The 23rd Workshop on Combinatorial Mathematics and Computation Theory
Computational Complexity Analyses of Modular Arithmetic
for RSA Cryptosystem
Chia-Long Wu*, Der-Chyuan Lou, and Te-Jen Chang
*
Department of Aviation & Communication Electronics, Chinese Air Force Institute of Technology,
Kaohsiung 82042, Taiwan.
E-mail: chialongwu@seed.net.tw
Department of Electrical Engineering, Chung Cheng Institute of Technology, National Defense
University, Tahsi, Taoyuan 33509, Taiwan.
E-mail: dclou@ccit.edu.tw
1. Introduction
Abstract
Modular arithmetic is fundamental to several
public-key cryptography systems such as the RSA
encryption system, as well as the most dominant part
of the computation performed. The operation is
time-consuming for large operands. Many relevant
papers about computer security are issued in many
reports and journals to describe how to reduce the
computational complexities in the cryptosystems. In
this paper, we describe the modular arithmetics and
some improved algorithms. These algorithms by using
binary method, common multiplicand multiplication
method (CMM method), signed-digit recoding method,
etc. will be depicted respectively. We will analyze and
compare the complexity of various algorithms for
computing large modular exponentiation.
security,
public-key
cryptosystem,
exponentiation.
world-wide computer network environment. RSA
cipher is the most common cryptography currently.
Since the pioneering work of public-key cryptosystem
has been performed by [6], a lot of investigations and
system developments on this subject have been done
in the past decade, such as RSA algorithm [5], elliptic
curve cryptography [7], etc. RSA (Rivest, Shamir,
and Adleman) is one of the most widely used
public-key
cryptosystems
and
modular
exponentiation is the main operation to RSA-based
public-key cryptosystems. It is performed by
successive
modular
multiplications.
For
fast
cryptosystems, one needs to reduce total number of
modular multiplications required [9].
In the rest of this paper, we will present and
Keywords：Complexity analysis , modular arithmetic,
computer
Data encryption is more and more needed in the
compare methods that attempt to minimize the
numbers of multiplications. We will review the
modular arithmetics including modular multiplication,
modular squaring, modular exponentiation, and
modular multi-exponentiation in Section 2. In Section
3, we present some modular exponent arithmetics,
*
This is the corresponding author of this paper.
such
as
binary
exponent-folding
~215~
method,
CMM
exponentiation,
method,
signed-digit
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
recoding method, and high radix method. In Section 4,
begin
we will make tables and some experiments for the
u[0] = 0;
comparisons of computational complexities. Finally,
/* R is 2n and N is an odd n-bit integer. */
some concise conclusions are given in Section 5.
for (i = 0, 1, …, n –1)
/* t is a factor of R 1 .*/
parbegin
2. Modular Arithmetic
qi (u[i ] ai D ) mod 2 ;
RSA cryptography (named for its inventors
/* qi is a result of modulo 2. */
Rivest, Shamir, and Adelman) exploits properties and
(u[i ] ai D qi N )
u[i 1] 
;
2
interrelations of numbers, constructed as large powers
of huge numbers. Through a neat mathematical trick
parend;
called modular arithmetic, the computer avoids
if u[n] < N then t = u[n]
working with the huge numbers themselves. As we
know modular exponentiation is important in the
else t = u[n] –N;
end.
modular arithmetic, it can be considered as a series of
modular square-and-multiply operation. The squaring
This
operations can be regarded as a case of multiplication
multiplication,
operations. So we describe modular multiplication,
t CDR 1 mod N ), while avoiding division by N.
algorithm
computes
the
modular
CD mod N tR mod N
(i.e.
modular squaring, and modular exponentiation
These three inputs A, B and N are n-bit integers. The
respectively in Section 2.1 –Section 2.4.
output is t with a factor of R 1 , where R is 2n . The
qi is a result of modulo 2 as can be verified by simply
checking the last bit of u[i] + aiD. The shift-to-right
2.1 Modular Multiplication
The modular multiplication multiplies the input
operands C and D and reduces the product modulo N.
That is to say, it computes Q CD mod N . In 1985,
operation can be considered as division by 2. More
descriptions of Montgomery’
s algorithm are depicted
in [13, 14].
Montgomery proposed an efficient algorithm for
modular multiplications without trial division [13].
