From Euclid’s GCD to Montgomery Multiplication to the Great Divide
نویسنده
چکیده
Euclid’s method for finding the greatest common divisor (GCD) of two integers was first described around the year 300 B.C. This simple iterative method is often regarded as the grandfather of all algorithms in Number Theory today. Many advances have been made since then—for example, Berlekamp’s algorithm for multiplicative inverse and Montgomery’s technique for modular multiplication. These binary add-andshift algorithms for efficient finite field arithmetic operations have played important roles in today’s publickey cryptographic systems. Yet, two thousand three hundred years after Euclid’s GCD, one algorithm remained missing—division. For many decades we did not tackle modular division problems directly. Instead, we relied on the Extended Euclidean algorithm for calculating inversion and we computed division in a two-step process—inversion followed by multiplication. This practice is so deeply rooted in our teachings and doings today that we have neglected to ask whether the idea underlying the binary Extended Euclidean algorithm can also be applied to finding a general solution for field division. This paper describes such a solution: a binary add-and-shift algorithm for modular division in a residue class. This technique for fast computation of divisions in GF(2m) is the key to a highly efficient implementation of elliptic curve cryptosystems. email address: [email protected] © 2001 Sun Microsystems, Inc. All rights reserved. The SML Technical Report Series is published by Sun Microsystems Laboratories, of Sun Microsystems, Inc. Printed in U.S.A. Unlimited copying without fee is permitted provided that the copies are not made nor distributed for direct commercial advantage, and credit to the source is given. Otherwise, no part of this work covered by copyright hereon may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an information retrieval system, without the prior written permission of the copyright owner. TRADEMARKS Sun, Sun Microsystems, the Sun logo, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. For information regarding the SML Technical Report Series, contact Jeanie Treichel, Editor-in-Chief . The entire technical report collection is available online at http://research.sun.com. From Euclid’s GCD to Montgomery Multiplication to the Great Divide Sheueling Chang Shantz Sun Microsystems Laboratories 901 San Antonio Road Palo Alto, California 94303
منابع مشابه
On the Complexity of the Extended Euclidean Algorithm (extended abstract)
Euclid’s algorithm for computing the greatest common divisor of 2 numbers is considered to be the oldest proper algorithm known ([10]). This algorithm can be amplified naturally in various ways. The GCD problem for more than two numbers is interesting in its own right. Thus, we can use Euclid’s algorithm recursively to compute the GCD of more than two numbers. Also, we can do a constructive com...
متن کاملDid Euclid Need the Euclidean Algorithm to Prove Unique Factorization?
Euclid’s lemma can be derived from the algebraic gcd property, but it is not at all apparent that Euclid himself does this. We would be quite surprised if he didn’t use this property because he points it out early on and because we expect him to make use of the Euclidean algorithm in some significant way. In this paper, we explore the question of just how the algebraic gcd property enters into ...
متن کاملThe Euclidean Algorithm
Euclid’s algorithm gives the greatest common divisor (gcd) of two integers, gcd(a, b) = max{d ∈ Z | d|a, d|b} If for simplicity we define gcd(0, 0) = 0, we have a function gcd : Z× Z −→ N with the following properties: Lemma 1 For any a, b, c, q ∈ Z we have: (i) gcd(a, b) = gcd(b, a). (ii) gcd(a,−b) = gcd(a, b). (iii) gcd(a, 0) = |a|. (iv) gcd(a− qb, b) = gcd(a, b). Proof. Trivial; for (iv) use...
متن کاملComputational Number Theory and Applications to Cryptography
• Greatest common divisor (GCD) algorithms. We begin with Euclid’s algorithm, and the extended Euclidean algorithm [2, 12]. We will then discuss variations and improvements such as Lehmer’s algorithm [14], the binary algorithms [12], generalized binary algorithms [20], and FFT-based methods. We will also discuss how to adapt GCD algorithms to compute modular inverses and to compute the Jacobi a...
متن کاملA VLSI Algorithm for Modular Multiplication/Division
We propose an algorithm for modular multiplication/division suitable for VLSI implementation. The algorithm is based on Montgomery’s method for modular multiplication and on the extended Binary GCD algorithm for modular division. It can perform either of these operations with a reduced amount of hardware. Both calculations are carried out through iterations of simple operations such as shifts a...
متن کامل