Skip to main content

Rethinking modular multi-exponentiation in real-world applications


The importance of efficient multi-exponentiation algorithms in a large spectrum of cryptographic applications continues to grow. Previous literature on the subject pays attention exclusively on the minimization of the number of modular multiplications. However, a small reduction of the multiplicative complexity can be easily overshadowed by other figures of merit. In this article, we demonstrate that the most efficient algorithm for computing multi-exponentiation changes if considering execution time instead of number of multi-exponentiations. We focus our work on two algorithms that perform best under the number of multi-exponentiation metric and show that some side operations affect their theoretical ranking. We provide this analysis on different hardware, such as Intel Core and ARM CPUs and the two latest generations of Raspberry Pis, to show how the machine chosen affects the execution time of multi-exponentiation.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6





  1. Attias, V., Vigneri, L., Dimitrov, V.: Implementation study of two verifiable delay functions. In: Tokenomics, 6, pp. 1–6 (2020)

  2. Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 263 LNCS (1987).

  3. Blondel, V.D., Tsitsiklis, J.N.: When is a pair of matrices mortal? Inf. Process. Lett. (1997).

    Article  MathSciNet  MATH  Google Scholar 

  4. Blum, T., Paar, C.: Montgomery modular exponentiation on reconfigurable hardware. Proc.: Symp. Comput. Arith. (1999).

    Article  Google Scholar 

  5. Borges, F., Lara, P., Portugal, R.: Parallel algorithms for modular multi-exponentiation. Appl. Math. Comput. 292, 406–416 (2017).

    Article  MathSciNet  MATH  Google Scholar 

  6. Bosselaers, A., Govaerts, R., Vandewalle, J.: Comparison of three modular reduction functions. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 773 LNCS (1994).

  7. Brent, R., Zimmermann, P.: Modern Computer Arithmetic. Cambridge University Press, Cambridge (2010).

    Book  MATH  Google Scholar 

  8. Chang, C.C., Lou, D.C.: Parallel computation of the multi-exponentiation for cryptosystems. Int. J. Comput. Math. 63, 1–2 (1997).

    Article  MathSciNet  MATH  Google Scholar 

  9. Chang, C.C., Lou, D.C.: Fast parallel computation of multi-exponentiation for public key cryptosystems. In: Parallel and Distributed Computing, Applications and Technologies, PDCAT Proceedings (2003).

  10. Dimitrov, V.S., Jullien, G.A., Miller, W.C.: An algorithm for modular exponentiation. Inf. Process. Lett. 66(3), 155–159 (1998)

    Article  MathSciNet  Google Scholar 

  11. Dimitrov, V.S., Jullien, G.A., Miller, W.C.: Complexity and fast algorithms for multiexponentiations. IEEE Trans. Comput. 49(2), 141–147 (2000)

    Article  MathSciNet  Google Scholar 

  12. Euclid: The Elements of Euclid, 2nd edn. Dover Publications Inc., New York, USA (1956)

  13. Gueron, S.: Efficient software implementations of modular exponentiation. J. Cryptogr. Eng. (2012).

    Article  MATH  Google Scholar 

  14. Koç, Ç.K.: Montgomery Arithmetic, pp. 799–803. Springer, Boston (2011).

    Book  Google Scholar 

  15. Kochergin, V.V.: On Bellman’s and Knuth’s problems and their generalizations. J. Math. Sci. (U. S.) (2018).

    Article  MathSciNet  MATH  Google Scholar 

  16. Lou, D.C., Chang, C.C.: An efficient divide-and-conquer technique for parallel computation of modular multi-exponentiation. Comput. Syst. Sci. Eng. 15(2), 111–117 (2000)

  17. Möller, B.: Algorithms for multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) Selected Areas in Cryptography, vol. 2259, pp. 165–180. Springer, Berlin, Heidelberg (2001).

    Chapter  Google Scholar 

  18. Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)

    Article  MathSciNet  Google Scholar 

  19. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978).

    Article  MathSciNet  MATH  Google Scholar 

  20. Avanzi, R.M.: The complexity of certain multi-exponentiation techniques in cryptography. J. Cryptol. 18(4), 357–373 (2005).

  21. Van Meter, R., Itoh, K.M.: Fast quantum modular exponentiation. Phys. Rev. A: At., Mol., Opt. Phys. (2005).

    Article  MATH  Google Scholar 

  22. Wang, B., Hu, Y.: Signature scheme using the root extraction problem on quaternions. J. Appl. Math. (2014).

    Article  MathSciNet  MATH  Google Scholar 

  23. Wesolowski, B.: Efficient verifiable delay functions. In: Ishai, Yuval, Rijmen, Vincent (eds.) Advances in Cryptology – EUROCRYPT 2019, vol. 11478 LNCS, pp. 379–407. Springer International Publishing (2019).

  24. Yagisawa, M.: A digital signature using multivariate functions on quaternion ring. IACR Cryptol. ePrint Arch. 2010(2), 352 (2010)

    Google Scholar 

  25. Yen, S.M., Laih, C.S., Lenstra, A.K.: Multi-exponentiation. IEE Proc.: Comput. Digit. Tech. 141(6), 325–326 (1994)

    MATH  Google Scholar 

Download references


We would like to thank some people that helped elaborating this paper. First, we would like to thank Prof. Paul Zimmermann from Loria, France, who took a lot of time to help us understand how multi-precision libraries work. Then, Colin Walter who clarified a lot of details on Montgomery reduction implementation. Thank you also to Wolfgang Welz from the IOTA Foundation for his engineering advises that helped us define the scope of this paper. Finally, thank you to Ilan Zajtmann for lending us some computation time on his Apple M1 computer to help us include cutting-edge technology in this survey.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Vidal Attias.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Attias, V., Vigneri, L. & Dimitrov, V. Rethinking modular multi-exponentiation in real-world applications. J Cryptogr Eng (2022).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI:


  • Multi-exponentiation
  • OpenSSL
  • Benchmarking
  • Cryptography
  • Arithmetic