2.2 Modular Squaring
This algorithm does not perform division and
Computations
involving
multiplying
and
multiplication, but uses digit operations of shift and
squaring large integers are key factors in the
addition. The Montgomery multiplication method is
performance of many public key cryptosystems. In [2],
described as follows.
three algorithms (squaring computation which uses
the
standard
multiplication
algorithm,
the
Algorithm 1 (Montgomery’
s algorithm)
Guajardo-Parr
Input: C, D, N
Yang-Hseih- Laih’
s algorithm) are compared by the
/* CD mod N = tR mod N. */
1
/*That means t CDR mod N .*/
Output: t
squaring
algorithm,
and
the
numbers of the modular squaring. More descriptions
will be depicted in [2]. The performance of the
Yang-Hseih-Laih’
s algorithm is nearly 2.52 and 1.50
/* C and D are the factors of R mod N.*/
times faster than squaring computation by using the
~216~
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
standard
multiplication
Guajardo-Parr
algorithm
squaring
and
algorithm.
the
The
/* R is 2n. */
begin
C R N ; Q AR mod N ;
Yang-Hseih-Laih’
s algorithm, which is the fastest
among three algorithms, is described as follows.
/* N is an odd n-bit integer */
k = h -1;
/*X is in h bits */
Algorithm 2 (Yang-Hseih-Laih’
s algorithm)
if ( k >= 0)
Input: A ( an 1 , an 2 ,...a1 , a0 )b
if xk 1 , then C = MA(A, C);
if k 1 , then C = MA(C, C);
2
Output: D (d 2 n 1 , d 2 n 2 ,...d1 , d 0 )b A
k = k –1.
end.
begin
(d 2 n 1 , d 2 n 2 ,..., d1 , d 0 )b (0,0,..., 0,0)b ;
for i = 0 to n-1
2.4 Modular Multi-Exponentiation
c 0
In the computation of multi- exponentiation,
for j = i + 1 to n-1
there are two or more bases and exponents. Unlike the
(c, s )  di j a j * ai c ;
d i j s ;
computation of exponentiation, the multiplication
operations need to be performed if any scanned digit
d i n c ;
D = 2D (shift D left 1 bit);
of exponent presentation is non-zero. Thus it is
c=0;
important to consider the corresponding bits of other
for i = 0 to n –1
exponents. The multiplication operation cannot be
removed unless all corresponding bits of other
(c, s ) D2i ai * ai c , d 2i  s ;
(c, s )  D2i 1 c , d 2i 1  s ;
exponents are also zero.
The computation time of a multi- exponentiation
end.
computation
depends
on
the
numbers
of
square-and-multiply operations [13]. In other words,
2.3 Modular Exponentiation
those exponents with fewer non-zero bits might
The modular exponentiation algorithm performs
introduce a better performance. The Yen-La
i
h’
s
in conjunction with the modular multiplication
modular multi- exponentiation is given as follows. In
algorithm as presented in Section 2.1. The algorithm
Algorithm 4, the exponent with fewer bits, X or Y, will
comes with the advantage of the Montgomery
be padded with bits of zero from the most significant
multiplication algorithm without trial division. For
bit to make X and Y the same length, h bits.
exponentiation computation, the exponent is scanned
from left to right bit by bit [13]. The Lai-Chang’
s
Algorithm 4 (Yen-La
i
h’
sa
l
g
or
i
t
hm)
algorithm is described as follows.
Input: A, B, X, Y, N
/* X and Y h
a
v
et
h
es
a
mel
e
ngt
h“
h bi
t
s
”
. */
Algorithm 3 (Lai-Chang’
s algorithm)
X Y
Output: C A B mod N
Input: A, X, N
/* A is the factor of R mod N. */
begin
X = (xh-1, xh-2,…,x0);Y = (yh-1, yh-2, .., y0);
Output: D = MA (C, 1)
~217~
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
/* h = Max(log2X, log2Y*/
scholars devoted to reducing the Hamming weight [17,
C = 1; Q≡A*B mod N;
19] and the binary method is one of the fast and
k = h –1;
efficient methods which can improve the modular
case (xk, yk)
multiplications [20-23]. The binary method is given
(1, 0): C≡C*A mod N,
as follows [18].
(0, 1): C≡C*B mod N,
(1, 1): C≡C*Q mod N,
Algorithm 5 (Martinez-Luna-He
n
r
i
qu
e
z
’
sa
l
g
or
i
t
hm)
endcase;
/* M is a plaintext. */
Input: M, E, N
if k >= 1, then C≡C*C mod N;
Output: P≡M mod N
/* E is an exponent. */
E
k = k –1;
/* N is a modulus. */
C:=M; P:=1;
if (k >= 0), then do case (xk, yk),
begin
otherwise, Output C.
for i := 0 to n-1 do
if Ei := 1 then P≡P*C mod N
end.
