Claims
- 1. A cipher processing system comprising:
an exponentiator operable to perform modulo exponentiation comprising reducing the size of an intermediate result at least once during modulo exponentiation computations; and a modulo processor, operable to perform modulo reduction, comprising an adder, wherein the modulo processor is coupled to receive operands from the exponentiator corresponding to the modulo exponentiation, is operable to add the operands using the adder to provide a sum, and is operable to return the sum to the exponentiator.
- 2. The cipher processing system of claim 1 wherein the exponentiator performs the modulo exponentiation using a modulus having a bit size and by reducing the size of the intermediate result to a size no larger than the bit size of the modulus.
- 3. The cipher processing system of claim 2 wherein reducing the size of the intermediate result comprises reducing the intermediate result to the bit size of the modulus by shifting the intermediate result by one bit position.
- 4. The cipher processing system of claim 1 wherein:
the adder is a full adder; and the operands from the exponentiator comprise carry data and sum data corresponding to a partial product.
- 5. The cipher processing system of claim 4 wherein the intermediate result corresponds to the partial product.
- 6. The cipher processing system of claim 1 wherein the modulo processor is operable to perform modulo reduction independently of the exponentiator.
- 7. The cipher processing system of claim 1 wherein:
the modulo exponentiation comprises a plurality of modulo multiplications; and the modulo processor receives and adds the operands from the exponentiator for returning the sum after each of the plurality of modulo multiplications.
- 8. The cipher processing system of claim 1 wherein the exponentiator iteratively computes a running partial product during modulo exponentiation computations.
- 9. The cipher processing system of claim 8 wherein the modulo processor computes a final result for the modulo exponentiation using the adder.
- 10. The cipher processing system of claim 9 wherein the modulo processor is operable to calculate a Montgomery constant substantially in hardware and provide the Montgomery constant to the exponentiator for converting an operand into Montgomery form in preparation for the modulo exponentiation.
- 11. A cipher processing system comprising:
(a) an exponentiator operable to perform modulo exponentiation; and (b) a modulo processor operable to:
(i) perform modulo reduction independent of the exponentiator; and (ii) calculate a Montgomery constant and provide the Montgomery constant to the exponentiator for converting an operand into Montgomery form in preparation for the modulo exponentiation.
- 12. The cipher processing system of claim 11 wherein the modulo processor is operable to receive a modulus and a bit size of the modulus corresponding to the modulo exponentiation and wherein the modulo processor determines the Montgomery constant using the bit size of the modulus.
- 13. The cipher processing system of claim 12 wherein the modulo processor comprises a full adder and computes the Montgomery constant using the full adder.
- 14. The cipher processing system of claim 12 wherein the Montgomery constant is selected from a look-up table in hardware.
- 15. The cipher processing system of claim 12 wherein the Montgomery constant corresponds to the value r2(n+8) mod N, where r is a number, N is the modulus, and n is the bit size of the modulus.
- 16. The cipher processing system of claim 15 wherein r is an integer multiple of base two.
- 17. A cipher processing system comprising:
an exponentiator operable to perform modulo exponentiation; and a modulo processor, operable to perform modulo reduction independently of the exponentiator, comprising an adder, wherein the modulo processor is coupled to receive operands from the exponentiator corresponding to the modulo exponentiation, adds the operands using the adder to provide a sum, and returns the sum to the exponentiator; and wherein the modulo processor further comprises a modulo processor register having an output coupled to an input of the adder, the modulo processor register stores intermediate results during the modulo reduction, and the modulo processor register has a size of at least 128 bits.
- 18. The cipher processing system of claim 17 wherein the modulo processor register has a size of at least 1,024 bits.
- 19. The cipher processing system of claim 17 wherein:
the exponentiator comprises an exponentiator register for storing intermediate results during modulo exponentation; and the exponentiator register has a size of at least 128 bits.
- 20. The cipher processing system of claim 19 wherein the modulo processor register and the exponentiator register handle operands of substantially the same size.
- 21. The cipher processing system of claim 17 wherein the adder is a full adder.
- 22. A cipher processing system for performing modulo arithmetic comprising:
a multiplexing circuit; a processing register circuit coupled to an output of the multiplexing circuit; an adder coupled to the processing register circuit; an output register circuit having an input coupled to an output of the adder and having a first output coupled to a first input of the multiplexing circuit; and an exponentiator for performing modulo exponentiation wherein:
(i) an output of the exponentiator is coupled to a second input of the multiplexing circuit; (ii) a second output of the output register circuit is coupled to an input of the exponentiator; and (iii) the modulo exponentiation comprises reducing the size of an intermediate result at least once during the modulo exponentiation computations.
