52 Things: Number 23: Write a C program to implement Montgomery arithmetic.
52 Things: Number 23: Write a C program to implement Montgomery arithmetic.
52 Things: Number 23: Write a C program to implement Montgomery arithmetic.
52件事:第23件:寫一個C程序來實現Montgomery算術。This is the latest in a series of blog posts to address the list of
這是一系列博客文章中最新的一篇'52 Things Every PhD Student Should Know'
“每個博士生都應該知道的52件事” to do Cryptography: a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. This next blog continues the topic of 'Cryptographic Implementation Details'.
做密碼學:一組問題,旨在讓博士生在第一年結束時了解他們應該知道什么。下一篇博客繼續主題“加密實現細節”。
你會記得從上一篇博客文章中,算法有四個步驟(如果不清楚,請參閱文章中對算法的完整描述)。為了我們的實施,我們將分別對這些階段中的每一個階段進行分析。
此函數使用二進制擴展gcd運算來查找整數r -1 和m',使得rr -1 =1+mm'。這些整數是Montgomery歸約的后續步驟所必需的。該算法獲取r和m以及指向該算法導出的值r -1 和m'的指針。這是使用擴展的gcd算法完成的,該算法可以通過多種方式實現(本博客不涉及其目的),我請讀者參考[1]或[2]了解其詳細描述。
第二階段的目標是計算abar=ar mod m和bbar=br mod m。由于r=2 64 ,不需要乘法,只需要移位64位(由于我們選擇了r=2 64 ),得到128位輸出,64 0落后于a或b的值。然后將除以m的余數作為abar或bbar。可以編寫一個函數來實現這一點,該函數取高64位(x)和低64位(y)以及m(z)的值并返回64位結果。這種功能可以定義如下:
執行Montgomery乘法的函數可以定義為取64位值abar、bbar、m和mprine并返回64位值作為Montgomerly乘法步驟的輸出的函數。
The first sub-stage to of the function is to calculate t = abar*bbar. This is done by multiplying abar and bbar together to give a 128 bit product. An additional function could be written to do this which takes abar and bbar and returns two 64bit values, one with the high 64 bits (thi) and one with the low 64 bits (tlow).
函數的第一個子階段是計算t=abar*bbar。這是通過將abar和bbar相乘得到128位乘積來實現的。可以編寫一個額外的函數來實現這一點,該函數采用abar和bbar并返回兩個64位值,一個具有高64位(thi),另一個具有低64位(tlow)。
The next stage is the computation of u = (t + (tm’ mod r)m)/r. Here t is a 128 bit integer and m’ is a 64 bit integer. As we mod by r, only the lower 64 bits of tm’ are required, meaning that we can disregard the top 64 bits of t.
下一階段是u=(t+(tm'mod r)m)/r的計算。這里t是128位整數,m'是64位整數。當我們用r進行mod時,只需要tm’的低64位,這意味著我們可以忽略t的前64位。
mulul64(tm,m,&tmmhi,&tmmlo);//執行128位乘法的函數
uhi=thi+tmmhi;
if (ulo < tlo) uhi = uhi +1; // test for overflow from ulo and add if necessary to uhi
如果(ulo<tlo)uhi=uhi+1;//測試ulo是否溢出,必要時添加到uhi
ov = (uhi < thi) | ((uhi == thi) & (ulo < tlo)); // check for carry
ov=(uhi<thi)|((uhi==thi)&(ulo<tlo));//檢查進位
if(ov > 0 || ulo >= m) // test if there was overflow or ulo is higher that
如果(ov>0||ulo>=m)//測試是否存在溢出或ulo高于
ulo = ulo – m;
ulo=ulo–m;
return ulo; 返回ulo;
在最后階段,我們計算ur -1 mod m,它是a和b模m的乘積。這可以通過調用以下函數來完成:
mulul64(p, rinv, &phi, &plo); // performs multiplication and returns two 64 bit values phi and plo
mulul64(p,rinv,&phi,&plo);//執行乘法運算并返回兩個64位值phi和plo
p = modul64(phi, plo, m); // returns value of 128bit input mod m
p=模64(phi,plo,m);//返回128位輸入mod m的值
這是一系列博客文章中最新的一篇'52 Things Every PhD Student Should Know'
“每個博士生都應該知道的52件事” to do Cryptography: a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. This next blog continues the topic of 'Cryptographic Implementation Details'.
