Skip to main content
SpringerLink
Log in

Montgomery inversion

  • Special Issue on Montgomery Arithmetic
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Multiplicative inversion in finite fields is an essential operation in many cryptographic applications such as elliptic curve and pairing-based cryptography. While the classical extended Euclidean algorithm involves expensive division operations, the binary extended Euclidean and Kaliski’s algorithms use simple shift, addition and subtraction operations. The Montgomery inverse operation is applied when the Montgomery multiplication operation is used for fast arithmetic. As the inversion operation is applied to sensitive data, a constant-time inversion algorithm is useful against a class of side-channel attacks. In this paper, we show different ways of computing the Montgomery inverse of a given integer and compare their complexity in terms of the number of additions/subtractions and shift operations. We also propose a simple parallel algorithm to compute Montgomery inverse, which can be useful in multi-core processors where data sharing among cores is relatively inexpensive. Finally, we propose two efficient constant-time Montgomery inversion algorithms, which are useful as countermeasures against side-channel attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. GNU Multiple Precision Arithmetic Library: http://www.gmplib.org.

References

  1. Rivest, R.L., Shamir, A., Adleman, A.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1976)

    Article  MathSciNet  Google Scholar 

  2. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22, 644–654 (1976)

    Article  MathSciNet  Google Scholar 

  3. National Institute for Standards and Technology. FIPS PUB 186-4 Digital Signature Standard (DSS). doi:10.6028/NIST.FIPS.186-4 (2013)

  4. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)

    Article  MathSciNet  Google Scholar 

  5. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Crypto 1985. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

    Google Scholar 

  6. Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Boston (1993)

    Book  Google Scholar 

  7. Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pp. 135–148 (2000)

  8. Montgomery, P .L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)

    Article  MathSciNet  Google Scholar 

  9. Savaş, E., Koç, Ç.K.: The Montgomery modular inverse—revisited. IEEE Trans. Comput. 49(7), 763–766 (2000)

    Article  MathSciNet  Google Scholar 

  10. Euclid Thirteen Books of Euclids Elements, vol. 2, Books 3–9, 2nd edn, Translated by T. L. Heath. Dover Publications (1956)

  11. Stein, J.: Computational problems associated with Racah algebra. J. Comput. Phys. 1, 397–405 (1967)

    Article  Google Scholar 

  12. Knuth, D.E.: The Art of Computer Programming, vol. 2, 2nd edn. Addison-Wesley, Reading (1981)

    MATH  Google Scholar 

  13. Kaliski Jr., B.S.: The Montgomery inverse and its applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)

    Article  Google Scholar 

  14. Kobayashi, T., Morita, H.: Fast modular inversion algorithm to match any operand unit. IEICE Trans. Fundam. E82–A(5), 733–740 (1999)

    Google Scholar 

  15. Savaş, E., Koç, Ç.K.: Architecture for unified field inversion with applications in elliptic curve cryptography. In: Proceedings of the 9th IEEE International Conference on Electronics, Circuits and Systems—ICECS 2002, vol. 3, pp. 1155–1158. Dubrovnik, Croatia (2002)

  16. Lórenz, R.: New algorithm for classical modular inverse. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, pp. 57–70. Springer, Berlin (2002)

    Google Scholar 

  17. Tenca, A.F., Tawalbeh, L.A.: An algorithm for unified modular division in GF(p) and GF(2\(^{n}\)) suitable for cryptographic hardware. IEE Electron. Lett. 40(5), 304–306 (2004)

    Article  Google Scholar 

  18. Gutub, A.A.-A., Tenca, A.F., Savaş, E., Koç, Ç.K.: Scalable and unified hardware to compute Montgomery inverse in \({GF}(p)\) and \(GF(2^n)\). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, pp. 485–500. Springer, Berlin (2002)

    Google Scholar 

  19. Savaş, E., Naseer, M., Gutub, A.A.-A., Koç, Ç.K.: Efficient unified Montgomery inversion with multibit shifting. IEE Process. Comput. Digit. Tech. 152(4), 489–498 (2005)

    Article  Google Scholar 

  20. Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: ASIACRYPT 1998, pp. 51–65

