| US 7,603,558 B2 | ||
| Montgomery transform device, arithmetic device, IC card, encryption device, decryption device and program | ||
| Hideo Shimizu, Kawasaki (Japan) | ||
| Assigned to Kabushiki Kaisha Toshiba, Tokyo (Japan) | ||
| Filed on Jun. 14, 2005, as Appl. No. 11/151,289. | ||
| Claims priority of application No. 2004-336047 (JP), filed on Nov. 19, 2004. | ||
| Prior Publication US 2006/0126830 A1, Jun. 15, 2006 | ||
| Int. Cl. H04L 9/32 (2006.01) | ||
| U.S. Cl. 713—174 [380/28] | 14 Claims |
| 2. An arithmetic device for calculating the d-th power under a modulus pq to an input m of 2n-bit on the basis of multipliers
Rp and Rq not less than n-bit, moduli p and q of n-bit and a power exponent d of n-bit to obtain a power remainder s (=md mod pq) of n-bit, comprising:
a first Montgomery reduction device configured to execute Montgomery reduction composed of multiplication, addition and a
bit shift to the input m of 2n-bit on the basis of the multiplier Rp and the modulus p and obtain a first Montgomery reduction result (mRp−1 mod p) of n-bit; and
a first Montgomery multiplication device configured to execute Montgomery multiplication of the first Montgomery reduction
result by the cube of the multiplier Rp (Rp3 mod p) on the basis of the multiplier Rp and the modulus p and obtain a first Montgomery multiplication result mp′ (=mRp mod p) of n-bit;
a first Montgomery power device configured to perform the dp-th power of the first Montgomery multiplication result mp′ [dp=d mod(p−1)] on the basis of the power exponent d, the multiplier Rp and the modulus p and obtain a first power remainder sp′ (=mp′̂dp×Rp mod p) of n-bit;
a first Montgomery inverse transform device configured to execute Montgomery inverse transform to the first power remainder
sp′ on the basis of the multiplier Rp and the modulus p and obtain a first Montgomery inverse transform result sp (=md mod p) of n-bit;
a second Montgomery reduction device configured to execute Montgomery reduction composed of multiplication, addition and a
bit shift to the input m of 2n-bit on the basis of the multiplier Rq and the modulus q and obtain a second Montgomery reduction result (mRq−1 mod q) of n-bit;
a second Montgomery multiplication device configured to execute Montgomery multiplication of the second Montgomery reduction
result by the cube of the multiplier Rq (Rq3 mod q) on the basis of the multiplier Rq and the modulus q and obtain a second Montgomery multiplication result mq′ (=mRq mod q) of n-bit;
a second Montgomery power device configured to perform the dq-th power of the second Montgomery multiplication result mq′ of n-bit [dq=d mod(q−1)] on the basis of the power exponent d, the multiplier Rq and the modulus q and obtain a second power remainder sq′=mq′̂dq×Rq mod q) of n-bit;
a second Montgomery inverse transform device configured to execute Montgomery inverse transform to the second power remainder
sq′ on the basis of the multiplier Rq and the modulus q and obtain a second Montgomery inverse transform result sq (=md mod q) of n-bit; and
a simultaneous equations solution device configured to solve simultaneous equations of the first Montgomery inverse transform
result sp and the second Montgomery inverse transform result sq on the basis of the moduli p, q and the Chinese remainder theorem (CRT) and output the obtained solution (md mod pq) of n-bit as the power remainder s.
|