Journal of Cryptographic Engineering

, Volume 9, Issue 4, pp 333–339 | Cite as

Uniform Montgomery multiplier

  • Gokay SaldamliEmail author
  • Yoo-Jin Baek
Regular Paper


As the importance of the modular arithmetic in public-key systems remains, the pursuits of sophisticated cryptographic engineering continue in designing improved architectures for realizing modular arithmetic. This sophistication does not only involve the high-performance, low-power or area-aware optimizations, but also includes secure or hardened realizations, immune against the so-called side-channel attacks. Among these, simple power analysis attack (SPA) requiring only one or a few power traces of the cryptographic activity is considered as the most dangerous treat for security. This study concentrates on implementing SPA-resistant Montgomery multipliers which are the key ingredients in designing substantial cryptosystems. We introduce new encoding schemes that allow multiplication with the operands having no zero digits. Naturally, such encodings result in a homogeneous multiplication in which accumulation needs equivalent computational work. Moreover, in order to layout more secure and timing-independent multipliers, we impose the I/O requirements that resulting Montgomery multipliers do not need extra final reduction. Finally, as proposed methods allow architectures suitable for word serial processing, a memory performance trade-off is possible for constraint environments.


Side-channel attack Simple power attack countermeasure Digit recoding Montgomery multiplier 



  1. 1.
    Bhattacharya, S., Mukhopadhyay, D.: Who watches the watchmen? Utilizing performance monitors for compromising keys of RSA on intel platforms. In: Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems—CHES 2015, pp. 248–266 (2015)Google Scholar
  2. 2.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: EUROCRYPT’97, Lecture Notes in Computer Science, vol. 1233, pp. 37–51. Springer (1997)Google Scholar
  3. 3.
    Booth, A.D.: A signed binary multiplication technique. Q. J. Mech. Appl. Math. 4(2), 236–240 (1951)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: WISTP 2007, Lecture Notes in Computer Science, vol. 4262, pp. 229–243. Springer (2007)Google Scholar
  5. 5.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM’03, vol. 12. USENIX Association, Berkeley, CA, USA (2003)Google Scholar
  6. 6.
    Coron, J.S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems—CHES 1999, LNCS, vol. 1717, pp. 292–302. Springer (1999)Google Scholar
  7. 7.
    Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9), 1116–1120 (2006)CrossRefGoogle Scholar
  8. 8.
    Goundar, R.R., Shiota, K., Toyonaga, M.: SPA resistant scalar multiplication using golden ratio addition chain method. IAENG Int. J. Appl. Math. 38(2), 83–88 (2008)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Hachez, G., Quisquater, J.J.: Montgomery exponentiation with no final subtractions: improved results. In: Proceedings of the 2nd International Workshop on Cryptographic Hardware and Embedded Systems—CHES 2000, LNCS, vol. 1965, pp. 293–301. Springer (2000)Google Scholar
  10. 10.
    Joye, M.: Highly regular \(m\)-ary powering ladders. In: Proceedings of Selected Areas in Cryptography—SAC 2009, pp. 350–363. Springer (2009)Google Scholar
  11. 11.
    Joye, M., Tunstall, M.: Exponent recoding and regular exponentiation algorithms. In: AfricaCrypt 2009, LNCS, vol. 5580, pp. 334–349. Springer (2009)Google Scholar
  12. 12.
    Koç, C.K.: High-speed RSA implementation. Technical report TR 201, RSA Laboratories (1994).
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of the 19th International Cryptology Conference on Advances in Cryptology—CRYPTO 1999, LNCS, vol. 1666, pp. 388–397. Springer (1999)Google Scholar
  14. 14.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–519 (1985)MathSciNetCrossRefGoogle Scholar
  15. 15.
    MacSorley, O.L.: High-speed arithmetic in binary computers. IEEE Proc. IRE 49(1), 67–91 (1961)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: ISC 2001, Lecture Notes in Computer Science, vol. 2200, pp. 324–334. Springer (2001)Google Scholar
  17. 17.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Vasyltsov, I., Saldamli, G.: Fault detection and a differential fault analysis countermeasure for the Montgomery power ladder in elliptic curve cryptography. Math. Comput. Model. 55(1–2), 256–267 (2012)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Vuillaume, C., Okeya, K.: Flexible exponentiation with resistance to side channel attacks. In: ACNS 2006, Lecture Notes in Computer Science, vol. 3989, pp. 268–283. Springer (2006)Google Scholar
  20. 20.
    Walter, C.D.: Montgomery exponentiation needs no final subtractions. Electron. Lett. 35(21), 1831–1832 (1999)CrossRefGoogle Scholar
  21. 21.
    Walter, C.D.: Leakage from Montgomery multiplication. In: Cryptographic Engineering, pp. 431–449. Springer (2009)Google Scholar
  22. 22.
    Walter, C.D.: Hardware aspects of Montgomery modular multiplication. IACR Cryptol. 2017, 1115 (2017)Google Scholar
  23. 23.
    Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Proceedings of the 11th International Conference on Topics in Cryptology: CT-RSA 2011, LNCS, vol. 6558, pp. 77–88. Springer (2011)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Computer Engineering DepartmentSan Jose State UniversitySan JoseUSA
  2. 2.Department of Information SecurityWoosuk UniversityWanju-gunSouth Korea

Personalised recommendations