Abstract

A scheme for carrying out modular calculations which is capable of carrying out modular calculations using redundant binary calculation even when a number of bits of the mantissa (dividend) is larger than a number of bits of the modulus (divisor). In this scheme, the divisor c in the divisor register is left shifted by (i-j) digits when a number of digits j of the divisor c is less than a number of digits i that can be stored in the divisor register, and the modular reduction a mod c is calculated up to (i-j)-th decimal place using the dividend a and the left shifted divisor c. Alternatively, the divisor c given in h-ary notation in the divisor register is left shifted by (i-j) digits when a number of digits j of the divisor c is less than a number of digits i that can be stored in the divisor register, while the dividend a given in h-ary notation in the dividend register is left shifted by (k-l) digits when a number of digits l of the dividend a is less than a number of digits k that can be stored in the dividend register, where kࣙi. Then, the modular reduction a mod c is calculated up to a digit of [(k-l)-(i-j)]-th power of h using the left shifted dividend a and the left shifted divisor c to obtain a remainder, and this remainder is right shifted by (k-l) digits.

Other References

• Ishii et al., "A Single-Chip RSA Processor Implemented in a 0.5 μm Rule Gate Array", Seventh Annual IEEE International ASIC Conference and Exhibit
• Avizienis, A., "Signed-Digit Number Representations for Fast Parallel Arithmetic", IRE Transactions of Electronic Computers, pp. 389-400, Sep., 1961
• Kocher, P. C., "Timing Attacks on Implementations of Diffie-Hellman, RSA, DDS, and Other Systems", Advances in Cryptology --CRYPTO '96, pp. 104-113, 1996
• Vandemeulebroecke et al., "A New Carry-Free Division Algorithm and its Application to a Single-Chip 1024-b RSA Processor", IEEE Journal of Solid-State Circuits, vol. 25, No. 3, Jun. 199