C C * C mod N
end for;
3. Modular Exponentiation Arithmetic
end.
As we know, the modular exponentiation,
M e mod N , where M is a plaintext, e is an exponent,
A simple example is given in the following to
and N is a modulus, is one of the most important
illustrate Algorithm 5.
operations in most public key cryptosystems [15, 16].
It is more complicated and time-consuming. So many
Example 1:
researchers are devoted to finding ways to reduce the
E = (10101010)2 = (170)10 can be evaluated as the
time such as binary method, common-multiplicand
following steps.
multiplication method, signed-digit recoding method,
and high-radix method, etc. We introduce these
E
methods respectively as follows.
Step 3 (R)
Step 4 (C)
0
1
(M) = M2
1
1*M2 = M2
(M2)2 = M4
0
M2
(M4)2 = M8
1
M2*M8 = M10
(M8)2 = M16
RSA (Rivest, Shamir, and Adleman) method [5]
0
M10
(M16)2 = M32
is one of the most widely used public-key
1
M10*M32 = M42
(M32)2 = M64
cryptosystems. This method is performed using
0
M42
(M64)2 = M128
successive
modular
1
M42*M128 = M170
(M128)2 = M256
consuming
for
3.1 Binary Method
large
multiplications
operands
[8]
and
and
time
the
exponentiation operation is broken into a series of
3.2 Common-Multiplicand Multiplication
Method
squaring and multiplication operations by the use of
the binary method [17]. The numbers of modular
multiplications strongly depend on the Hamming
weight of B, where B is the exponent [1]. So many
2
In 1993, Yen and Laih developed the technique
of common-multiplicand- multiplication [22] and in
1996, Lou and Chang developed the exponent folding
exponentiation method based on [24] to enhance the
~218~
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
performance of the famous right to left binary
In 1996, Lou and Chang [24] proposed a fast
exponentiation algorithm. Some public cryptosystems
exponentiation method by using exponent- folding
(the Diffie-Hellman method [6], the RSA method [5],
exponentiation method. The basic idea of this method
and DSA systems [25]) are also based on the CMM
is to extract the common substring of the exponent E,
method [22]. CMM method is described as follows
and then save the numbers of multiplications required
[26].
for
the
computation
of
common
strings.
Exponent-folding method is described as follows.
Algorithm 6 (Wu-Chang’
s algorithm)
Input: Exponent E (ek 1ek 2 ...e1e0 ) 2 ;
Algorithm 7 (Lou-Chang’
s algorithm)
/* M is message. */
Input: M, Ei, Ei+1, where i = 1, 2, …, 2n
/* M is message. */
Output: Ciphertext C M E ;
C1 = C2 = C3 =1;
/*
k
k

1
2n
E y (ey2 n ey ...e1y ) 2
*/
S = x;
Output: M
Ei
, M
Ei 1
/* n is the folding-time of E.*/
C1 = C2 = C3 = 1; S = M;
/* k is the bit length of E and E is the exponent. */
/* Ei , and Ei 1 , each of
begin
for b = 1 to
begin
k
do
2n
for b = 1 to
/*scan from LSB to MSB*/
k
do
2n
/*scan for the exponent-folding parts*/
parbegin
parbegin
if ( eexcl _ j =1) then C1 = S * C1;
b
if ( eexcl _ i =1) then C1 = S * C1
/*multiply*/
if( eexcl _( i 1) = 1) then C2 = S * C2
/*multiply*/
if( ecommon _ i = 1) then C3 = S * C3
/*multiply*/
b
/*multiply*/
if ( eexcl _( j 1) =1) then C2 = S * C2;
b
b
/*multiply*/
if
b
( ecom _ j
k
bits*/
2
b
=1) then C3 = S * C3;
S = S * S;
/*multiply*/
/* square*/
parend;
S = S * S;
C1 = C1 * C3;
C2 = C2 * C3;
parend;
C1 = C1 * C3;
end.
C2 = C2 * C3;
More detailed descriptions of Lou-Chang’
s algorithm
are depicted in [24].
end.
The results of x
Ej
and x
E j 1
are kept in C1 and
C2 respectively. More detailed descriptions of
3.4 Signed-Digit Recoding Method
In 1993, Arno and Wheeler presented signed-digit
Wu-Chang’
s algorithm are depicted in [26].