- 23. The cipher processing system of claim 22 wherein the modulo exponentiation comprises iteratively computing a running partial product.
- 24. The cipher processing system of claim 22 wherein the processing register circuit comprises a first register and is operable to perform bit-shifting of the contents in the first register.
- 25. The cipher processing system of claim 24 wherein:
the processing register circuit comprises a second register for storing a value corresponding to a modulus of the modulo exponentiation; the adder is operable to add the values in the first register and second register; and the adder is a full adder.
- 26. The cipher processing system of claim 25 wherein:
the multiplexing circuit comprises a multiplexer coupled for loading a value into the second register; and the multiplexing circuit is operable to invert a value provided from the output register circuit to the multiplexing circuit prior to loading the value into the second register.
- 27. A method for performing a modulo reduction of a value using a modulus to determine a modulo result, the method comprising:
testing for the presence of an overflow condition associated with the value; if the overflow condition is present, performing an initial modulo reduction of the value using the modulus and performing one or more subsequent modulo reduction operations of the value as necessary to determine the modulo result; and if the overflow condition is not present, determining a state of a most significant bit of the value and aligning the value in response to the state of the most significant bit of the value and performing modulo reduction operations of the value as necessary to determine the modulo result.
- 28. The method of claim 27 wherein performing the successive modulo reduction operations provides a plurality of intermediate results and further comprising determining a state of a most significant bit of at least one of the plurality of intermediate results.
- 29. The method of claim 28 wherein at least one of the plurality of intermediate results is shifted in response to the state of the most significant bit.
- 30. The method of claim 29 further comprising determining a state of a most significant bit of the modulus and aligning the modulus in response to the state of the most significant bit of the modulus.
- 31. A method for performing a modulo reduction of an operand using a modulus to determine a modulo result, the method comprising:
determining a state of a most significant bit of the operand and aligning the operand in response to the state of the most significant bit of the operand; setting a counter to an initial value based on a state of the operand; and decrementing the counter while performing modulo reduction operations, until the counter reaches a predetermined value, to determine the modulo result.
- 32. The method of claim 31 wherein the initial value is determined at least in part based on the number of bits of shifting in the aligning of the operand.
- 33. The method of claim 32 further comprising:
determining a state of a most significant bit of the modulus and aligning the modulus in response to the state of the most significant bit of the modulus; and adjusting the initial value of the counter responsive to the number of bits of shifting done to the modulus.
- 34. The method of claim 32 wherein the shifting is left-shifting.
- 35. The method of claim 31 wherein the predetermined value is zero.
- 36. A processor for performing modulo reduction of an operand using a modulus to determine a modulo result, comprising:
an adder; a first register coupled to a first input of the adder; a second register coupled to a second input of the adder; and a third register coupled to an output of the adder; and wherein the operand and the modulus each initially enter the adder through the first register.
- 37. The processor of claim 36 wherein an inverse of the modulus is loaded into the second register from the third register by passing through the adder.
- 38. The processor of claim 37 wherein the adder is a full adder.
- 39. The processor of claim 37 wherein:
the inverse of the modulus is added to a constant value of one using the adder to output a two's complement value to the third register; and the two's complement value is loaded into the second register from the third register.
- 40. The processor of claim 39 wherein the two's complement value is loaded into the second register prior to loading the operand into the first register.
- 41. The processor of claim 39 wherein the two's complement value remains in the second register during substantially all computations related to the modulo reduction of the operand.
- 42. The processor of claim 36 further comprising a first multiplexer operable to receive the operand or the modulus as an input wherein an output of the first multiplexer is coupled to the first register.
- 43. The processor of claim 42 further comprising a second multiplexer operable to selectively receive the two's complement value or a constant value of zero as an input wherein an output of the second multiplexer is coupled to the second register.
- 44. The processor of claim 43 wherein:
the first multiplexer is further operable to receive a first carry or sum value as an input; and the second multiplexer is further operable to receive a second carry or sum value as an input corresponding to the first carry or sum value.
- 45. The processor of claim 44 wherein the second multiplexer is further operable to select an output of the third register or an inverse of the output of the third register as an input.
- 46. The processor of claim 45 further comprising an inverter coupled between the third register and the second multiplexer for providing the inverse of the output of the third register.
- 47. The processor of claim 36 wherein the processor is operable to shift the contents of the first register one bit at a time.
- 48. The processor of claim 47 wherein the processor is operable to shift the contents of the third register one bit at a time.
- 49. The processor of claim 48 wherein the processor is further operable to shift the contents of the third register by a fixed multiple-bit unit.
