Abstract
Multiplicative inversion in finite fields is an essential operation in many cryptographic applications such as elliptic curve and pairing-based cryptography. While the classical extended Euclidean algorithm involves expensive division operations, the binary extended Euclidean and Kaliski’s algorithms use simple shift, addition and subtraction operations. The Montgomery inverse operation is applied when the Montgomery multiplication operation is used for fast arithmetic. As the inversion operation is applied to sensitive data, a constant-time inversion algorithm is useful against a class of side-channel attacks. In this paper, we show different ways of computing the Montgomery inverse of a given integer and compare their complexity in terms of the number of additions/subtractions and shift operations. We also propose a simple parallel algorithm to compute Montgomery inverse, which can be useful in multi-core processors where data sharing among cores is relatively inexpensive. Finally, we propose two efficient constant-time Montgomery inversion algorithms, which are useful as countermeasures against side-channel attacks.
Similar content being viewed by others
Notes
GNU Multiple Precision Arithmetic Library: http://www.gmplib.org.
References
Rivest, R.L., Shamir, A., Adleman, A.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1976)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22, 644–654 (1976)
National Institute for Standards and Technology. FIPS PUB 186-4 Digital Signature Standard (DSS). doi:10.6028/NIST.FIPS.186-4 (2013)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Crypto 1985. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Boston (1993)
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pp. 135–148 (2000)
Montgomery, P .L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)
Savaş, E., Koç, Ç.K.: The Montgomery modular inverse—revisited. IEEE Trans. Comput. 49(7), 763–766 (2000)
Euclid Thirteen Books of Euclids Elements, vol. 2, Books 3–9, 2nd edn, Translated by T. L. Heath. Dover Publications (1956)
Stein, J.: Computational problems associated with Racah algebra. J. Comput. Phys. 1, 397–405 (1967)
Knuth, D.E.: The Art of Computer Programming, vol. 2, 2nd edn. Addison-Wesley, Reading (1981)
Kaliski Jr., B.S.: The Montgomery inverse and its applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)
Kobayashi, T., Morita, H.: Fast modular inversion algorithm to match any operand unit. IEICE Trans. Fundam. E82–A(5), 733–740 (1999)
Savaş, E., Koç, Ç.K.: Architecture for unified field inversion with applications in elliptic curve cryptography. In: Proceedings of the 9th IEEE International Conference on Electronics, Circuits and Systems—ICECS 2002, vol. 3, pp. 1155–1158. Dubrovnik, Croatia (2002)
Lórenz, R.: New algorithm for classical modular inverse. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, pp. 57–70. Springer, Berlin (2002)
Tenca, A.F., Tawalbeh, L.A.: An algorithm for unified modular division in GF(p) and GF(2\(^{n}\)) suitable for cryptographic hardware. IEE Electron. Lett. 40(5), 304–306 (2004)
Gutub, A.A.-A., Tenca, A.F., Savaş, E., Koç, Ç.K.: Scalable and unified hardware to compute Montgomery inverse in \({GF}(p)\) and \(GF(2^n)\). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems, LNCS, pp. 485–500. Springer, Berlin (2002)
Savaş, E., Naseer, M., Gutub, A.A.-A., Koç, Ç.K.: Efficient unified Montgomery inversion with multibit shifting. IEE Process. Comput. Digit. Tech. 152(4), 489–498 (2005)
Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: ASIACRYPT 1998, pp. 51–65
Bos, J.W.: Constant time modular inversion. J. Cryptogr. Eng. 4(4), 275–281 (2014)
Gutub, A.A.-A., Tenca, A.F., Koçs, Ç.K.: Scalable VLSI architecture for GF(p) Montgomery modular inverse computation. In: IEEE Computer Society Annual Symposium on VLSI, ISVLSI’02, pp. 46–51. Pittsburgh, Pennsylvania, USA, April 25–26 (2002)
Gutub, A.A.-A., Tenca, A.F.: Efficient scalable hardware architecture for Montgomery inverse computation in GF(\(p\)). In: IEEE Workshop on Signal Processing Systems (SIPS’03), pp. 93–98. Seoul, Korea, August 27–29 (2003)
Gutub, A.A.-A., Tenca, A.F.: Efficient scalable VLSI architecture for Montgomery inversion in GF( p). Integr. VLSI J. 37(2), 103–120 (2004)
Gutub, A.A.-A., Savaş, E., Kalganova, T.: Scalable VLSI design for fast GF(p) Montgomery inverse computation. In: IEEE International Conference on Computer and Communication Engineering (ICCCE ’06). Kuala Lumpur, Malaysia (2006)
Gutub, A.A.-A.: High speed hardware architecture to compute galois fields GF(p) montgomery inversion with scalability features. IET Comput. Digit. Tech. 1(4), 389–396 (2007)
Zi-bin, D., Fan, Q., Xiao-hui, Y.: Scalable hardware architecture for montgomery inversion computation in dual-field. In: 2009 WASE International Conference on Information Engineering, pp. 206–209. Taiyuan, Chanxi (2009)
Chen, C., Qin, Z.: Efficient algorithm and systolic architecture for modular division. Int. J. Electron. 98(6), 813–823 (2011)
Murat, E., Kardaş, S., Savaş, E.: Scalable and efficient FPGA implementation of Montgomery inversion. In: Proceedings of the 2011 Workshop on Lightweight Security and Privacy: Devices, Protocols, and Applications, LIGHTSEC’11, pp. 61–68 (2011)
Liu, Z., Wenger, E., Großschädl, J.: MoTE-ECC: energy-scalable elliptic curve cryptography for wireless sensor networks. In: ACNS 2014, pp. 361–379
Ishii, M., Detrey, J., Gaudry, P., Inomata, A., Fujikawa, K.: Fast Modular arithmetic on the Kalray MPPA-256 processor for an energy-efficient implementation of ECM. IACR Cryptol. ePrint Arch. 2016, 365 (2016)
Aranha, D.F., Fuentes-Castañeda, L., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Implementing Pairings at the 192-Bit Security Level, pp. 177–195. Pairing (2012)
De Win, E., Mister, S., Preneel, B., Wiener, M.: On the performance of signature schemes based on elliptic curves. In: Buhler, J.P. (ed) Algorithmic Number Theory: Third International Symposium, ANTS-III, pp. 252–266. Portland, Oregon, USA, June 21–25, Springer, Berlin (1998)
Fouque, P.-A., Tibouchi, M.: Indifferentiable hashing to Barreto–Naehrig curves. In: LATINCRYPT 2012, pp. 1–17
Acknowledgements
We thank the anonymous reviewers for their comments and recommendations.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Savaş, E., Koç, Ç.K. Montgomery inversion. J Cryptogr Eng 8, 201–210 (2018). https://doi.org/10.1007/s13389-017-0161-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-017-0161-x