Internship: Introduction to research.
Team SESAM, Hubert Curien Laboratory, Saint-Étienne.
2017, May-July
The Chinese Remainder Theorem and its applications in asymetric cryp­
tography - Consequences on modular multiplication implementation
Scientific context
Modular multiplication is the main operation in asymetric cryptography. It is used in the Diffie-Hellmann key exchange
protocol, RSA cryptosystem or DSA signature protocol and also in elliptic curve based cryptosystem (ECC). These
cryptosystems use n-bits numbers where n can be from hundreds (ECC) to thousands (RSA, DSA).
While hardware implementation of symetric cryptography primitives is relatively easy, implementing modular multi­
plication is a costly operation. It is due to the size of the numbers being manipulated and to the complex algorithmic
nature of multiplication and even more of division that consumes a huge amount of computing time.
Numerous technics can be found in the state of the art to solve these issues. The main methods consist in changing the
numbers representation while keeping a mathematical structure complient with addition and multiplication operations
(they are called ring isomorphisms). Among these isomorphisms, the Chinese Remainder Theorem (CRT) is used to
transform the set of remainders modulo M = Πni=1 mi (where (mi )i are co-primes integers), in a cartesian product of
∼
remainders modulo mi (ie : Z/M Z −→ Πni=1 Z/mi Z). With this isomorphism, an integer x < M is fully caracterized
by one and only one n-tuple (xi = x mod mi )i=1..n .
With this representation called RNS (Residue Number System), multiplications and additions modulo M are linearly
processed (time complexity is in O(n)). Furthermore, these computations can be done in parallel as there is no carry
propagation from one computing unit to another. On the other hand, comparison and division are very complex as
there is no partial order set under this representation.
However, the Montgomery algorithm makes it possible to compute the remainder modulo N without trial division by
N . This smart result can be combined with an RNS representation of integers to provide an efficient algorithmic so­
lution. Unfortunately, it implies non-negligible precomputations and costly base changes between RNS representations.
Internship objectives
The first goal is to study the main existing algorithmic principles : Montgomery algorithm in RNS representation as
well as the base change methods (Shenoy-Kumaresan, Kawamura, Posch et Posch, Bajard).
In a second part, the intern will study a new proposal from the host research team that may in theory allow to reduce
the number of precomputations and optimize the base change methods. The goal here is to estimate the gain in terms
of precomputations and elementary computations while base changing in comparison to the current state of the art.
Florent BERNARD
Laboratoire Hubert Curien
Bâtiment F,
18 Rue du Professeur Benoît Lauras
42000 Saint-Etienne
FRANCE
Tel : +33 (0)4 77 91 57 80
Fax : +33 (0)4 77 91 57 81
1