做密碼學:一組問題,旨在讓博士生在第一年結束時了解他們應該知道什么。下一篇博客繼續主題“加密實現細節”。
In this post I will aim to compliment what we saw last week regarding the more theoretical aspects of Montgomery arithmetic with a practical implementation of it. The implementation is written in C and written for a computer with a word size of 64 bits. The moduls m can therefore be as large as 264 – 1 and a and b can be as large as m – 1. We will take r = 264. As in the previous post, most of what is given here is derived from [1] so please refer to this for more information.
在這篇文章中,我將用蒙哥馬利算法的實際實現來補充我們上周看到的關于蒙哥馬利算法的更多理論方面的內容。該實現是用C編寫的,是為64位的計算機編寫的。因此,模m可以大到2 64 –1,a和b可以大到m–1。我們將取r=2 64 。與上一篇文章一樣,這里給出的大部分內容都來源于[1],因此請參閱本文以獲取更多信息。
You will remember from the last blog post, that four steps were given to the algorithm (please see post for a full description of the algorithm if this is hazy). For the purposes of our implementation, we will eamine each of these stages separately.在這篇文章中,我將用蒙哥馬利算法的實際實現來補充我們上周看到的關于蒙哥馬利算法的更多理論方面的內容。該實現是用C編寫的,是為64位的計算機編寫的。因此,模m可以大到2 64 –1,a和b可以大到m–1。我們將取r=2 64 。與上一篇文章一樣,這里給出的大部分內容都來源于[1],因此請參閱本文以獲取更多信息。
你會記得從上一篇博客文章中,算法有四個步驟(如果不清楚,請參閱文章中對算法的完整描述)。為了我們的實施,我們將分別對這些階段中的每一個階段進行分析。
1. The GCD Operation 1.GCD操作
This function uses the binary extended gcd operation to find the integers r-1 and m’ such that rr-1 = 1 + mm’. These integers are required for the subsequent steps of the Montgomery reduction. The algorithm takes r and m and pointers to values r-1 and m’ which the algorithm derives. This is done using the extended gcd algorithm which could be implemented in a number of ways (the purpose of which this blog is not about) and I refer the reader to [1] or [2] for detailed descriptions of it.此函數使用二進制擴展gcd運算來查找整數r -1 和m',使得rr -1 =1+mm'。這些整數是Montgomery歸約的后續步驟所必需的。該算法獲取r和m以及指向該算法導出的值r -1 和m'的指針。這是使用擴展的gcd算法完成的,該算法可以通過多種方式實現(本博客不涉及其目的),我請讀者參考[1]或[2]了解其詳細描述。
2. Transform the Multipliers
2.變換乘法器
The second stage aims to compute abar = ar mod m and bbar = br mod m. As r = 264, no multiplication is required but only a shifting by 64 bits (due to our selection of r = 264), giving a 128 bit output with 64 0s tailing the value of a or b. The remainder of the division by m is then given as abar or bbar. A function which takes the high 64 bits (x) and the low 64 bits (y) and the value for m (z) and returns the 64 bit result could be written to do this. Such a function could be defined as follows:2.變換乘法器
第二階段的目標是計算abar=ar mod m和bbar=br mod m。由于r=2 64 ,不需要乘法,只需要移位64位(由于我們選擇了r=2 64 ),得到128位輸出,64 0落后于a或b的值。然后將除以m的余數作為abar或bbar。可以編寫一個函數來實現這一點,該函數取高64位(x)和低64位(y)以及m(z)的值并返回64位結果。這種功能可以定義如下:
uint64 modul64(uint64 x, uint64 y, uint64 z);
uint64模64(uint64 x,uint64 y,uint64z);
uint64模64(uint64 x,uint64 y,uint64z);
Where uint64 is a type defined as follows:
其中uint64是如下定義的類型:
其中uint64是如下定義的類型:
typedef unsigned long long uint64;
typedef無符號長整型uint64;
typedef無符號長整型uint64;
3. Montgomery Multiplication
3蒙哥馬利乘法
The function which carries out the Montgomery multiplication can be defined as a function which takes the 64 bit values abar, bbar, m and mprine and returns a 64 bit value for the output of the Montgomery multiplication step.3蒙哥馬利乘法
執行Montgomery乘法的函數可以定義為取64位值abar、bbar、m和mprine并返回64位值作為Montgomerly乘法步驟的輸出的函數。
The first sub-stage to of the function is to calculate t = abar*bbar. This is done by multiplying abar and bbar together to give a 128 bit product. An additional function could be written to do this which takes abar and bbar and returns two 64bit values, one with the high 64 bits (thi) and one with the low 64 bits (tlow).
