Residue number system based pre-computation and dual-pass arithmetic modular operation approach to implement encryption protocols efficiently in electronic integrated circuits

US 7,027,598 B1
Filed: 09/19/2001
Issued: 04/11/2006
Est. Priority Date: 09/19/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for encrypting and decrypting electronic messages based on an encryption protocol, the method comprising the computer-implemented steps of:

selecting, based on a modulus (M) that is associated with a first electronic message, a first constant (W) such that W≧

4M, a second constant (V), wherein the first constant (W) and the second constant (V) are relatively prime;

generating a third constant (R) based on the first constant (W) and a modular reduction operation by determining the third constant (R) according to the expression R=W²(mod(M));

identifying, based on at least part of the encryption protocol, a first operand (X) and a second operand (Y) for at least one modular operation that is part of the encryption protocol;

generating a first residual number system (RNS) representation in a first RNS base and a second RNS representation in a second RNS base of each of the third constant (R) and the first operand (X), wherein the first RNS base is based on the first constant (W) and the second RNS base is based on the second constant (V);

generating a first RNS representation in the first RNS base of the first constant (W), a second RNS representation in the second RNS base of the second constant (V), a first RNS representation in the first RNS base of a negative multiplicative inverse of the modulus (M′

), a second RNS representation in the second RNS base of the modulus (M), and a second RNS representation in the second RNS base of a multiplicative inverse of the first constant (W^−

1);

determining at least part of a second electronic message based on at least the first electronic message, the encryption protocol, and the at least one modular operation, wherein the at least one modular operation is implemented using two passes of Montgomery'"'"'s method;

wherein a first pass of the two passes of Montgomery'"'"'s method includes the computer-implemented steps of;

determining both a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an intermediate result (S) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′

), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−

1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the third constant (R) and the first operand (X);

wherein a second pass of the two passes of Montgomery'"'"'s method includes the computer-implemented steps of;

determining an RNS representation in one of the first RNS base and the second RNS base of a final result (F) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′

), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−

1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the intermediate result (S), and the second operand (Y).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A pre-computation and dual-pass modular operation approach to implement encryption protocols efficiently in electronic integrated circuits is disclosed. An encrypted electronic message is received and another electronic message generated based on the encryption protocol. Two passes of Montgomery'"'"'s method are used for a modular operation that is associated with the encryption protocol along with pre-computation of a constant based on a modulus. The modular operation may be a modular multiplication or a modular exponentiation. Modular arithmetic may be performed using the residue number system (RNS) and two RNS bases with conversions between the two RNS bases. A minimal number of register files are used for the computations along with an array of multiplier circuits and an array of modular reduction circuits. The approach described allows for high throughput for large encryption keys with a relatively small number of logical gates.

94 Citations

View as Search Results

44 Claims

1. A method for encrypting and decrypting electronic messages based on an encryption protocol, the method comprising the computer-implemented steps of:
- selecting, based on a modulus (M) that is associated with a first electronic message, a first constant (W) such that W≧
  
  4M, a second constant (V), wherein the first constant (W) and the second constant (V) are relatively prime;
  
  generating a third constant (R) based on the first constant (W) and a modular reduction operation by determining the third constant (R) according to the expression R=W²(mod(M));
  
  identifying, based on at least part of the encryption protocol, a first operand (X) and a second operand (Y) for at least one modular operation that is part of the encryption protocol;
  
  generating a first residual number system (RNS) representation in a first RNS base and a second RNS representation in a second RNS base of each of the third constant (R) and the first operand (X), wherein the first RNS base is based on the first constant (W) and the second RNS base is based on the second constant (V);
  
  generating a first RNS representation in the first RNS base of the first constant (W), a second RNS representation in the second RNS base of the second constant (V), a first RNS representation in the first RNS base of a negative multiplicative inverse of the modulus (M′
  
  ), a second RNS representation in the second RNS base of the modulus (M), and a second RNS representation in the second RNS base of a multiplicative inverse of the first constant (W^−
  