- 50. A processor for performing modulo reduction of a first operand using a modulus to determine a modulo result, comprising:
an adder; a first register coupled to a first input of the adder; a second register coupled to a second input of the adder; a third register coupled to an output of the adder; and a first multiplexer having an output coupled to the first register, wherein the first multiplexer is operable to receive the first operand or the modulus as an input for loading into the first register.
- 51. The processor of claim 50 wherein the first multiplexer is further operable to receive a second operand as an input for loading into the first register.
- 52. The processor of claim 51 further comprising a second multiplexer having an output coupled to the second register, wherein the first multiplexer is further operable to receive a first sum or carry value as an input and the second multiplexer is operable to receive a second sum or carry value.
- 53. The processor of claim 51 further comprising a second multiplexer having an output coupled to the second register and an input coupled to the third register, wherein the second operand is loaded into the second y register from the third register by passing the second operand through the adder.
- 54. The processor of claim 53 wherein the processor adds the first operand and the second operand using the adder as part of calculating a result for (A+B) mod N, where A is the first operand, B is the second operand, and N is the modulus.
- 55. The processor of claim 50 wherein the first multiplexer is operable to receive a Montgomery constant, for transforming a number into Montgomery form in preparation for Montgomery exponentiation, as an input.
- 56. The processor of claim 55 wherein the processor is operable to receive a size of the modulus and receive the Montgomery constant based at least in part on the size of the modulus.
- 57. A processor for performing modulo reduction of a first operand using a modulus to determine a modulo result, comprising:
an adder; a first register coupled to a first input of the adder; a second register coupled to a second input of the adder; a third register coupled to an output of the adder; a first multiplexer having an output coupled to the first register; a second multiplexer having an output coupled to the second register; and wherein:
(i) the first multiplexer is operable to select a first sum or carry value as an input; (ii) the second multiplexer is operable to select a second sum or carry value as an input; and (iii) the first sum or carry value and the second sum or carry value correspond to a partial product resulting from modulo exponentiation computations.
- 58. The processor of claim 57 wherein the modulo exponentiation comprises reducing the size of an intermediate result at least once during the modulo exponentiation computations.
- 59. The processor of claim 58 wherein the first multiplexer is operable to select a Montgomery constant, for transforming a number into Montgomery form in preparation for Montgomery calculations in the modulo exponentiation computations, as an input.
- 60. The processor of claim 57 wherein the adder is a full adder.
- 61. The processor of claim 60 wherein the first register has a size of at least 128 bits.
- 62. A processor for performing modulo reduction, comprising:
an adder; a first register coupled to a first input of the adder; a second register coupled to a second input of the adder; a third register coupled to an output of the adder; and a first multiplexer having an output coupled to the first register, wherein the first multiplexer is operable to select a Montgomery constant, for transforming a number into Montgomery form in preparation for Montgomery calculations in modulo exponentiation computations, as an input.
- 63. The processor of claim 62 wherein the first register has a size of at least 128 bits.
- 64. A processor for performing modulo reduction of a first operand using a modulus to determine a modulo result, comprising:
an adder; a first register coupled to a first input of the adder; a second register coupled to a second input of the adder; a third register coupled to an output of the adder; and wherein the processor is operable to shift the contents of the first register by one bit at a time.
- 65. The processor of claim 64 wherein the processor is operable to shift the contents of the third register by one bit at a time.
- 66. The processor of claim 65 wherein the processor is operable to shift the contents of the third register by a fixed multiple-bit unit.
- 67. The processor of claim 65 wherein the first register is a shift register and the third register is a shift register.
- 68. The processor of claim 65 wherein:
the processor is operable to shift the contents of the first register to the left; and the processor is operable to shift the contents of the third register to the right.
- 69. The processor of claim 64 further comprising a counter, wherein the counter is adjusted by one for a single bit of shifting of the contents of the first register.
- 70. The processor of claim 69 wherein the value of the counter is examined to determine when to end the modulo reduction.
- 71. The processor of claim 69 wherein the adder is a full adder.
- 72. A method for performing a modulo reduction of an operand using a modulus to determine a modulo result, the method comprising:
setting a first pointer to point to the least significant bit of the modulus; setting a second pointer to point to the least significant bit of the operand; performing the modulo reduction through successive subtractions of a multiple of the modulus from the operand responsive to a comparison of the first and second pointers.
- 73. The method of claim 72 wherein the modulo reduction is stopped when the computational result of one of the successive subtractions is positive and the second pointer is greater than the first pointer.
- 74. The method of claim 73 wherein the modulo reduction is stopped when both (i) the computational result of one of the successive subtractions is negative and (ii) the second pointer is equal to the first pointer.
