Journal of Cryptology

, Volume 6, Issue 4, pp 183–208 | Cite as

A design of a fast pipelined modular multiplier based on a diminished-radix algorithm

  • Glenn Orton
  • Lloyd Peppard
  • Stafford Tavares


We present a new serial-parallel concurrent modular-multiplication algorithm and architecture suitable for standard RSA encryption. In the new scheme, multiplication is performed modulo a multiple of the RSA modulus n, which has a diminished-radix form 2 k -v, where k and v are positive integers and v < n. This design is the first concurrent modular multiplier to use a diminished-radix algorithm and to pipeline concurrent modular-reduction to optimize the clock rate. For a modular multiplier of order ranging from 1 to 10 (number of multiplier bits per clock cycle), a faster clock rate and throughput is possible than with other known designs including those of Brickell, Morita, Sedlak and Golze, and Miyaguchi. Throughput estimates for 512-bit RSA decryption range from 100 kbit/s in a serial mode to 650 kbit/s with a modular multiplier of order 10, at a clock rate of 20 MHz on 1.5 μm CMOS.

Key words

Computer arithmetic Cryptology Cryptography Encryption RSA Modular exponentiation Modular multiplication Pipelining VLSI CMOS 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    E. F. Brickell, A fast modular multiplication algorithm with application to two key cryptography, Proc. CRYPTO '82, Santa Barbara, CA, Plenum, New York, 1983, pp. 51–60.Google Scholar
  2. [2]
    E. F. Brickell, A survey of hardware implementations of RSA, Advances in Cryptology, CRYPTO '89, Springer-Verlag, Berlin, 1989, pp. 368–370.Google Scholar
  3. [3]
    W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol. 22, no. 6 (1976), pp. 644–654.Google Scholar
  4. [4]
    S. R. Dussé and B. S. Kaliski, Jr., A cryptographic library for the Motorola DSP56000, Advances in Cryptology, CRYPTO '90, Springer-Verlag, Berlin, 1991, pp. 230–244.Google Scholar
  5. [5]
    T. ElGamel, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, vol. 31, no. 4 (1985), pp. 469–472.Google Scholar
  6. [6]
    P. Galley and E. Depret, A cryptography processor, 1988 IEEE International Solid State Circuits Conference Digest of Technical Papers, pp. 148–149, 1988.Google Scholar
  7. [7]
    F. Hoornaert, M. Decroos, J. Vandewalle, and R. Govaerts, Fast RSA-hardware Dream or reality?, Advances in Cryptology, EUROCRYPT '88, Davos, Switzerland, Springer-Verlag, Berlin, 1988, pp. 257–264.Google Scholar
  8. [8]
    K. Hwang, Computer Arithmetic, Wiley, New York, 1979.Google Scholar
  9. [9]
    S. Kawamura and K. Hirano, A fast modular arithmetic algorithm using a residue table, Advances in Cryptology, EUROCRYPT '88, Davos, Switzerland, Springer-Verlag, Berlin, 1988, pp. 245–250.Google Scholar
  10. [10]
    D. E. Knuth, The Art of Computer Programming, vol. 2, 2nd edn., Addison-Wesley, Reading, MA, 1981, pp. 268–275.Google Scholar
  11. [11]
    D. Laurichesse, Optimized implementation of RSA cryptosystem, Computers and Security (UK), vol. 10, no. 3 (1991), pp. 263–267.Google Scholar
  12. [12]
    D. J. Lehmann, On primality tests, SIAM Journal of Computing, vol. 11, no. 2 (1982), pp. 374–375.Google Scholar
  13. [13]
    A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The number field seive, Proc. STOC '90, Baltimore, MD, ACM Press, Baltimore, MD, 1990, pp. 564–572.Google Scholar
  14. [14]
    R. Madhavan and L. E. Peppard, A multiprocessor GaAs RSA cryptosystem, Proc. CCVLSI '89, Vancouver, 1989, pp. 115–122.Google Scholar
  15. [15]
    G. Meister, On an implementation of the Mohan-Adiga algorithm, Advances in Cryptology, EUROCRYPT '90, Springer-Verlag, Berlin, 1990, pp. 496–500.Google Scholar
  16. [16]
