本論文以 M. R. Lee[9]的架構為基礎,結合 Ghoreishi[11]直接在電路中以 2 補 數計算負值方法及四倍輸入化簡電路的概念,實現修改使用進位儲存加法器的以 四為基底 Montgomery 演算法,其中以四為基底比以二為基底少了一半的運算週期 數,減少 RSA 運算的時間,使用在電路中以 2 補數計算負值方法利用進位儲存加 法器 carry 為 0 的特性來擺放取 2 補數所加的 1 及進位修正項的 1 達到減少面積的 效果,可以節省兩排 512-bit 的暫存器,再搭配四倍輸入簡化電路的方法降低電路 的複雜度,使計算(t1, t0)的電路不在關鍵路徑裡,可以跟進位儲存加法器平行運算,
降低電路的關鍵路徑,修改使用進位儲存加法器的以四為基底 Montgomery 演算法 也跟 Lee 的架構一樣拆開輸入使 A 變成 A1+A2、B 變成 B1+B2 ,如此一來可以 有效率的執行模指數運算,最後我們使用改良的模乘法及模指數 H 演算法完成整 個 RSA 密碼系統的設計。
本論文實驗數據顯示 TSMC 90nm 製程合成出的電路速度最快可達 455MHz,
Gate Count 為 76K,Throughput 為 879.2K bps,與最近的文獻[9]比較起來速度改善 了 27.45%,面積改善了 37.19%,Throughput 改善了 26.78%。與其他模乘法較出 色 的兩 篇 文獻 Kuang[12] 及 Shieh[13] 在 Throughput 方面分別改善了 3.9%及 33.37%。
本論文使用三層的進位儲存加法器的架構實現 RSA 密碼系統,在相關文獻[14]
中有一個改良的 5-to-2 加法器,因為該電路是將兩個 FA 接在一起,變成一個兩位 元的加法器,有較短的關鍵路徑,如果將這樣的加法器放進我的修改使用進位儲 存加法器的以四為基底 Montgomery 演算法中,且將本論文提出的兩種改善方式應 用其中,就能夠使電路的關鍵路徑更短,且因為是將兩個 FA 由直的變成橫的,在 面積方面幾乎沒有改變,卻能達到降低關鍵路徑的效果。
49
Reference
[1] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Inf.
Theory, vol. 22, no. 6, pp. 644-654, Nov. 1976.
[2] R. L. Rivest, A. Shamir, and L. Adleman “A method for obtaining digital signatures and public-key cryptosystems,” Comm. ACM, vol. 21,pp. 120-126 , Feb. 1978.
[3] Atul Kahate,2007,網路安全與密碼學,學貫行銷股份有限公司
[4] P. L. Montgomery, “Modular multiplication without trial division,” Math.
Computation, vol. 44, pp. 519-521, Apr. 1985.
[5] C. D. Walter, “Montgomery exponentiation needs no final subtractions,” Electron.
Lett., vol. 35, no. 21, pp. 1831-1832, Oct. 1999.
[6] C. McIvor, M. McLoone, and J.V. McCanny, “Modified Montgomery modular multiplication and RSA exponentiation techniques,” Proc. IEEE-Comput. Digit.
Tech., vol. 151, no. 6, pp. 402-408, Nov. 2004.
[7] T. W. Kwon, C. S. You, W. S. Heo, Y. K. Kang, and J. R. Choi, “Two implementation methods of a 1024-bit RSA cryptoprocessor based on modified Montgomery algorithm,” in Proc. IEEE Int. Symp. Circuits Syst., vol. 4, pp.
650-653, May 2001
[8] J. H. Hong and C. W. Wu, “Cellular-array modular multiplier for fast RSA public-key cryptosystem based on modified booth’s algorithm,” IEEE Trans. Very
Large Scale Integr. (VLSI) Syst., vol. 11, no. 3, pp. 474-484, Jun. 2003.
[9] M. R. Lee, “Secure Hash-and-sign and Cryptosystem Design,” M.S. thesis, National University of Kaohsiung, Taiwan, 2013.