- 75. The method of claim 74 further comprising, if the computational result of one of the successive subtractions is positive, repeatedly: (i) incrementing the value of the second pointer by one and (ii) shifting the computational result by one bit position, as necessary, until the most significant bit position of the computational result holds a 1.
- 76. The method of claim 72 further comprising, if the computational result of one of the successive subtractions is positive, repeatedly, as necessary, shifting the computational result by one bit position until the most significant bit position of the computational result holds a 1.
- 77. The method of claim 76 further comprising incrementing the value of the second pointer by one for each one bit position shift of the computational result.
- 78. The method of claim 76 wherein the computational result is shifted in a direction to the left.
- 79. The method of claim 72 wherein the successive substractions comprise successive two's complement additions using an adder.
- 80. The processor of claim 36 wherein an output of the second register is inverted prior to inputting to the second input of the adder.
- 81. The processor of claim 36 further comprising a multiplexer coupled between the second register and the adder wherein the multiplexer is operable to select a true or an inverted value stored in the second register for providing to the adder.
- 82. A processor for computing modulo arithmetic comprising:
a first register for storing a first operand; a second register for storing a second operand; an adder coupled to an output of the first register and to an output of the second register, the adder operable to sum the contents of the first register and the second register and provide an output; a third register coupled to store the output of the adder; a first pointer register for tracking the status of the first register; a second pointer register for tracking the status of the second register; and a comparator for comparing the first pointer register and the second pointer register.
- 83. The processor of claim 82 further comprising a controller for controlling a shifting of the bit positions of the contents of the first register responsive to the comparing by the comparator of the first pointer register and the second pointer register.
- 84. The processor of claim 83 wherein the controller is operable to determine the status of a sign bit of the third register and wherein the status of the sign bit determines if the first register is loaded with the output of the adder.
- 85. The processor of claim 82 wherein the first register, the second register and the third register are an additional two bits larger in size than a maximum input size, wherein the additional two bits represent a sign bit and an overflow bit.
- 86. The processor of claim 85 wherein the processor is operable to calculate and store, in the second register, the negative of an input modulus in a modulo reduction calculation.
- 87. The processor of claim 82 further comprising a complement/true multiplexer coupled between the second register and the adder, the complement/true multiplexer operable to receive the contents of the second register with inverted bits.
- 88. The processor of claim 87 wherein the contents of the complement/true multiplexer is added to one, the sum being the negative of the second operand.
- 89. The processor of claim 82 further comprising a storage source coupled for storing the bits of the first operand that exceed the bit length of the first register.
- 90. A method for calculating a result of A mod N, where A and N are operands, comprising:
storing N in a first register; setting a first pointer to point to the bit of the first register containing the least significant bit of N; determining the two's complement of N and storing the result in the first register; storing A in a second register; setting a second pointer to point to the bit of the second register containing the least significant bit of A; and adding the contents of the first register to the contents of the second register and storing the sum in a third register.
- 91. The method of claim 90 further comprising, if the sum stored in the third register contains a zero or positive value, the following:
replacing the contents of the second register with the contents of the third register; shifting the contents of the second register to the left until a 1 is in the most significant bit of the second register and incrementing the second pointer by one for each bit position the contents of the second register are left-shifted; if the second pointer is greater than the first pointer, outputting the contents of the second register as the result; and if the second pointer is less than or equal to the first pointer, repeating the adding of the contents of the first register to the contents of the second register.
- 92. The method of claim 90 further comprising, if the sum stored in the third register contains a negative value, the following:
if the second pointer equals the first pointer, outputting the contents of the second register as the result; and if the second pointer and the first pointer are not equal, left-shifting the contents of the second register one bit, incrementing the second pointer by one, and repeating the adding of the contents of the first register to the contents of the second register.
- 93. The method of claim 90 wherein determining the two's complement comprises:
outputting the complement of the first register to a complement/true multiplexer; adding one to an output of the complement/true multiplexer to obtain the two's complement; and storing the two's complement in the first register.
- 94. The method of claim 91 wherein each of the first register, the second register and the third register is n+2 bits in size, where n is the bit length of N.
- 95. The method of claim 94 wherein the n+1 bit of each of the first register, the second register and the third register is a sign bit.
- 96. The method of claim 95 wherein the n bit of each of the first register, the second register and the third register is an overflow bit.
RELATED APPLICATION
[0001] This application is a non-provisional application claiming benefit under 35 U.S.C. sec. 119(e) of U.S. Provisional Application Ser. No. 60/296,956, filed Jun. 8, 2001 (titled METHOD AND SYSTEM FOR A FULL-ADDER POST PROCESSOR FOR MODULO ARITHMETIC by Langston et al.), which is incorporated by reference herein.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60296956 |
Jun 2001 |
US |