Disclosed is a calculation apparatus. The calculation apparatus comprises a memory which stores at least one instruction and a processor which executes the at least one instruction, wherein the processor executes the at least one instruction to store a predetermined base prime number, invert the bits of information about the pre-stored base prime number to generate first prime number information different from the base prime number information, and perform modular calculation on a plurality of ciphertexts by using the generated first prime number information.

Disclosed is a calculation apparatus. The calculation apparatus comprises a memory which stores at least one instruction and a processor which executes the at least one instruction, wherein the processor executes the at least one instruction to store a predetermined base prime number, invert the bits of information about the pre-stored base prime number to generate first prime number information different from the base prime number information, and perform modular calculation on a plurality of ciphertexts by using the generated first prime number information.

Multiplication of integers over a finite field involves an array of arithmetic circuits configured to input a-limbs, d-limbs, and r-limbs. The array determines an intermediate term, Z, having z-limbs 0 through Kby determining respective sets of intermediate z-limbs 0 through K- 1 for r-limbs i for i = 0 to K - 1, and summing corresponding ones of the intermediate z-limbs of sets i through K - 1. The arithmetic circuits determine for r-limb 0, intermediate z-limbs 0 through K - 1 of set 0 as products of r-limb 0 and a-limbs 0 through K - 1, and for the remaining r-limbs determines intermediate z-limbs using different combinations of a-limbs, r-limbs, modulus, and d-limbs. A modulo circuit computes G as (most significant M bits of Z* m) + (least significant Q bits of Z, wherein M is a number of bits by which a number of bits of Z exceeds N, and Q is equal to M + ceil (log.sub.2 m), and increases G by m if bits Q through N - 1 of Z all having bit value one, and G ≥ 2.sup.Q - m. Circuitry assigns bits G bits 0 through Q-1 to Y bits 0 through Q- 1, and G bit Q to Y bit Q.

A binary logic circuit for determining the ratio x/d where x is a variable integer input, the binary logic circuit comprising: a logarithmic tree of modulo units each configured to calculate x[a:b]mod d for respective block positions a and b in x where b>a with the numbering of block positions increasing from the most significant bit of x up to the least significant bit of x, the modulo units being arranged such that a subset of M−1 modulo units of the logarithmic tree provide x[0:m]mod d for all m∈{1, M}, and, on the basis that any given modulo unit introduces a delay of 1: all of the modulo units are arranged in the logarithmic tree within a delay envelope of ┌log .sub.2M┐; and more than M−2.sup.u of the subset of modulo units are arranged at the maximal delay of ┌log .sub.2M┐, where 2.sup.u is the power of 2 immediately smaller than M.

Disclosed is a method for implementing precomputation of a large number in an embedded system. A modulo module, a modulo adding module, and a Montgomery modular multiplier are invoked according to a data format of a modulus length and a value of each data bit of a binary number corresponding to the modulus length, to perform an iterative operation, so that a precomputation result of a large number can be obtained when the modulus length is an arbitrary value, thereby improving the data processing speed.

Disclosed is a method for implementing precomputation of a large number in an embedded system. A modulo module, a modulo adding module, and a Montgomery modular multiplier are invoked according to a data format of a modulus length and a value of each data bit of a binary number corresponding to the modulus length, to perform an iterative operation, so that a precomputation result of a large number can be obtained when the modulus length is an arbitrary value, thereby improving the data processing speed.

A system performs big number multiplication during a cryptographic process. This can occur, for example, when a controller in a storage system encrypts data for storage in its memory or decrypts data read from its memory. To perform the multiplication of these big input numbers quickly, the system uses a modified Toom-Cook algorithm comprising a plurality of levels of coefficient vectors for each of the input numbers. This involves performing a sample extraction process, a point multiplication process, and an interpolation (synthesis) process.

Computing devices, methods, and systems for corrections to the “almost” binary extended GCD in a cryptographic operation of a cryptographic process are disclosed. Exemplary implementations may: receive, from a cryptographic process, a command to compute a binary extended greatest common denominator of a first input value and a second input value for a cryptographic operation; compute, by a binary extended GCD algorithm, the binary extended GCD using a multiplication with an inverse of two, instead of a division by two, to obtain a first output value; compute, by the binary extended GCD algorithm, a second output value and a third output value; and return, to the cryptographic process, the first output value, the second output value, and the third output value.

Computing devices, methods, and systems for corrections to the “almost” binary extended GCD in a cryptographic operation of a cryptographic process are disclosed. Exemplary implementations may: receive, from a cryptographic process, a command to compute a binary extended greatest common denominator of a first input value and a second input value for a cryptographic operation; compute, by a binary extended GCD algorithm, the binary extended GCD using a multiplication with an inverse of two, instead of a division by two, to obtain a first output value; compute, by the binary extended GCD algorithm, a second output value and a third output value; and return, to the cryptographic process, the first output value, the second output value, and the third output value.

A device may select a first pseudorandom integer within a range of integers. The device may generate a first candidate prime, based on the first pseudorandom integer, for primality testing. Based on determining that the first candidate prime fails a primality test, the device may select a second pseudorandom integer within the range of integers. The device may generate a second candidate prime, based on the second pseudorandom integer, for primality testing. The device may determine whether the second candidate prime satisfies the primality test. The device may selectively: re-perform, based on the second candidate prime failing the primality test, the selecting the second pseudorandom integer, the generating the second candidate prime, and the determining whether the second candidate prime satisfies the primality test, or using, based on the second candidate prime satisfying the primality test, the second candidate prime as a prime integer in a cryptographic protocol.