Fast modular exponentiation of large numbers with large exponents

In many problems, modular exponentiation jxjm is a basic computation, often responsible for the overall time performance, as in some cryptosystems, since its implementation requires a large number of multiplications. It is known that jxjm 1⁄4 jxjbjuðmÞ jm for any x in 1⁄21;m 1 if m is prime; in this case the number of multiplications depends on uðmÞ instead of depending on b. It was also stated that previous relation holds in the case m 1⁄4 pq, with p and q prime; this case occurs in the RSA method. In this paper it is proved that such a relation holds in general for any x in 1⁄21;m 1 when m is a product of any number n of distinct primes and that it does not hold in the other cases for the whole range 1⁄21;m 1 . Moreover, a general method is given to compute jxjm without any hypothesis on m, for any x in 1⁄21;m 1 , with a number of modular multiplications not exceeding those required when m is a product of primes. Next, it is shown that representing x in a residue number system (RNS) with proper moduli mi allows to compute jxjm by n modular exponentiations jxi jmi in parallel and, in turn, to replace b by jbjuðmiÞ in the worst case, thus executing a very low number of multiplications, namely dlog2 mie for each residue digit. A general architecture is also proposed and evaluated, as a possible implementation of the proposed method for the modular exponentiation. 2002 Elsevier Science B.V. All rights reserved.