Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Montgomery modular multiplication
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Side-channel attacks == Because Montgomery reduction avoids the correction steps required in conventional division when quotient digit estimates are inaccurate, it is mostly free of the conditional branches which are the primary targets of timing and power [[side-channel attack]]s; the sequence of instructions executed is independent of the input operand values. The only exception is the final conditional subtraction of the modulus, but it is easily modified (to always subtract something, either the modulus or zero) to make it resistant.<ref name="kizhvatov">{{cite conference |first1=Zhe |last1=Liu |first2=Johann |last2=Großschädl |first3=Ilya |last3=Kizhvatov |url=https://www.nics.uma.es/seciot10/files/pdf/liu_seciot10_paper.pdf |title=Efficient and Side-Channel Resistant RSA Implementation for 8-bit AVR Microcontrollers |conference=1st International Workshop on the Security of the Internet of Things |date=29 November 2010 |location=Tokyo |conference-url=https://www.nics.uma.es/pub/seciot10/ }} ([https://www.nics.uma.es/pub/seciot10/files/ppt/liu_seciot10.pdf Presentation slides].)</ref> It is of course necessary to ensure that the exponentiation algorithm built around the multiplication primitive is also resistant.{{r|kizhvatov}}<ref>Marc Joye and Sung-Ming Yen. [http://cr.yp.to/bib/2003/joye-ladder.pdf "The Montgomery Powering Ladder"]. 2002.</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)