3.3 Exponent-Folding Method
recoding method [27]. The Arno-Wheeler’
s algorithm
for signed-digit recoding method is depicted as
~219~
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
follows.
At each step, the partial result is raised to the 2d
power and multiplied with X F ( i ) , where F ( i ) is the
Algorithm 8 (Arno-Wheeler’
s algorithm)
Input: a S r with (a ) n ;
value of the current bit section. High radix method is
/* a is a redundant representation of n. */
Output: A( a ) S r ;
/* A(a) denotes the action of this algorithm on a. */
t = 0;
/* Sr denotes the set of all sequences:
a (..., a2 , a1 , a0 ) */
described as follows.
Algorithm 9 (Koc’
s algorithm)
Input: M, N, E, n, d where n 
log 2 E 

1 and n =
kd for k 1.
Output: C M E mod N .
begin
while (..., at 2 , at 1 , at ) (...,0,0,0) do
Set X0 = 1 and X1 = M.
/* ai {0, 
1,..., (r 1)} */
Repeat
parbegin
for j = 2, 3, …, 2d –1.
b = (...,sgn( at ), sgn( at ) * r ,0,..., 0)
X j ( X j 1 * M ) mod N .
/* nonzero at t and t+1 */
Repeat
c a b ;
for i = k –2, k -3, …, 0.
if ct 1 0 then a = c;
F (i ) r 0 E id r 2r .
d
1
parend;
t = t + 1;
Set C X F ( k 1) .
end.
Repeat
More
detailed
descriptions
for i = k –2, k –3, …, 0.
of Arno-Wheeler’
s
Repeat
algorithm are depicted in [22, 27].
for j = 0, 1, d –1.
C C * C mod N
3.5 High Radix Method
if F ( i ) 0 then C C * X Fi mod N .
The binary method can be generalized to the high
radix method which scans the digits of E expressed in
Halt.
radix m [10, 29]. We focus our attention to the case
when m = 2d. The exponent E is partitioned into k
sections of d bits for kd = n. If d does not divide n, the
exponent is padded with at most d-1 zeros. Let
d
1
end.
More detailed descriptions of Koc’
s algorithm are
depicted in [29].
F (i ) [ Eid d 1 Eid d 2 ...Eid ] Eid r 2r .
4. Complexity Analyses
First, the values of X j M mod N for j =2,
described as above will be compared and several
r 0
In this section, the performance of many methods
j
3, …, 2d –1 are computed. Then, the bits of E are
scanned d bits at a time from the most significant to
the least significant.
presented methods [13-15] are also compared. As we
know, the squaring operations can be regarded as a
case of multiplication operations and for clarity, the
~220~
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
modular reductions are omitted. In order to measure
5. Conclusions and Future Works
the speed of the modular multiplications, modular
We know many researchers are devoted to
squarings, and modular exponentiations, etc., we use
reducing the number of multiplication in computer
the numbers of modular multiplications to express the
algorithms for information management and network
speed-up efficiency [15]. As mentioned in the
security usages. For example, Montgomery proposed
previous
modular
an efficient algorithm for modular multiplications
multiplications, where k is the bit-length of the
without trial division. This can be simplified as the
exponent E for the binary method. The modular
operations of modular multiplication. Owing to the
mul
t
i
pl
i
c
a
t
i
on
sf
or Wa
l
t
e
r
’
s me
t
h
od [21] and
characteristic of no trial division in the Montgomery
4
Lou-Wu’
sme
t
h
od[28] are needed 
log 2 k 

* and
3
algorithm, the algorithm can be easily implemented in
0.689k + 11 multiplications respectively. For
In this paper, we investigate many different
comparison, all the methods mentioned in [1, 14,
methods to reduce the computational complexities for
21-27] are illustrated in Table 1. For a random
modern cryptosystems. Now there are still many
e
x
pon
e
n
t
s
,t
h
eWa
l
t
e
r
’
sme
t
h
od t
a
k
e
s12 modu
l
a
r
novel methods [12, 30-32] issued in many computer
multiplications to evaluate Me on average. Various
security journals and reports for computer arithmetic
representations of exponent e have been suggested
operations and theoretical analyses. In the future, we
with the same goal of reducing the number of
can incorporate modular arithmetic and some novel
multiplications involved. These presented algorithms
methods (including hardware and software designs) to
[13-15] to evaluate the modular exponentiation
reduce the number of multiplications for modern
computation M mod N are showed in Table 2 for
cryptographic applications.
section,
it
needs
1.5k
E
computer hardware or efficient software programs.
the practical application to public cryptography,
where k is the bit-length of binary exponent E.