  1);
  
  determining at least part of a second electronic message based on at least the first electronic message, the encryption protocol, and the at least one modular operation, wherein the at least one modular operation is implemented using two passes of Montgomery'"'"'s method;
  
  wherein a first pass of the two passes of Montgomery'"'"'s method includes the computer-implemented steps of;
  
  determining both a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an intermediate result (S) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the third constant (R) and the first operand (X);
  
  wherein a second pass of the two passes of Montgomery'"'"'s method includes the computer-implemented steps of;
  
  determining an RNS representation in one of the first RNS base and the second RNS base of a final result (F) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the intermediate result (S), and the second operand (Y).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first constant (W) is not a power of two.
  - 3. The method of claim 1, wherein the modular operation for determining the intermediate result (S) is a modular multiplication that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by the computer-implemented steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 4. The method of claim 1, wherein the modular operation for determining the final result (F) is a modular multiplication and the method further comprises the computer-implemented steps of:
    - generating a first residual number system (RNS) representation in the first RNS base and a second RNS representation in the second RNS base of the second operand (Y);
      
      wherein the modular multiplication is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
      
      ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S), and wherein the first RNS representation in the first RNS base and a binary representation of the final result (F) are determined by the computer-implemented steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified second operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified second operand (U) based on the first RNS representation in the first RNS base of each of the modified second operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified second operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the final result (F) to a binary representation of the final result (F).
  - 5. The method of claim 1, wherein the modular operation for determining the intermediate result (S) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by the computer-implemented steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 6. The method of claim 1, wherein the modular operation for determining the final result (F) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S), and the second operand (Y), and wherein the first RNS representation in the first RNS base, the second RNS representation in the second RNS base, and a binary representation of the final result (F) are determined by the computer-implemented steps of;
      
      generating a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of each of a previous final result (F) having a value of one;
      
      specifying the first RNS representation in a first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) as a first RNS representation in the first RNS base and a second RNS representation in a second RNS base of a previous intermediate result (S);
      
      for each digit of the plurality of digits included in the second operand (Y), performing the computer-implemented steps of;
      
      when each digit of the plurality of digits has the value of one, then performing the computer-implemented steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated final result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the previous final result (F) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated final result (U) based on the first RNS representation in the first RNS base of each of the updated final result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated final result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated final result (U);
      
      determining a second RNS representation in the second RNS base of a revised updated final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the updated final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the revised updated final result (F) to a first RNS representation in the first RNS base of the revised updated final result (F);
      
      if all digits of the plurality of digits have not been evaluated, specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base and the second RNS representation of the previous final result (F); and
      
      if all digits of the plurality of digits have been evaluated, specifying the first RNS representation in the first RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base of the final result (F);
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated intermediate result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated intermediate result (U) based on the first RNS representation in the first RNS base of each of the updated intermediate result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated intermediate result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated intermediate result (U);
      
      determining a second RNS representation in the second RNS base of an revised updated intermediate result (S) based on the second RNS representation in the second RNS base of each of the updated intermediate result (Z), the modular reduction of the updated intermediate final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V);
      
      converting the second RNS representation in the second RNS base of the revised updated intermediate result (S) to a first RNS representation in the first RNS base of the revised updated intermediate result (S); and
      
      specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated intermediate result (S) as the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the previous intermediate result (S);
      
      converting the first RNS representation in the first RNS base of the final result (F) to a binary representation of the final result (F).
  - 7. The method of claim 1, wherein:
    - the first RNS base includes a first group of sixty-four residues and the second RNS base includes a second group of sixty-four residues;
      
      the first RNS base extends the second RNS base;
      
      each residue in both the first group and second group is a seventeen-bit residue;
      
      each residue in the first group is relatively prime with respect to all other residues in the first group and each residue in the second group are relatively prime with respect to all other residues in the second group;
      
      each residue in both the first group and the second group are a selected from a range of 2¹⁶to 2¹⁷; and
      
      the method further comprises the computer-implemented steps of;
      
      converting, in eight clock cycles, a first RNS representation of the first set of RNS representations in the first RNS base to a second RNS representation of the second set of RNS representations in the second RNS base;
      
