Notes - MCS
Applied Cryptography
Notes - MCS
Applied Cryptography
  • Applied Cryptography
  • Classical (Symmetric) Cryptography
    • Terminology
    • The Players
    • Use Cases
    • Information-Theoretic Security
    • Computational Security
    • Cryptanalysis
    • Practical Approaches
    • Cryptographic Robustness
    • Ciphers
      • Mono-Alphabetic
      • Polylphabetic
    • Rotor Machines
    • Stream Ciphers
  • Modern Symmetric Cryptography
    • Types
    • Symmetric Ciphers
    • Symmetric Block Ciphers
    • Feistel Networks
    • DES (Data Encryption Standard)
    • AES (Advanced Encryption Standard)
    • Stream Ciphers
    • Uniform Random Access
    • Linear Feedback Shift Register (LFSR)
  • Cipher Modes
    • Deployment of (Symmetric) Block Ciphers
    • Stream Cipher Modes
    • Security Reinforcement
  • Cryptographic Hashing
    • Digest functions
    • Rainbow Tables
    • Message Authentication Codes (MAC)
    • Authenticated Encryption
    • Encryption + Authentication
  • RSA & Related Subjects
    • Modular Arithmetic
    • Fast Modular Multiplication
    • The Extended Euclid's Algorithm
    • Linear Maps
    • Fermat's Little Theorem
    • Chinese Remainder Theorem
    • Fermat's Little Theorem
    • Modular Exponentiation
    • Multiplicative Order
    • The Discrete Logarithm Problem
    • Primality tests
    • The Diffie-Hellman Key Exchange Protocol
    • ElGamal Public Key Cryptosystem
    • The Rivest-Shamir-Adleman Cryptosystem
    • Finite Fields
    • Elliptic Curves
    • Diffie-Hellman using elliptic curves
    • Can we do RSA-like things with elliptic curves?
    • The discrete logarithm problem for elliptic curves
    • Secret sharing
    • Quadratic Residues
    • Zero-Knowledge proofs
      • One of two oblivious transfer
      • Coin flipping
      • Zero-knowledge proofs of identity
    • Homomorphic encryption
  • Asymmetric Key Management
    • Design Principles
    • Exploitation of private keys
    • Distribution of public keys
    • Public key (digital) certificates
    • Key pair usage
    • Certification Authorities (CA)
    • Certification Hierarchies
    • Refreshing of asymmetric key pairs
    • Certificate revocation lists (CRL)
    • Validity of signatures
    • Distribution of public key certificates
    • Time Stamping Authority (TSA)
    • PKI (Public Key Infrastructure)
  • Digital Signatures
    • Fundamental Approach
    • Signature Schemes
    • Key Elements
    • The document to sign
    • The signature date
    • The identity of the signatory
    • Optional elements of a digital signature
    • Algorithms
    • RSA signatures
    • ASN.1 digest algorithm prefixes
    • Digital Signature Standard (DSS)
    • Blind Signatures
    • Chaum Blind Signatures
    • Qualified electronic signature
      • Signature devices
    • PKCS #11
    • Microsoft Cryptographic API (CAPI)
    • Long-Term Validation (LTV)
    • LTV Advanced Electronic Signatures (AdES)
Powered by GitBook
On this page
  • The Greatest Common Divisor
  • Algorithm
  1. RSA & Related Subjects

Fast Modular Multiplication

Last updated 1 year ago

A modular multiplication requires a remainder operation, which is a slow operation if the modulus is a general integer. For example, contemporary processors can multiply two 64-bit integers, producing a 128-bit result, with a latency of 3 or 4 clock cycles. But, dividing a 128-bit integer by a 64-bit integer, producing a 64-bit quotient and a 64-bit remainder, is considerably slower (tens of clock cycles).

If the modulus is a power of two, say 2n2^n2n,the remainder operation is very fast; the remainder is just the last n bits of the number being remaindered. In 1985, Peter Montgomery came up with a beautiful way to explore this to efficiently perform general remaindering operations without performing an expensive division.

The Greatest Common Divisor

Let pkp_kpk​ be the kkk-th prime number, so that p1=2,p2=3,p3=5p_1=2, p_2=3, p_3=5p1​=2,p2​=3,p3​=5, and so on,

Each positive integer can be factored into prime factors in a unique way (this is the fundamental theorem of arithmetic).

Let a=Πk=1∞pkaka = \Pi^\infty_{k=1}p^{a_k}_ka=Πk=1∞​pkak​​, where aka_kak​ is the number of times pkp_kpk​ divides aaa. Since aaa is a finite number, almost all of the aka_kak​ values will be zero.

Likewise of bbb, let b=Πk=1∞pkbkb = \Pi^\infty_{k=1}p^{b_k}_kb=Πk=1∞​pkbk​​.

Then gcd(a,b)=Πk=1∞pkmin(ak,bk)gcd(a,b) =\Pi^\infty_{k=1}p^{min(a_k,b_k)}_kgcd(a,b)=Πk=1∞​pkmin(ak​,bk​)​ and lcm(a,b)=Πk=1∞pkmax(ak,bk)lcm(a,b) =\Pi^\infty_{k=1}p^{max(a_k,b_k)}_klcm(a,b)=Πk=1∞​pkmax(ak​,bk​)​

If gcd(a,b)=1gcd(a,b) = 1gcd(a,b)=1 then aaa and bbb are said to be relatively prime (or coprime).

The greatest common division can be generalized to a polynomial with integer coefficients!

Algorithm

Assume that a≥0a \ge 0a≥0 and that b≥0b \ge 0b≥0. Then:

  • gcd(a,b)=gcd(b,a)gcd(a,b) = gcd(b,a)gcd(a,b)=gcd(b,a), and so gcd(a,b)=gcd(max(a,b),min(a,b))gcd(a,b) = gcd(max(a,b), min(a,b))gcd(a,b)=gcd(max(a,b),min(a,b)). Thus, by exchanging aaa with bbb if necessary, we may assume that a≥ba \ge ba≥b.

  • as any positive integer divides 0 we have gcd(a,0)=agcd(a,0) = agcd(a,0)=a for a>0a \gt 0a>0. The mathematicians say that gcd(0,0)=0gcd(0,0) = 0gcd(0,0)=0, and so we can say that gcd(a,0)=agcd(a,0) = agcd(a,0)=a as long as a≥0a \ge 0a≥0.

  • If a≥ba \ge ba≥b the gcd(a,b)=gcd(a−b,b)gcd(a,b) = gcd(a-b,b)gcd(a,b)=gcd(a−b,b). We can keep subtracting bbb from (the updated) aaa until it becomes smaller than bbb, and so gcd(a,b)=gcd(amodb,b)=gcd(b,amodb)gcd(a,b) = gcd(a mod b, b) = gcd(b, a mod b)gcd(a,b)=gcd(amodb,b)=gcd(b,amodb).

These observations give rise to the following so-called Euclid's algorithm (coded in C, but it can easily be translated to another programming language):

long gcd(long a, long b)
{
    while(b != 0) { long c = a % b; a = b; b = c; } return a;
}

The GNU MP library has a function, mpz_gcd, for this; pari-gp does this with the gcd function.