Table 1. Comparisons for computational complexities of modular multiplications.
Items
I
II
III
IV
V
VI
VII
VIII
IX
X
Methods
Modular multiplications
4
3
Walter’
s method
log 2 k 

*

Lou-Wu’
s method
Wu-Chang’
s method
Yen’
s method
Dimitrov and Jullien’
s method combining using joint
sparse form
Yang-Guan-Laih’
s method
Dimitrov-Jullien’
s method
Shamir’
s method combining minimal weight binary
signed-digit recoding method
Pekmestzi’
s method
Shamir’
s method
0.689 k +11
1.219k
1.292 k +11
~221~
1.500 k
1.509 k
1.534 k
1.556 k
1.75 k
1.75 k
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
Table 2. The average number of multiplications for different methods.
Items
I
II
III
IV
V
VI
VII
VIII
IX
X
multiplications
log 2 k 

*

k=512
4
3
0.689k+11
1.219 k
1.292 k +11
1.5 k
1.509 k
1.534 k
1.556 k
1.75 k
1.75 k
k=1,024
k=2,048
k=4,096
k=8,192
k=16,834
12
13.333
14.667
16
17.333
18.667
363.768
624.128
672.504
768
772.608
785.408
796.672
896
896
716.536
1,248.256
1,334.008
1,536
1,545.216
1,570.816
1,593.344
1,792
1,792
1,422.072
2,496.512
2,657.016
3,072
3,090.432
3,141.632
3,186.688
3,584
3,584
2,833.144
4,993.024
5,303.032
6,144
6,180.864
6,283.264
6,373.376
7,168
7,168
5,655.288
9,986.048
10,595.064
12288
12,361.728
12,566.528
12,746.752
14,336
14,336
11,299.576
19,972.096
21,179.128
24,576
24,723.456
25,133.056
25,493.504
28,672
28,672
References
cryptography,” Proceedings
[1]
Dimitrov V. S., Jullien G. A., and Miller W. C.,
International Symposium on Circuit and Systems,
“
Complexity
vol. 2, 365-368, 2004.
and
fast
algorithms
for
multi-exponentiations,” IEEE Transactions on
[2]
[6]
[7]
Nedjih N., “
Efficient pre-processing for large
Yang W.-C., Hseih P.-Y., and Laih C.-S.,
colony,”Informatica, vol. 29, 155-161, 2005.
[9]
Khabbazian M. and Gulliver T. A., “
A new
Transactions on Fundamentals, vol. E87-A., no. 5,
minimal average weight representation for
1189-1192, 2004.
left-to-right point multiplication methods,”IEEE
Yen S.-M., Laih C.-S., and Lenstra A. K.,
Transactions on Computers, vol. 54, no. 11,
“
Multi-exponentiation,”
1454-1459, 2005.
IEE
Proceedings
[10] Knuth D. E. The Art of Computer Programming,
325-326, 1994.
vol. II: Seminumerical Algorithms. 3rd Edition,
Yamk T., Savas E., and Koc C. K., “
Incomplete
Addison-Wesley, MA., 1997.
arithmetic,” IEE
[11] Guan D. J., “
Montgomery algorithm for modular
Proceedings: Computers and Digital Technique,
multiplication,”IEEE Transactions on Computers,
vol. 149, no. 2, 46-52, 2002.
vol. 42, no. 6, 693-699, 2003.
reduction
[5]
2004
window-based modular exponentiation using ant
Computer Digital Technology, vol. 141, no. 6,
[4]
the
Computers, vol. 49, no. 2, 141-147, 2000.
“
Efficient squaring of large integers,” IEICE
[3]
[8]
of
in
modular
Rivest R. L., Shamir A., and Adleman L., “
A
[12] Hassan M. A., “
Efficient computation of
method for obtaining digital signatures and
multiplicative
inverses
for
cryptographic
public-key cryptosystems,”Communications of
applications,” Proceedings of the 15th IEEE
the ACM, vol. 21, 120-126, 1978.
Symposium on Computer Arithmetic, 66-72, 2001.
Diffie W. and Hellman M. E., “
New directions in
[13] Lai Y.-P. and Chang C.-C., “
An efficient
cryptography,”IEEE Transactions on Information
multi-exponentiation scheme based on modified
Theory, vol. 22, no. 6, 644-654, 1976.