      performing operations involving each residue in the first group in parallel; and
      
      performing operations involving each residue in the second group in parallel.
  - 8. The method of claim 1, wherein the modular operation is a modular multiplication and the method further includes the computer-implemented step of:
    - while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations in a first register file and a second register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers and the second register file includes a second set of sixty-four seventeen-bit registers.
  - 9. The method of claim 1, wherein the modular operation is a modular exponentiation and the method further includes the computer-implemented step of:
    - while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations, in a first register file a second register file, a third register file, and a fourth register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers, the second register file includes a second set of sixty-four seventeen-bit registers, the third register file includes a third set of sixty-four seventeen-bit registers, and the fourth register file includes a fourth set of sixty-four seventeen-bit registers.
  - 10. The method of claim 1, wherein the steps of determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result(F) use an array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits wherein the array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits includes a plurality of ratio four to two compressors that are organized into three levels and that are executed in one clock cycle.
  - 11. The method of claim 1, wherein the steps of determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) use an array of sixty-four thirty-four-bit to seventeen-bit modular reduction circuits that are executed in one clock cycle.

12. A computer-readable medium carrying one or more sequences of instructions for encrypting and decrypting electronic messages based on an encryption protocol, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- selecting, based on a modulus (M) that is associated with a first electronic message, a first constant (W) such that W≧
  
  4M, a second constant (V), wherein the first constant (W) and the second constant (V) are relatively prime;
  
  generating a third constant (R) based on the first constant (W) and a modular reduction operation by determining the third constant (R) according to the expression R=W²(mod(M));
  
  identifying, based on at least part of the encryption protocol, a first operand (X) and a second operand (Y) for at least one modular operation that is part of the encryption protocol;
  
  generating a first residual number system (RNS) representation in a first RNS base and a second RNS representation in a second RNS base of each of the third constant (R) and the first operand (X), wherein the first RNS base is based on the first constant (W) and the second RNS base is based on the second constant (V);
  
  generating a first RNS representation in the first RNS base of the first constant (W), a second RNS representation in the second RNS base of the second constant (V), a first RNS representation in the first RNS base of a negative multiplicative inverse of the modulus (M′
  
  ), a second RNS representation in the second RNS base of the modulus (M), and a second RNS representation in the second RNS base of a multiplicative inverse of the first constant (W^−
  
  1);
  
  determining at least part of a second electronic message based on at least the first electronic message, the encryption protocol, and the at least one modular operation, wherein the at least one modular operation is implemented using two passes of Montgomery'"'"'s method;
  
  wherein a first pass of the two passes of Montgomery'"'"'s method comprises instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of;
  
  determining both a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an intermediate result (S) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the third constant (R) and the first operand (X);
  
  wherein a second pass of the two passes of Montgomery'"'"'s method comprises instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of;
  
  determining an RNS representation in one of the first RNS base and the second RNS base of a final result (F) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the intermediate result (S), and the second operand (Y).
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer-readable medium of claim 12, wherein the first constant (W) is not a power of two.
  - 14. The computer-readable medium of claim 12, wherein the modular operation for determining the intermediate result (S) is a modular multiplication that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by one or more sequences of instructions, which when executed by the one or more processors, cause the one or more processors to carry out the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 15. The computer-readable medium of claim 12, wherein the modular operation for determining the final result (F) is a modular multiplication and the computer-readable medium further comprises one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to carry out the steps of:
    - generating a first residual number system (RNS) representation in the first RNS base and a second RNS representation in the second RNS base of the second operand (Y);
      
      wherein the modular multiplication is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
      
      ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S), and wherein the first RNS representation in the first RNS base and a binary representation of the final result (F) are determined by one or more sequences of instructions, which when executed by the one or more processors, cause the one or more processors to carry out the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified second operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified second operand (U) based on the first RNS representation in the first RNS base of each of the modified second operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified second operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the final result (F) to a binary representation of the final result (F).
  - 16. The computer-readable medium of claim 12, wherein the modular operation for determining the intermediate result (S) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by one or more sequences of instructions, which when executed by the one or more processors, cause the one or more processors to carry out the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 17. The computer-readable medium of claim 12, wherein the modular operation for determining the final result (F) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S), and the second operand (Y), and wherein the first RNS representation in the first RNS base, the second RNS representation in the second RNS base, and a binary representation of the final result (F) are determined by one or more sequences of instructions, which when executed by the one or more processors, cause the one or more processors to carry out the steps of;
      
      generating a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of each of a previous final result (F) having a value of one;
      
      specifying the first RNS representation in a first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) as a first RNS representation in the first RNS base and a second RNS representation in a second RNS base of a previous intermediate result (S);
      
      for each digit of the plurality of digits included in the second operand (Y), performing the steps of;
      
      when each digit of the plurality of digits has the value of one, then performing the steps of;
      
      determining a first RNS representation, in the first RNS base and a second RNS representation in the second RNS base of an updated final result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the previous final result (F) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated final result (U) based on the first RNS representation in the first RNS base of each of the updated final result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated final result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated final result (U);
      
      determining a second RNS representation in the second RNS base of a revised updated final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the updated final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the revised updated final result (F) to a first RNS representation in the first RNS base of the revised updated final result (F);
      
      if all digits of the plurality of digits have not been evaluated, specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base and the second RNS representation of the previous final result (F); and
      
      if all digits of the plurality of digits have been evaluated, specifying the first RNS representation in the first RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base of the final result (F);
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated intermediate result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated intermediate result (U) based on the first RNS representation in the first RNS base of each of the updated intermediate result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated intermediate result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated intermediate result (U);
      
      determining a second RNS representation in the second RNS base of an revised updated intermediate result (S) based on the second RNS representation in the second RNS base of each of the updated intermediate result (Z), the modular reduction of the updated intermediate final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V);
      
      converting the second RNS representation in the second RNS base of the revised updated intermediate result (S) to a first RNS representation in the first RNS base of the revised updated intermediate result (S); and
      
      specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated intermediate result (S) as the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the previous intermediate result (S);
      
      converting the first RNS representation in the first RNS base of the final result (F) to a binary representation of the final result (F).
  - 18. The computer-readable medium of claim 12, wherein:
    - the first RNS base includes a first group of sixty-four residues and the second RNS base includes a second group of sixty-four residues;
      
      the first RNS base extends the second RNS base;
      
      each residue in both the first group and second group is a seventeen-bit residue;
      
      each residue in the first group is relatively prime with respect to all other residues in the first group and each residue in the second group are relatively prime with respect to all other residues in the second group;
      
      each residue in both the first group and the second group are a selected from a range of 216 to 217; and
      
      the computer-readable medium further comprises one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to carry out the steps of;
      
      converting, in eight clock cycles, a first RNS representation of the first set of RNS representations in the first RNS base to a second RNS representation of the second set of RNS representations in the second RNS base;
      
      performing operations involving each residue in the first group in parallel; and
      
      performing operations involving each residue in the second group in parallel.
  - 19. The computer-readable medium of claim 12, wherein the modular operation is a modular multiplication and the computer-readable medium further comprises one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to carry out the steps of:
    - while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations in a first register file and a second register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers and the second register file includes a second set of sixty-four seventeen-bit registers.
  - 20. The computer-readable medium of claim 12, wherein the modular operation is a modular exponentiation and the computer-readable medium further comprises one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to carry out the steps of:
    - while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations, in a first register file a second register file, a third register file, and a fourth register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers, the second register file includes a second set of sixty-four seventeen-bit registers, the third register file includes a third set of sixty-four seventeen-bit registers, and the fourth register file includes a fourth set of sixty-four seventeen-bit registers.
  - 21. The computer-readable medium of claim 12, wherein the one or more sequences of instructions for determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) make use of an array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits, wherein the array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits includes a plurality of ratio four to two compressors that are organized into three levels and that are executed in one clock cycle.
  - 22. The computer-readable medium of claim 12, wherein the one or more sequences of instructions for determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) make use of an array of sixty-four thirty-four-bit to seventeen-bit modular reduction circuits that are executed in one clock cycle.