[10] A. Tenca and L. Tawalbeh, “An efficient and scalable radix-4 modular multiplier design using recoding techniques,” Proc. Asilomar Conf. Signals, Systems and
50
Computers, pp. 1445-1450, 2003.
[11] S. S. Ghoreishi, M. A. Pourmina, H. Bozorgi, and M. Dousti, “High speed RSA implementation based on modified Booth’s technique and Montgomery’s multiplication for FPGA platform,” in Proc. 2nd Int. Conf. Adv. Circuit, Electron.
Micro-Electron. , pp86-93, Oct. 2009.
[12] S. R. Kuang, J. P. Wang, K. C. Chang, and H. W. Hsu, “Energy-Efficient High-Throughput Montgomery Modular Multipliers for RSA Cryptosystems,”
IEEE Trans, Very Large Scale Integration (VLSI) Syst., vol. 21, no. 11, pp.
1999-2009, Nov. 2013.
[13] M. D. Shieh, J. H. Chen, H. H. Wu, and W. C. Lin, “A new modular exponentiation architecture for efficient design of RSA cryptosystem,” IEEE Trans, Very Large
Scale Integration (VLSI) Syst., vol. 16, no. 9, pp. 1151–1161, Sep. 2008.
[14] K. C. Yao, X. Y. Chen, C. E. Li, J. H. Hong, “A Radix-4 RSA Cryptosystem Based on Carry-Save Adder,” in Proc. 27th IPPR Conf. on Computer Vision Graphics and Image Processing(CVGIP 2014), Aug. 2014
[15] K. Manochehri and S. Pourmozafari, “Modified radix-2 Montgomery modular multiplication to make it faster and simpler,” in Proc. IEEE Int. Conf. Inf. Technol., vol. 1, pp. 598-602, Apr. 2005
[16] K. Manochehri and S. Pourmozafari, “Fast Montgomery modular multiplication by pipelined CSA architecture,” in Proc. IEEE Int. Conf. Micro., pp. 144-147, Dec.
2004.
[17] M. D. Shieh, J. H. Chen, W. C. Lin, and H. H. Wu, “A new algorithm for high-speed modular multiplication design,” IEEE Trans. Circuits Syst. I, Reg.
Papers, vol. 56, no. 9, pp. 2009-2019, Sep. 2009.
[18] Y. Y. Zhang, Z. Li, L. Yang, and S. W. Zhang, “An efficient CSA architecture for
51
Montgomery modular multiplication,” Microprocess. Microsyst., vol. 31, no. 7, pp.
456-459, Nov. 2007.
[19] G. Sutter, J. P. Deschamps, and J. Imaña, “Modular multiplication and exponentiation architectures for fast RSA cryptosystem based on digit serial computation,” IEEE Trans. Ind. Electron., vol. 58, no. 7, pp. 3101-3109, Jul. 2010.
[20] M. Roorda, “Method to reduce the sign bit extension in a multiplier that uses the modified Booth algorithm,” Electron. Lett., vol. 22, pp. 1061-1062, Sep. 1986.
[21] D. Wang, Y. Ding, J. Zhang, J. Zhang, J. Hu, and H. Tan, “Area-efficient and ultra-low-power architecture of RSA processor for RFID,” Electron. Lett., vol. 48, no. 19, pp.1185-1187, Sep. 2012.
[22] A. E. Cohen and K. K. Parhi, “Architecture Optimizations for the RSA Public Key Cryptosystem,” IEEE Circuits Syst. Mag., vol. 11, pp. 24-34, Nov. 2011.
[23] 劉俊麟、2003,以四為基底之高速 RSA 加解密系統晶片,大葉大學電機工程 學系研究所碩士論文
[24] William Stallings,2007,密碼學與網路安全,開發圖書有限公司
[25] J. J. Quisquater and C. Couvreur, “Fast Decipherment Algorithm for RSA Public-Key Cryptosystem, ” Electron. Lett., vol. 18, pp. 905-907, Oct. 1982.