m < r) • t= (T+mM)/r • If t>=M, return t-M else return t Let M’= (-M-1) mod r, i.e. rr-1-M’M=1
Example Red(T)= T r-1 mod M • r= 16 • M= 11 • r -1 mod M = 9 • M’= -M-1 mod r = 13 rr -1-M’M= 16x9-13x11= 1 Let M’= -M-1 mod r, i.e. rr-1-M’M=1
Example Red(T)= T r-1 mod M Red(1)= 1x9 mod 11= 9 r= 16, M= 11, r -1 = 9, M’= 13 • m= (T M’ )mod r • t= (T+mM)/r • If t>=M, t-M else return t Red(1) m=1x13 mod 16= 13 t= (1+13x11)/16= 144/16= 9 Red(1)= 9
Example Red(T)= T r-1 mod M Red(2)= 2x9 mod 11= 7 r= 16, M= 11, r-1 = 9, M’= 13 • m= T M’ mod r • t= (T+mM)/r • If t>=M, t-M else return t Red(2) m=2x13 mod 16= 10 t= (2+10x11)/16= 112/16= 7 Red(2)= 7
Example Red(T)= T r-1 mod M Red(3)= 3x9 mod 11= 5 r= 16, M= 11, r-1 = 9, M’= 13 • m= Tmod r M’ mod r • t= (T+mM)/r • If t>=M, t-M else return t Red(3) m=3x13 mod 16= 7 t= (3+7x11)/16= 80/16= 5 Red(3)= 5
Example Red(T)= T r-1 mod M Red(103)= 103x9 mod 11= 3 r= 16, M= 11, r-1 = 9, M’= 13 • m= Tmod r M’ mod r • t= (T+mM)/r • If t>=M, t-M else return t Red(103) m=103x13 mod 16= 11 t= (103+11x11)/16= 224/16= 14 t= t-M= 14-11=3 Red(103)= 3
Proof: (T+mM)/r is an integer m=TM’ mod r Thus mM mod r = -T mod r Therefore T+mM mod r is 0 t modM = Tr-1 modM t= (T+mM)/r Thus tr = T+mM Consequently, tr mod M= T mod M 0<= t < 2M 0<= T+mM< rM+rM
Montgomery Multiplier • MM is an easier operation that requires no hard division, just shifting • In radix 2, Z = 0 for i = 0 to n-1 Z = Z + xi•Y if Z is odd then Z = Z + M Z = Z/2 if Z ≥ M then Z = Z – M
Example • X = 7 = 0111 • Y = 5 = 0101 • M = 11 = 1011 • Z initially 0 • Z = (0 + 5 + 11) / 2 = 8 • Z = (8 + 5 + 11) / 2 = 12 • Z = (12 + 5 + 11) / 2 = 14 • Z = (14 + 0) / 2 = 7 (final result) • Z = 0 • for i = 0 to n-1 • Z = Z + xi•Y • if Z is odd then Z = Z + M • Z = Z/2 • if Z ≥ M then Z = Z – M
Conversion • Conversion of integers to/from Montgomery residues takes one MM operation (if r2 mod M is precomputed and saved): • Modular exponentiation takes two conversion steps and 2n multiplication steps.