23. An apparatus for encrypting and decrypting electronic messages based on an encryption protocol, comprising:
- means for selecting, based on a modulus (M) that is associated with a first electronic message, a first constant (W) such that W≧
  
  4M, a second constant (V), wherein the first constant (W) and the second constant (V) are relatively prime;
  
  means for generating a third constant (R) based on the first constant (W) and a modular reduction operation by determining the third constant (R) according to the expression R=W²(mod(M));
  
  means for identifying, based on at least part of the encryption protocol, a first operand (X) and a second operand (Y) for at least one modular operation that is part of the encryption protocol;
  
  means for generating a first residual number system (RNS) representation in a first RNS base and a second RNS representation in a second RNS base of each of the third constant (R) and the first operand (X), wherein the first RNS base is based on the first constant (W) and the second RNS base is based on the second constant (V);
  
  means for generating a first RNS representation in the first RNS base of the first constant (W), a second RNS representation in the second RNS base of the second constant (V), a first RNS representation in the first RNS base of a negative multiplicative inverse of the modulus (M′
  
  ), a second RNS representation in the second RNS base of the modulus (M), and a second RNS representation in the second RNS base of a multiplicative inverse of the first constant (W^−
  
  1);
  
  means for determining at least part of a second electronic message based on at least the first electronic message, the encryption protocol, and the at least one modular operation, wherein the at least one modular operation is implemented using two passes of Montgomery'"'"'s method;
  
  wherein a first pass of the two passes of Montgomery'"'"'s method comprises;
  
  means for determining both a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an intermediate result (S) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the third constant (R) and the first operand (X);
  
  wherein a second pass of the two passes of Montgomery'"'"'s method comprises;
  
  means for determining an RNS representation in one of the first RNS base and the second RNS base of a final result (F) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the intermediate result (S), and the second operand (Y).
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35)
- - 24. The apparatus of claim 23, wherein the first constant (W) is not a power of two.
  - 25. The apparatus of claim 23, wherein the modular operation for determining the intermediate result (S) is a modular multiplication that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by means for performing the following steps;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 26. The apparatus of claim 23, wherein the modular operation for determining the final result (F) is a modular multiplication and the apparatus further comprises:
    - means for generating a first residual number system (RNS) representation in the first RNS base and a second RNS representation in the second RNS base of the second operand (Y);
      
      wherein the modular multiplication is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
      
      ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S), and wherein the first RNS representation in the first RNS base and a binary representation of the final result (F) are determined by means for performing the following steps;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified second operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified second operand (U) based on the first RNS representation in the first RNS base of each of the modified second operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified second operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the final result (F) to a binary representation of the final result (F).
  - 27. The apparatus of claim 23, wherein the modular operation for determining the intermediate result (S) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by means for performing the following steps;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 28. The apparatus of claim 23, wherein the modular operation for determining the final result (F) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S), and the second operand (Y), and wherein the first RNS representation in the first RNS base, the second RNS representation in the second RNS base, and a binary representation of the final result (F) are determined by means for performing the following steps;
      
      generating a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of each of a previous final result (F) having a value of one;
      
      specifying the first RNS representation in a first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) as a first RNS representation in the first RNS base and a second RNS representation in a second RNS base of a previous intermediate result (S);
      
      for each digit of the plurality of digits included in the second operand (Y), performing the steps of;
      
      when each digit of the plurality of digits has the value of one, then performing the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated final result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the previous final result (F) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated final result (U) based on the first RNS representation in the first RNS base of each of the updated final result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated final result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated final result (U);
      
      determining a second RNS representation in the second RNS base of a revised updated final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the updated final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the revised updated final result (F) to a first RNS representation in the first RNS base of the revised updated final result (F);
      
      if all digits of the plurality of digits have not been evaluated, specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base and the second RNS representation of the previous final result (F); and
      
