Montgomery-suitable cryptosystems

  • David Naccache
  • David M'Raïhi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 781)


Montgomery's algorithm [8], hereafter denoted Mn(·,·), is a process for computing Mn(A,B)=ABN mod n where N is a constant factor depending only on n. Usually, AB mod n is obtained by Mn(Mn(A,B),N−2 mod n) but in this article, we introduce an alternative approach consisting in pre-integrating N into cryptographic keys so that a single Mn(·,·) will replace directly each modular multiplication. Except the advantage of halving the number of Montgomery multiplications, our strategy skips the pre-calculation (and the storage) of the constant N−2 mod n and reveals to be particularly efficient when a hardware device implementing Mn(·,·) is the basic computational tool at one's command.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    B. ARAZI, Modular multiplication is equivalent in complexity to a standard multiplication, Fortress U&T Internal Report (1992) available from Fortress U&T Information Safeguards, P.O. Box 1350, Beer-Sheva, IL-84110, Israel.Google Scholar
  2. [2]
    J. BENALOH & M. de MARE, One-way accumulators: A decentralised alternative to digital signatures, Advances in cryptology: Proceedings of Eurocrypt'93, Lecture Notes in Computer Science, Springer-Verlag, to appear.Google Scholar
  3. [3]
    W. DIFFIE & M. HELLMAN, New directions in cryptography, IEEE TIT, vol. 22, (1976), pp 644–654.Google Scholar
  4. [4]
    S. DUSSE & B. KALISKI, A cryptographic library for the Motorola DSP56000. In Advances in Cryptology — Eurocrypt'90, pp. 230–244, Springer-Verlag, New-York, 1990.Google Scholar
  5. [5]
    T. EL-GAMAL, A public-key cryptosystem and a signature scheme based on the discrete logarithm, IEEE TIT, vol. 31, No. 4, (1985), pp. 469–472.Google Scholar
  6. [6]
    S. EVEN, Systolic modular multiplication, In Advances in Cryptology, Crypto'90, pages 619–624, Springer-Verlag, New-York, 1991.Google Scholar
  7. [7]
    A. FIAT & A. SHAMIR, How to prove yourself: Practical solutions of identification and signature problems, Advances in Cryptology: Proceedings of Crypto'86, Lecture Notes In Computer Science, Springer-Verlag, Berlin, 263 (1987), pp 186–194.Google Scholar
  8. [8]
    P. MONTGOMERY, Modular multiplication without trial division, Mathematics of Computation, vol. 44 (170), pp. 519–521 1985.Google Scholar
  9. [9]
    D. NACCACHE, Can OSS be repaired?, Advances in cryptology: Proceedings of Eurocrypt'93, Lecture Notes in Computer Science, Springer-Verlag, to appear.Google Scholar
  10. [10]
    National Institute of Standards and Technology, Publication XX: announcement and specifications for a digital signature standard (DSS), Federal Register, August 19, 1992.Google Scholar
  11. [11]
    J.J. QUISQUATER & L. GUILLOU, A practical zero-knowledge protocol fitted to security microprocessor minimising both transmission and memory, Advances in cryptology: Proceedings of Eurocrypt'88 (C. Günter, ed.), Lecture Notes in Computer Science, Springer-Verlag, Berlin, 330 (1988), pp 123–128.Google Scholar
  12. [12]
    R. RIVEST, A. SHAMIR & L. ADLEMANN, A method for obtaining digital signatures and public-key cryptosystems, CACM, vol. 21 (1978), pp. 120–126.Google Scholar
  13. [13]
    C. SCHNORR, Efficient identification and signatures for smart-cards, Advances in cryptology: Proceedings of Eurocrypt'89 (G. Brassard ed.), Lecture Notes in computer science, Springer-Verlag, Berlin, 435 (1990), pp. 239–252.Google Scholar
  14. [14]
    M. SHAND & J. VUILLEMIN, Fast implementations of RSA cryptography, 11th IEEE Symposium on Computer Arithmetic, 1993. To appear.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • David Naccache
    • 1
  • David M'Raïhi
    • 1
  1. 1.Crypto-TeamGemplus Card InternationalSarcellesFrance

Personalised recommendations