Multi-precision Squaring for Public-Key Cryptography on Embedded Microprocessors

  • Hwajeong Seo
  • Zhe Liu
  • Jongseok Choi
  • Howon Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8250)


In the paper, we revisit the “Lazy Doubling” (LD) method for multi-precision squaring, which reduces the number of addition operations by deferring the doubling process so that it can be performed on accumulated results. The original LD method has to employ carry-catcher registers to store carry values, which reduces the number of general purpose registers available for optimization of the implementation. Furthermore, the LD method adopts the idea of hybrid multiplication to separate the partial products into several product blocks, which prevents the doubling process to be conducted on fully accumulated intermediate results. To overcome these deficiencies of the LD method and improve the performance of multi-precision squaring, we propose a novel and flexible method named “Sliding Block Doubling” (SBD). The SBD method delays the doubling process till the very end of the partial-product computation and then doubles the result by simply shifting it one bit to the left. In order to further reduce the overhead of doubling, we also optimize the execution process for updating carry values and adopt the product-scanning method for efficient computation of the partial products. Our experimental results on an AVR ATmega128 processor show that the SBD method outperforms state-of-the-art implementations by a factor of between 3.5% and 4.4% for operands ranging from 128 bits to 192 bits.


Clock Cycle Intermediate Result Partial Product Scanning Method Elliptic Curve Cryptosystems 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atmel Corporation. ATmega128(L) Datasheet (Rev. 2467O–AVR–10/06) (October 2006),
  2. 2.
    Comba, P.G.: Exponentiation cryptosystems on the IBM PC. IBM Systems Journal 29(4), 526–538 (1990)CrossRefGoogle Scholar
  3. 3.
    Großschädl, J., Avanzi, R.M., Savaş, E., Tillich, S.: Energy-efficient software implementation of long integer modular arithmetic. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 75–90. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit cPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Hsieh, P.Y., Laih, C.S.: An exception handling model and its application to the multiple-precision integer library. Ph.D. Thesis, Master of Science, Japan (December 2003)Google Scholar
  6. 6.
    Hutter, M., Wenger, E.: Fast multi-precision multiplication for public-key cryptography on embedded microprocessors. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 459–474. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Koblitz, N.I.: Elliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Lee, Y., Kim, I.-H., Park, Y.: Improved multi-precision squaring for low-end RISC microcontrollers. Journal of Systems and Software 86(1), 60–71 (2013)CrossRefGoogle Scholar
  9. 9.
    Liu, Z., Großschädl, J., Kizhvatov, I.: Efficient and side-channel resistant RSA implementation for 8-bit AVR microcontrollers. In: Proceedings of the 1st International Workshop on the Security of the Internet of Things (SECIOT 2010). IEEE Computer Society Press (2010),
  10. 10.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press Series on Discrete Mathematics and Its Applications. CRC Press (1996)Google Scholar
  11. 11.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  12. 12.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Scott, M., Szczechowiak, P.: Optimizing multiprecision multiplication for public key cryptography. Cryptology ePrint Archive, Report 2007/299 (2007) Available for download,
  14. 14.
    Seo, H., Kim, H.: Multi-precision multiplication for public-key cryptography on embedded microprocessors. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 55–67. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  16. 16.
    Uhsadel, L., Poschmann, A., Paar, C.: Enabling full-size public-key algorithms on 8-bit sensor nodes. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 73–86. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Zhang, Y., Großschädl, J.: Efficient prime-field arithmetic for elliptic curve cryptography on wireless sensor nodes. In: Proceedings of the 1st International Conference on Computer Science and Network Technology, ICCSNT 2011, pp. 459–466. IEEE (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Hwajeong Seo
    • 1
  • Zhe Liu
    • 2
  • Jongseok Choi
    • 1
  • Howon Kim
    • 1
  1. 1.School of Computer Science and EngineeringPusan National UniversityBusanRepublic of Korea
  2. 2.Laboratory of Algorithmics, Cryptology and Security (LACS)University of LuxembourgLuxembourgLuxembourg

Personalised recommendations