      if all digits of the plurality of digits have been evaluated, specifying the first RNS representation in the first RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base of the final result (F);
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated intermediate result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated intermediate result (U) based on the first RNS representation in the first RNS base of each of the updated intermediate result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated intermediate result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated intermediate result (U);
      
      determining a second RNS representation in the second RNS base of an revised updated intermediate result (S) based on the second RNS representation in the second RNS base of each of the updated intermediate result (Z), the modular reduction of the updated intermediate final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V);
      
      converting the second RNS representation in the second RNS base of the revised updated intermediate result (S) to a first RNS representation in the first RNS base of the revised updated intermediate result (S); and
      
      specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated intermediate result (S) as the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the previous intermediate result (S);
      
      means for converting the first RNS representation in the first RNS base of the final result (F) to a binary representation of the final result (F).
  - 29. The apparatus of claim 23, whereinthe first RNS base includes a first group of sixty-four residues and the second RNS base includes a second group of sixty-four residues;
    - the first RNS base extends the second RNS base;
      
      each residue in both the first group and second group is a seventeen-bit residue;
      
      each residue in the first group is relatively prime with respect to all other residues in the first group and each residue in the second group are relatively prime with respect to all other residues in the second group;
      
      each residue in both the first group and the second group are a selected from a range of 2¹⁶to 2¹⁷; and
      
      the apparatus further comprises;
      
      means for converting, in eight clock cycles, a first RNS representation of the first set of RNS representations in the first RNS base to a second RNS representation of the second set of RNS representations in the second RNS base;
      
      means for performing operations involving each residue in the first group in parallel; and
      
      means for performing operations involving each residue in the second group in parallel.
  - 30. The apparatus of claim 23, wherein the modular operation is a modular multiplication and the apparatus further comprises:
    - means for, while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations in a first register file and a second register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers and the second register file includes a second set of sixty-four seventeen-bit registers.
  - 31. The apparatus of claim 23, wherein the modular operation is a modular exponentiation and apparatus further comprises:
    - means for, while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations, in a first register file a second register file, a third register file, and a fourth register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers, the second register file includes a second set of sixty-four seventeen-bit registers, the third register file includes a third set of sixty-four seventeen-bit registers, and the fourth register file includes a fourth set of sixty-four seventeen-bit registers.
  - 32. The apparatus of claim 23, wherein the means for determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) use an array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits, wherein the array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits includes a plurality of ratio four to two compressors that are organized into three levels and that are executed in one clock cycle.
  - 33. The apparatus of claim 23, wherein the means for determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) use an array of sixty-four thirty-four-bit to seventeen-bit modular reduction circuits that are executed in one clock cycle.
  - 35. The apparatus of claim 31, wherein the first constant (W) is not a power of two.

34. An apparatus for encrypting and decrypting electronic messages based on an encryption protocol, comprising:
- an interface;
  
  a processor coupled to the interface and receiving information from the interface; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  selecting, based on a modulus (M) that is associated with a first electronic message, a first constant (W) such that W≧
  
  4M, a second constant (V), wherein the first constant (W) and the second constant (V) are relatively prime;
  
  generating a third constant (R) based on the first constant (W) and a modular reduction operation by determining the third constant (R) according to the expression R=W²(mod(M));
  
  identifying, based on at least part of the encryption protocol, a first operand (X) and a second operand (Y) for at least one modular operation that is part of the encryption protocol;
  
  generating a first residual number system (RNS) representation in a first RNS base and a second RNS representation in a second RNS base of each of the third constant (R) and the first operand (X), wherein the first RNS base is based on the first constant (W) and the second RNS base is based on the second constant (V);
  
  generating a first RNS representation in the first RNS base of the first constant (W), a second RNS representation in the second RNS base of the second constant (V), a first RNS representation in the first RNS base of a negative multiplicative inverse of the modulus (M′
  
  ), a second RNS representation in the second RNS base of the modulus (M), and a second RNS representation in the second RNS base of a multiplicative inverse of the first constant (W^−
  