函數的第一個子階段是計算t=abar*bbar。這是通過將abar和bbar相乘得到128位乘積來實現的。可以編寫一個額外的函數來實現這一點,該函數采用abar和bbar并返回兩個64位值,一個具有高64位(thi),另一個具有低64位(tlow)。
The next stage is the computation of u = (t + (tm’ mod r)m)/r. Here t is a 128 bit integer and m’ is a 64 bit integer. As we mod by r, only the lower 64 bits of tm’ are required, meaning that we can disregard the top 64 bits of t.
下一階段是u=(t+(tm'mod r)m)/r的計算。這里t是128位整數,m'是64位整數。當我們用r進行mod時,只需要tm’的低64位,這意味著我們可以忽略t的前64位。
tm = tlo*mprime; // Disregard thi
tm=tlo*mptime;//無視這一點
mulul64(tm, m, &tmmhi, &tmmlo); // Function which performs 128 bit multiplicationtm=tlo*mptime;//無視這一點
mulul64(tm,m,&tmmhi,&tmmlo);//執行128位乘法的函數
The subsequent multiplication by m gives an output of 128 bits and the addition of t an output of 129 bits, which can be carried out as 128bit + 128bit = 128bit output and compute the carry separately. In C:
隨后乘以m得到128位的輸出,加上t得到129位的輸出。這可以作為128位+128位=128位的輸出來執行,并單獨計算進位。在C:
隨后乘以m得到128位的輸出,加上t得到129位的輸出。這可以作為128位+128位=128位的輸出來執行,并單獨計算進位。在C:
ulo = tlo + tmmlo;
ulo=tlo+tmmlo;
uhi = thi + tmmhi;ulo=tlo+tmmlo;
uhi=thi+tmmhi;
if (ulo < tlo) uhi = uhi +1; // test for overflow from ulo and add if necessary to uhi
如果(ulo<tlo)uhi=uhi+1;//測試ulo是否溢出,必要時添加到uhi
ov = (uhi < thi) | ((uhi == thi) & (ulo < tlo)); // check for carry
ov=(uhi<thi)|((uhi==thi)&(ulo<tlo));//檢查進位
The last step is the calculation of if(u >=m) then return u – m; else return u. This is shown below:
最后一步是計算如果(u>=m),則返回u–m;否則返回u。如下所示:
最后一步是計算如果(u>=m),則返回u–m;否則返回u。如下所示:
ulo = uhi; ulo=uhi;
uhi = 0; uhi=0;if(ov > 0 || ulo >= m) // test if there was overflow or ulo is higher that
如果(ov>0||ulo>=m)//測試是否存在溢出或ulo高于
ulo = ulo – m;
ulo=ulo–m;
return ulo; 返回ulo;
4. The Inverse Transformation
4.逆變換
In the final stage we compute ur-1 mod m which is the product of a and b modulo m. This could be done by calling the following functions:4.逆變換
在最后階段,我們計算ur -1 mod m,它是a和b模m的乘積。這可以通過調用以下函數來完成:
mulul64(p, rinv, &phi, &plo); // performs multiplication and returns two 64 bit values phi and plo
mulul64(p,rinv,&phi,&plo);//執行乘法運算并返回兩個64位值phi和plo
p = modul64(phi, plo, m); // returns value of 128bit input mod m
p=模64(phi,plo,m);//返回128位輸入mod m的值
This gives the output p which is the 64 bit output equal to ab mod m and the Montgomery reduction is complete.
這給出了等于ab mod m的64位輸出的輸出p,并且Montgomery歸約完成。
這給出了等于ab mod m的64位輸出的輸出p,并且Montgomery歸約完成。
The Working Class Must Lead!
浙公網安備 33010602011771號