Ring arithmetic method, system, and apparatus
First Claim
Patent Images
1. A method of encrypting data, comprising:
- choosing a modulus C for modular calculations, wherein C is a w-bit number, and wherein the modulus C is selected from the group consisting of (a) w-big and w-heavy, and (b) w-little and w-light; and
using the modulus to encrypt data through a process involving a ring arithmetic function;
wherein the modulus C is calculated by a process including(a) splitting a number P<
22w into 2 w-bit words H1 and L1;
(b) calculating S1=L1+(H12x1)+(H12x2)+ . . . +(H12xk)+H1, wherein (w−
3)/2>
x1>
x2>
. . . >
xk>
0 and k<
<
w;
(c) splitting S1 into two w-bit words H2 and L2;
(d) computing S2=L2+(H22x1)+(H22x2)+ . . . (H22x1)+H2;
(e) computing S3=S2+(2x1+ . . . +2xk+1);
(f) determining the modulus C by comparing S3 to 2w, wherein the modulus C=S2 if S3<
2w, and wherein the modulus C=S3−
2w if S3≧
2w;
wherein the modulus C is a residue.
6 Assignments
0 Petitions
Accused Products
Abstract
A data encryption method performed with ring arithmetic operations using a residue number multiplication process wherein a first conversion to a first basis is done using a mixed radix system and a second conversion to a second basis is done using a mixed radix system. In some embodiments, a modulus C is be chosen of the form 2w−L, wherein C is a w-bit number and L is a low Hamming weight odd integer less than 2(w−1)/2. And in some of those embodiments, the residue mod C is calculated via several steps. P is split into 2 w-bit words H1 and L1. S1 is calculated as equal to L1+(H12x1)+(H12x2)+ . . . +(H12xk)+H1. S1 is split into two w-bit words H2 and L2. S2 is computed as being equal to L2+(H22x1)+(H22x2)+ . . . +(H22xk)+H2. S3 is computed as being equal to S2+(2x1+ . . . +2xk+1). And the residue is determined by comparing S3 to 2w. If S3<2w, then the residue equals S2. If S3≧2w, then the residue equals S3−2w.
58 Citations
27 Claims
-
1. A method of encrypting data, comprising:
-
choosing a modulus C for modular calculations, wherein C is a w-bit number, and wherein the modulus C is selected from the group consisting of (a) w-big and w-heavy, and (b) w-little and w-light; and using the modulus to encrypt data through a process involving a ring arithmetic function;
wherein the modulus C is calculated by a process including(a) splitting a number P<
22w into 2 w-bit words H1 and L1;(b) calculating S1=L1+(H12x1)+(H12x2)+ . . . +(H12xk)+H1, wherein (w−
3)/2>
x1>
x2>
. . . >
xk>
0 and k<
<
w;(c) splitting S1 into two w-bit words H2 and L2; (d) computing S2=L2+(H22x1)+(H22x2)+ . . . (H22x1)+H2; (e) computing S3=S2+(2x1+ . . . +2xk+1); (f) determining the modulus C by comparing S3 to 2w, wherein the modulus C=S2 if S3<
2w, and wherein the modulus C=S3−
2w if S3≧
2w;wherein the modulus C is a residue. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
calculating a product ABM−
1 mod p for n-bit numbers A and B by (a) computing Q mod M in the first basis such that AB+Qp=RM for some integral value R and for a number p which is prime relative to M and W;
(b) converting Q to the second basis, Q mod W; and
(c) computing R in the second basis, R mod W, wherein R=(AB+Qp) M−
1 mod W and R mod p=ABM−
1 mod p.
-
-
9. The method of claim 8 wherein, for i=1 to 2t, 2k−
- 1≦
mi≦
2k, and wherein m1, . . . , m2t are pairwise mutually prime.
- 1≦
-
10. The method of claim 9, wherein t≧
- (n+1)/k, where n is the bit length of the numbers being multiplied.
-
11. The method of claim 1, further comprising:
performing a ring arithmetic function on numbers, including (a) using a residue number multiplication process, (b) converting to a first basis using a mixed radix system, and (c) converting to a second basis using a mixed radix system.
-
12. A method of encrypting data, comprising:
-
choosing a modulus C for modular calculations, wherein C is a w-bit number, and wherein the modulus C is selected from the group consisting of (a) w-big and w-heavy, and (b) w-little and w-light; and using the modulus to encrypt data through a process involving a ring arithmetic function;
wherein the method further compriseschoosing a first basis (m1, m2, . . . mt) and a second basis (mt+1, mt+2, . . . m2t), wherein m1, . . . , m2t are moduli, calculating a product M=m1m2 . . . mt, calculating a product W=mt+1mt+2 . . . m2t, and calculating a product ABM−
1 mod p for n-bit numbers A and B by (a) computing Q mod M in the first basis such that AB+Qp=RM for some integral value R and for a number p which is prime relative to M and W;
(b) converting Q to the second basis, Q mod W; and
(c) computing R in the second basis, R mod W, wherein R=(AB+Qp) M−
1 mod W and R mod p=ABM−
1 mod p. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNcipher Security Limited
-
Original AssigneenCipher Corporation Limited (Thales SA)
-
InventorsStein, Kyle, Mitchell, Oscar, Blakley, George Robert, Datta, Rajat
-
Primary Examiner(s)PYZOCHA, MICHAEL J
-
Application NumberUS11/712,227Publication NumberTime in Patent Office1,386 DaysField of Search380/28, 380/30, 708/491US Class Current380/28CPC Class CodesG01N 2035/00247 MicrovalvesG01N 2035/00574 Means for distributing beadsG06F 13/1647 with interleaved bank accessG06F 7/72 using residue arithmeticG06F 7/723 Modular exponentiation G06F...G06F 7/727 Modulo N arithmetic, with N...G06F 7/728 using Montgomery reductionG11C 7/1066 Output synchronizationH04L 47/125 by balancing the load, e.g....H04L 63/0272 Virtual private networksH04L 63/0428 wherein the data content is...H04L 63/166 at the transport layerH04L 9/302 involving the integer facto...