  1);
  
  determining at least part of a second electronic message based on at least the first electronic message, the encryption protocol, and the at least one modular operation, wherein the at least one modular operation is implemented using two passes of Montgomery'"'"'s method;
  
  wherein a first pass of the two passes of Montgomery'"'"'s method comprises instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  determining both a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an intermediate result (S) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the third constant (R) and the first operand (X);
  
  wherein a second pass of the two passes of Montgomery'"'"'s method comprises instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  determining an RNS representation in one of the first RNS base and the second RNS base of a final result (F) for the at least one modular operation based on at least Montgomery'"'"'s method, the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
  
  ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
  
  1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the intermediate result (S), and the second operand (Y).
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 36. The apparatus of claim 34, wherein the modular operation for determining the intermediate result (S) is a modular multiplication that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W⁻), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 37. The apparatus of claim 34, wherein the modular operation for determining the final result (F) is a modular multiplication and the apparatus further comprises one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of:
    - generating a first residual number system (RNS) representation in the first RNS base and a second RNS representation in the second RNS base of the second operand (Y);
      
      wherein the modular multiplication is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
      
      ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S), and wherein the first RNS representation in the first RNS base and a binary representation of the final result (F) are determined by the computer-implemented steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified second operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the second operand (Y) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified second operand (U) based on the first RNS representation in the first RNS base of each of the modified second operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified second operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the final result (F) to a binary representation of the final result (F).
  - 38. The apparatus of claim 34, wherein the modular operation for determining the intermediate result (S) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), and both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R), and wherein the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) are determined by one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of a modified first operand (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the first operand (X) and the third constant (R);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the modified first operand (U) based on the first RNS representation in the first RNS base of each of the modified first operand (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the modified first operand (U) to a second RNS representation in the second RNS base of the modular reduction of the modified first operand (U);
      
      determining a second RNS representation in the second RNS base of the intermediate result (S) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the modified first operand (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the intermediate result (S) to a first RNS representation in the first RNS base of the intermediate result (S).
  - 39. The apparatus of claim 34, wherein the modular operation for determining the final result (F) is a modular exponentiation that is based on at least the first RNS representation in the first RNS base of the first constant (W), the second RNS representation in the second RNS base of the second constant (V), the first RNS representation in the first RNS base of the negative multiplicative inverse of the modulus (M′
    - ), the second RNS representation in the second RNS base of the modulus (M), the second RNS representation in the second RNS base of the multiplicative inverse of the first constant (W^−
      
      1), both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S), and the second operand (Y), and wherein the first RNS representation in the first RNS base, the second RNS representation in the second RNS base, and a binary representation of the final result (F) are determined by one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of;
      
      generating a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of each of a previous final result (F) having a value of one;
      
      specifying the first RNS representation in a first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) as a first RNS representation in the first RNS base and a second RNS representation in a second RNS base of a previous intermediate result (S);
      
      for each digit of the plurality of digits included in the second operand (Y), performing the steps of;
      
      when each digit of the plurality of digits has the value of one, then performing the steps of;
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated final result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of each of the previous final result (F) and the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated final result (U) based on the first RNS representation in the first RNS base of each of the updated final result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated final result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated final result (U);
      
      determining a second RNS representation in the second RNS base of a revised updated final result (F) based on the second RNS representation in the second RNS base of each of the modified first operand (Z), the modular reduction of the updated final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V); and
      
      converting the second RNS representation in the second RNS base of the revised updated final result (F) to a first RNS representation in the first RNS base of the revised updated final result (F);
      
      if all digits of the plurality of digits have not been evaluated, specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base and the second RNS representation of the previous final result (F); and
      
      if all digits of the plurality of digits have been evaluated, specifying the first RNS representation in the first RNS base of the revised updated final result (F) as the first RNS representation in the first RNS base of the final result (F);
      
      determining a first RNS representation in the first RNS base and a second RNS representation in the second RNS base of an updated intermediate result (Z) based on both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S);
      
      determining a first RNS representation in the first RNS base of a modular reduction of the updated intermediate result (U) based on the first RNS representation in the first RNS base of each of the updated intermediate result (Z), the negative multiplicative inverse of the modulus (M′
      