    Google Scholar 

  21. Bos, J.W.: Constant time modular inversion. J. Cryptogr. Eng. 4(4), 275–281 (2014)

    Article  Google Scholar 

  22. Gutub, A.A.-A., Tenca, A.F., Koçs, Ç.K.: Scalable VLSI architecture for GF(p) Montgomery modular inverse computation. In: IEEE Computer Society Annual Symposium on VLSI, ISVLSI’02, pp. 46–51. Pittsburgh, Pennsylvania, USA, April 25–26 (2002)

  23. Gutub, A.A.-A., Tenca, A.F.: Efficient scalable hardware architecture for Montgomery inverse computation in GF(\(p\)). In: IEEE Workshop on Signal Processing Systems (SIPS’03), pp. 93–98. Seoul, Korea, August 27–29 (2003)

  24. Gutub, A.A.-A., Tenca, A.F.: Efficient scalable VLSI architecture for Montgomery inversion in GF( p). Integr. VLSI J. 37(2), 103–120 (2004)

    Article  Google Scholar 

  25. Gutub, A.A.-A., Savaş, E., Kalganova, T.: Scalable VLSI design for fast GF(p) Montgomery inverse computation. In: IEEE International Conference on Computer and Communication Engineering (ICCCE ’06). Kuala Lumpur, Malaysia (2006)

  26. Gutub, A.A.-A.: High speed hardware architecture to compute galois fields GF(p) montgomery inversion with scalability features. IET Comput. Digit. Tech. 1(4), 389–396 (2007)

    Article  Google Scholar 

  27. Zi-bin, D., Fan, Q., Xiao-hui, Y.: Scalable hardware architecture for montgomery inversion computation in dual-field. In: 2009 WASE International Conference on Information Engineering, pp. 206–209. Taiyuan, Chanxi (2009)

  28. Chen, C., Qin, Z.: Efficient algorithm and systolic architecture for modular division. Int. J. Electron. 98(6), 813–823 (2011)

    Article  Google Scholar 

  29. Murat, E., Kardaş, S., Savaş, E.: Scalable and efficient FPGA implementation of Montgomery inversion. In: Proceedings of the 2011 Workshop on Lightweight Security and Privacy: Devices, Protocols, and Applications, LIGHTSEC’11, pp. 61–68 (2011)

  30. Liu, Z., Wenger, E., Großschädl, J.: MoTE-ECC: energy-scalable elliptic curve cryptography for wireless sensor networks. In: ACNS 2014, pp. 361–379

    MATH  Google Scholar 

  31. Ishii, M., Detrey, J., Gaudry, P., Inomata, A., Fujikawa, K.: Fast Modular arithmetic on the Kalray MPPA-256 processor for an energy-efficient implementation of ECM. IACR Cryptol. ePrint Arch. 2016, 365 (2016)

    MATH  Google Scholar 

  32. Aranha, D.F., Fuentes-Castañeda, L., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Implementing Pairings at the 192-Bit Security Level, pp. 177–195. Pairing (2012)

  33. De Win, E., Mister, S., Preneel, B., Wiener, M.: On the performance of signature schemes based on elliptic curves. In: Buhler, J.P. (ed) Algorithmic Number Theory: Third International Symposium, ANTS-III, pp. 252–266. Portland, Oregon, USA, June 21–25, Springer, Berlin (1998)

  34. Fouque, P.-A., Tibouchi, M.: Indifferentiable hashing to Barreto–Naehrig curves. In: LATINCRYPT 2012, pp. 1–17

    Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for their comments and recommendations.

Author information

Authors and Affiliations

  1. Sabancı University, Istanbul, Turkey

    Erkay Savaş

  2. University of California Santa Barbara, Santa Barbara, CA, USA

    Çetin Kaya Koç

Authors
  1. Erkay Savaş
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Çetin Kaya Koç
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erkay Savaş.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Savaş, E., Koç, Ç.K. Montgomery inversion. J Cryptogr Eng 8, 201–210 (2018). https://doi.org/10.1007/s13389-017-0161-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-017-0161-x

Keywords

Search

Navigation