    S. Miyaguchi, Fast encryption algorithm for the RSA cryptographic system, Proc COMPCON '82, 1982, pp. 672–678.Google Scholar
  17. [17]
    S. B. Mohan and B. S. Adiga, Fast algorithms for implementing RSA public key cryptosystem, Electronics Letters, vol. 21, no. 21 (1985), p. 761.Google Scholar
  18. [18]
    P. L. Montgomery, Modular multiplication without trial division, Mathematics of Computation, vol. 44, no. 170 (1985), pp. 519–521.MathSciNetzbMATHGoogle Scholar
  19. [19]
    H. Morita, A fast modular multiplication algorithm based on a higher radix, Proc. CRYPTO '90, Santa Barbara, CA, Springer-Verlag, Berlin, 1991, pp. 387–399.Google Scholar
  20. [20]
    D. B. Newman, Jr., J. K. Omura, and R. L. Pickholtz, Public key management for network security, IEEE Network Magazine, vol. 1, no. 2 (1987), pp. 11–16.Google Scholar
  21. [21]
    M. J. Norris and G. J. Simmons, Algorithms for high-speed modular arithmetic, Congressus Numeratium, vol. 31 (1981), pp. 153–163.Google Scholar
  22. [22]
    G. A. Orton, M. P. Roy, P. A. Scott, L. E. Peppard, and S. E. Tavares, VLSI implementation of public key encryption algorithms, Proc. CRYPTO '86, Santa Barbara, CA, Springer-Verlag, Berlin, 1987, pp. 277–301.Google Scholar
  23. [23]
    H. Orup, E. Svendsen, and E. Andreasen, VICTOR, an efficient RSA hardware implementation, Advances in Cryptology, EUROCRYPT '90, Springer-Verlag, Berlin, 1991, pp. 245–252.Google Scholar
  24. [24]
    J. J. Quisquater and C. Couvreur, Fast decipherment algorithm for RSA public-key cryptosystem, Electronics Letters, vol. 18, no. 18 (1982), pp. 905–907.Google Scholar
  25. [25]
    M. O. Rabin, Digital signatures and public-key functions as intractable as factorization, MIT/LCS/TR-212, MIT Laboratory for Computer Science, January 1979.Google Scholar
  26. [26]
    R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21, no. 2 (1978), pp. 120–126.Google Scholar
  27. [27]
    R. L. Rivest, A description of a single-chip implementation of the RSA cipher, Lambda, 4th quarter (1980), pp. 14–18.Google Scholar
  28. [28]
    R. L. Rivest, RSA chips (past/present/future), Proc. EUROCRYPT '84, Springer-Verlag, Berlin, 1985, pp. 159–165.Google Scholar
  29. [29]
    J. E. Roberston, A deterministic procedure for the design of carry-save adders and borrow-save subtractors, Report No. 235, Department of Computer Science, University of Illinois, Urbana, IL, July 1967.Google Scholar
  30. [30]
    F. A. Rohatsch, A study of transformations applicable to the development of limited carry-borrow propagation adders, Ph.D. thesis, University of Illinois, Urbana, IL, June 1967.Google Scholar
  31. [31]
    H. Sedlak and U. Golze, An RSA cryptography processor, Microprocessing and Microprogramming, vol. 18 (1986), pp. 583–590.Google Scholar
  32. [32]
    A. Vandemeulebroecke, E. Vanzieleghem, T. Denayer, and P. G. Jespers, A single chip 1024 bits RSA processor, Advances in Cryptology, EUROCRYPT '89, Houthalen, Belgium, Springer-Verlag, Berlin, 1990, pp. 219–236.Google Scholar
  33. [33]
    C. S. Wallace, A suggestion for a fast multiplier, IEEE Transactions on Electronic Computers, vol. 13 (1964), pp. 14–17.Google Scholar
  34. [34]
    M. Walter, VLSI architectures and circuits for RSA encryption, M.Sc. thesis, Queen's University, Kingston, Ontario, 1989.Google Scholar
  35. [35]
    A. Jung, Implementing the RSA cryptosystem, Computers and Security (UK), vol. 6 (1987), pp. 342–350.PubMedGoogle Scholar

Copyright information

© International Association for Cryptologic Research 1993

Authors and Affiliations

  • Glenn Orton
    • 1
  • Lloyd Peppard
    • 1
  • Stafford Tavares
    • 1
  1. 1.Department of Electrical EngineeringQueen's UniversityKingstonCanada

Personalised recommendations