High-Performance Modular Multiplication on the Cell Processor

  • Joppe W. Bos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6087)


This paper presents software implementation speed records for modular multiplication arithmetic on the synergistic processing elements of the Cell broadband engine (Cell) architecture. The focus is on moduli which are of special interest in elliptic curve cryptography, that is, moduli of bit-lengths ranging from 192- to 521-bit. Finite field arithmetic using primes which allow particularly fast reduction is compared to Montgomery multiplication. The special primes considered are the five recommended NIST primes, as specified in the FIPS 186-3 standard, and the prime used in the elliptic curve curve25519. While presented and benchmarked on the Cell architecture, the proposed techniques to efficiently implement the modular multiplication algorithms are suited to run on any architecture which is able to compute multiple computations concurrently; e.g. graphics processing units.


Cell Broadband Engine Curve25519 Elliptic Curve Cryptography (ECC) Montgomery Multiplication NIST primes 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Minimizing the use of random oracles in authenticated encryption schemes. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 1–16. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J.: Curve25519: New Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.-J., Chen, H.-C., Chen, M.-S., Cheng, C.-M., Hsiao, C.-H., Lange, T., Lin, Z.-C., Yang, B.-Y.: The Billion-Mulmod-Per-Second PC. In: SHARCS 2009, pp. 131–144 (2009)Google Scholar
  4. 4.
    Bernstein, D.J., Chen, T.-R., Cheng, C.-M., Lange, T., Yang, B.-Y.: ECM on graphics cards. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 483–501. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J., Lange, T.: Analysis and optimization of elliptic-curve single-scalar multiplication. In: Finite Fields and Applications. Contemporary Mathematics Series, vol. 461, pp. 1–19 (2008)Google Scholar
  6. 6.
    Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography. Cryptology ePrint Archive, Report 2009/389 (2009),
  7. 7.
    Bos, J.W., Kaihara, M.E., Montgomery, P.L.: Pollard rho on the PlayStation. In: SHARCS 2009, vol. 3, pp. 35–50 (2009)Google Scholar
  8. 8.
    Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 250–265. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Certicom Research: Standards for Efficient Cryptography 1: Elliptic Curve Cryptography. Standard SEC1, Certicom (2000)Google Scholar
  10. 10.
    Costigan, N., Schwabe, P.: Fast elliptic-curve cryptography on the Cell broadband engine. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 368–385. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  12. 12.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  13. 13.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Granlund, T.: GMP small operands optimization. In: SPEED 2007 (2007)Google Scholar
  15. 15.
    Hofstee, H.P.: Power efficient processor architecture and the Cell processor. In: HPCA 2005, pp. 258–262 (2005)Google Scholar
  16. 16.
    IBM: Multi-precision math library, Example Library API Reference,
  17. 17.
    ISO/IEC 18033-2: Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers (2006)Google Scholar
  18. 18.
    Karatsuba, A., Ofman, Y.: Multiplication of many-digital numbers by automatic computers. In: Proceedings of the USSR Academy of Science, vol. 145, pp. 293–294 (1962)Google Scholar
  19. 19.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  22. 22.
    Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. Journal of Cryptology 14(4), 255–293 (2001)zbMATHMathSciNetGoogle Scholar
  23. 23.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126, 649–673 (1987)CrossRefMathSciNetGoogle Scholar
  24. 24.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  25. 25.
    Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    National Security Agency: Fact sheet NSA Suite B Cryptography (2009),
  28. 28.
    Pollard, J.M.: Factoring with cubic integers. In: [21], pp. 4–10Google Scholar
  29. 29.
    Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. In: Gradute Texts in Mathematics. Springer, Heidelberg (1986)Google Scholar
  32. 32.
    Solinas, J.A.: Generalized Mersenne numbers. Technical Report CORR 99-39, Centre for Applied Cryptographic Research, University of Waterloo (1999)Google Scholar
  33. 33.
    Takahashi, O., Cook, R., Cottier, S., Dhong, S.H., Flachs, B., Hirairi, K., Kawasumi, A., Murakami, H., Noro, H., Oh, H., Onish, S., Pille, J., Silberman, J.: The circuit design of the synergistic processor element of a Cell processor. In: ICCAD 2005, pp. 111–117. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  34. 34.
    U.S. Department of Commerce and National Institute of Standards and Technology: Digital Signature Standard (DSS) (2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joppe W. Bos
    • 1
  1. 1.Laboratory for Cryptologic AlgorithmsEPFLLausanneSwitzerland

Personalised recommendations