      ), and the first constant (W);
      
      converting the first RNS representation in the first RNS base of the modular reduction of the updated intermediate result (U) to a second RNS representation in the second RNS base of the modular reduction of the updated intermediate result (U);
      
      determining a second RNS representation in the second RNS base of an revised updated intermediate result (S) based on the second RNS representation in the second RNS base of each of the updated intermediate result (Z), the modular reduction of the updated intermediate final result (U), the modulus (M), the multiplicative inverse of the first constant (W^−
      
      1), and the second constant (V);
      
      converting the second RNS representation in the second RNS base of the revised updated intermediate result (S) to a first RNS representation in the first RNS base of the revised updated intermediate result (S); and
      
      specifying the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the revised updated intermediate result (S) as the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the previous intermediate result (S);
      
      converting the first RNS representation in the first RNS base of the final result (F) to a binary representation of the final result (F).
  - 40. The apparatus of claim 34, wherein:
    - the first RNS base includes a first group of sixty-four residues and the second RNS base includes a second group of sixty-four residues;
      
      the first RNS base extends the second RNS base;
      
      each residue in both the first group and second group is a seventeen-bit residue;
      
      each residue in the first group is relatively prime with respect to all other residues in the first group and each residue in the second group are relatively prime with respect to all other residues in the second group;
      
      each residue in both the first group and the second group are a selected from a range of 2¹⁶to 2¹⁷; and
      
      the apparatus further comprises one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of;
      
      converting, in eight clock cycles, a first RNS representation of the first set of RNS representations in the first RNS base to a second RNS representation of the second set of RNS representations in the second RNS base;
      
      performing operations involving each residue in the first group in parallel; and
      
      performing operations involving each residue in the second group in parallel.
  - 41. The apparatus of claim 34, wherein the modular operation is a modular multiplication and the apparatus further comprises one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of:
    - while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations in a first register file and a second register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers and the second register file includes a second set of sixty-four seventeen-bit registers.
  - 42. The apparatus of claim 34, wherein the modular operation is a modular exponentiation and apparatus further comprises one or more sequences of instructions, which when executed by the processor, cause the processor to carry out the steps of:
    - while determining the intermediate result (S) and determining the final result (F), storing results of intermediate computations, in a first register file a second register file, a third register file, and a fourth register file, wherein the first register file includes a first set of sixty-four seventeen-bit registers, the second register file includes a second set of sixty-four seventeen-bit registers, the third register file includes a third set of sixty-four seventeen-bit registers, and the fourth register file includes a fourth set of sixty-four seventeen-bit registers.
  - 43. The apparatus of claim 34, wherein the one or more sequences of instructions for determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) make use of an array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits, wherein the array of sixty-four seventeen-bit by seventeen-bit modular multiplier circuits includes a plurality of ratio four to two compressors that are organized into three levels and that are executed in one clock cycle.
  - 44. The apparatus of claim 34, wherein the one or more sequences of instructions for determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the intermediate result (S) and determining both the first RNS representation in the first RNS base and the second RNS representation in the second RNS base of the final result (F) make use of an array of sixty-four thirty-four-bit to seventeen-bit modular reduction circuits that are executed in one clock cycle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Stojancic, Mihailo M., Tomei, Kenneth J., Maddury, Mahesh S.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Chai, Longbit

Application Number

US09/956,732
Time in Patent Office

1,665 Days
Field of Search

380/28, 380/30, 380/265, 708/490, 708/491, 708/103, 708/135, 708/200, 708501-505, 713/174
US Class Current

380/28
CPC Class Codes

G06F 7/728   using Montgomery reduction

G06F 7/729   using representation by a r...

H04L 2209/122   Hardware reduction or effic...

H04L 2209/125   Parallelization or pipelini...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/302   involving the integer facto...

H04L 9/3249   using RSA or related signat...

Residue number system based pre-computation and dual-pass arithmetic modular operation approach to implement encryption protocols efficiently in electronic integrated circuits

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Residue number system based pre-computation and dual-pass arithmetic modular operation approach to implement encryption protocols efficiently in electronic integrated circuits

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links