Booth’
s method,” Journal
Katti R. and Ruan X., “
Left-to right binary
Engineering, vol. 90, no. 3, 221-233, 2003.
signed-digit
recording
for
elliptic
curve
~222~
of
Electronics
[14] Yang W.-C., Guan D. J., and Laih C.-S.,
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
“
Algorithm of asynchronous binary signed-digit
techniques
for
exponentiation,” Computer
recording on fast multi-exponentiation,”Applied
Mathematics Application, vol. 30, no. 10, 17-24,
Mathematics and Computation, vol. 167, 108-117,
1995.
[24] Lou D.-C. and Chang C.-C., “
Fast exponentiation
2005.
[15] Lou D.-C. and Wu C.-L., “
Parallel exponentiation
method obtained by folding the exponent in Half,”
using common- multiplicand-multiplication and
Electronics Letters, vol. 32, no. 11, 984-985,
signed- digit-folding techniques,”International
1996.
Journal of Computer Mathematics, vol. 81, no. 10,
1187-1202, 2004.
[16] Ha
J.-C.
multiplication
and
Moon
common-multiplicand
Montgomery
for
fast
by
exponent decomposition,”IEICE Transactions on
to
the
Fundamentals, vol. E80-A, no. 6, 1160-1163,
up
1997.
speeding
vol. 66, 105-107, 1998.
[26] Wu
T.-C.
and
Chang
generalization
[17] Joye M. and Yen S.-M., “
Optimal left-to-right
signed-digit
exponentiation
“
A
method
algorithm
and
S.-J.,
exponentiation,”Information Proceeding Letters,
binary
[25] Yen S.-M., “
Improved common- multiplicand
recording,”
IEEE
Transactions on Computers, vol. 49, no. 7,
740-748, 2000.
Y.-S.,
“
Improved
common-multiplicand
multiplications algorithm of Yen and Laih,”
Electronics Letters, vol. 31, no. 20, 1738-1739,
1995.
[27] Arno S. and Wheeler F. S., “
Signed digit
[18] Martinez M. A. G., Luna G. M., and Henriquez F.
representations of minimal hamming weight,”
R., “
Hardware implementation of the binary
IEEE Transactions on Computers, vol. 42, no. 8,
method
1007-1010, 1993.
for
exponentiation
Proceedings of the 4
th
in
GF(2m),”
Mexican International
Conference on Computer Science, 131-134, 2003.
[19] Koc C. K. and Johnson S., “
Multiplication of
[28] Lou D.-C., Wu C.-L., and Chen C.-Y.,
exponentiation
by
Computer
30, no. 11, 840-841, 1994.
1251-1259, 2003.
without
trial
division,” Mathematics
of
Computation, vol. 44, no. 170, 519-521, 1985.
[21] Eldridge S. E. and Walter C. D., “
Hardware
implementation
signed-digit
Mathematics,
vol.
80,
no.
10,
[29] Koc C. K., “
High-radix and bit recording
techniques
for
modular
exponentiation,”
International Journal of Computer Mathematics,
vol. 40, 139-156, 1991.
Montgomery’
s modular
[30] Garbner P. J., Heuberger C., and Prodinger H.,
multiplication algorithm,”IEEE Transactions on
“
Distribution results for low-weight binary
Computers, vol. 42, no. 6, 693-699, 1993.
representations for pairs of integers,”Theoretical
[22] Yen
S.-M.
of
the
exponent in half,” International Journal of
signed-digit numbers,”Electronics Letters, vol.
[20] Montgomery P. L., “
Modular multiplication
folding
“
Fast
and
Laih
C.-S.,
“
Common-multiplicand multiplication and its
applications
to
public
key
cryptography,”
Computer Science, vol. 319, 307-331, 2004.
[31] Negre, C., “
Quadrinomial modular arithmetic
using modified polynomial basis,”Proceedings of
Electronics Letters, vol. 29, no. 17, 1583-1584,
2005 International Conference on Information
1993.
Technology:
[23] Koc C. K., “
Analysis of sliding window
~223~
Coding
1, 550-555, 2005.
and
Computing,
vol.
The 23rd Workshop on Combinatorial Mathematics and Computation Theory
[32] Dempster A. G. and Macleod M. D., “
Generation
of
signed-digit
representations
for
integer
multiplication,” IEEE on Signal Processing
Letters, vol. 11, no. 8, 663-665, 2004.
~224~