An integrated circuit may be provided with a modular multiplication circuit. The modular multiplication circuit may include an input multiplier for computing the product of two input signals, truncated multipliers for computing another product based on a modulus value and the product, a subtraction circuit for computing a difference between the two products. An error correction circuit may use the difference to look up an estimated quotient value and to subtract out an integer multiple of the modulus value from the difference in a single step, wherein the integer multiple is equal to the estimated quotient value. A final adjustment stage may be used to remove any remaining residual estimation error.

In a method for determining the modular inverse of a number, successive iterations are applied to two pairs each including a first variable and a second variable, such that at the end of each iteration and for each pair, the product of the second variable and of the number is equal to the first variable modulo a given module. Each iteration includes at least one division by two of the first variable of a first pair or of a second pair, or a combination of the first variable of the first pair and of the first variable of the second pair by addition or subtraction. At least some of the iterations including a combination by addition or subtraction include a step of storing the result of the combination in the first variable of a pair determined randomly from among the first pair and the second pair. An associated cryptographic processing device is also described.

A cryptographic processing method comprises the following steps: obtaining a second number determined by adding to a first number the order of a finite group or a multiple of this order; determining a quotient and a remainder by dividing the second number by a random number; obtaining a third element equal to the combination of elements equal to a first element of the finite group and in number equal to the product of the quotient and the random number; obtaining a fourth element equal to the combination of elements equal to the first element and in number equal to the remainder; determining a second element by combining the third element and the fourth element.

Systems and methods are directed to accelerating operations associated with a microprocessor. Example embodiments improve the operations of the microprocessor by providing devices (e.g., integrated circuits, independent accelerators) configured to use reciprocal or reciprocal square root instructions. Such devices can be further configured to follow the reciprocal or reciprocal square root instructions with multiplication or other instructions to finish division, square root, or other complex operations.

Methods and systems for wave-based computation are provided. In one aspect, a wave-based computer includes an input circuit configured to receive a dividend and generate a plurality of prime waves and a dividend wave based on the received dividend, and a transmission circuit configured to receive the prime waves and the dividend wave from the input circuit. The wave-based computer further includes an output circuit configured to receive the prime waves and the dividend wave from the transmission circuit, detect zero-crossings of each of the prime waves and the dividend wave, and determine prime factors of the dividend based on the detected zero-crossings.

A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm.

Systems and methods are directed to accelerating operations associated with a microprocessor. Example embodiments improve the operations of the microprocessor by providing devices (e.g., integrated circuits, independent accelerators) configured to use reciprocal or reciprocal square root instructions. Such devices can be further configured to follow the reciprocal or reciprocal square root instructions with multiplication or other instructions to finish division, square root, or other complex operations.

According to one embodiment, in an inverse element arithmetic apparatus, a word unit processing unit, as approximate calculation loop for extended binary GCD process, iterates a first loop in a case where a value of |r?s| is a subtraction threshold or more, and is capable of iterating a second loop instead of the first loop in a case where the value of |r?s| is smaller than the subtraction threshold. In the first loop, values of r, s, a, b, m, and n is updated and an update matrix M is generated or updated. In the second loop, the values of m and n are updated without updating the values of r, s, a, b and the update matrix M. The control unit terminates the loop of the inverse element arithmetic process in a case where a loop number of times of the inverse element arithmetic process reaches a number-of-times threshold.

The present invention relates to a method for digital signing of a document using a predetermined secret key (x), comprising steps of: (a) determination of an initial internal state (s.sub.0) by application to a condensate of the document of a first white box implementation (WB.sub.0) of: generation of a main nonce (k); then a modular sum of the main nonce (k) and of a predetermined constant (K); (b) determination of a first internal state (s.sub.1) by application to the initial internal state (s.sub.0) of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant (K); (c) determination of a second internal state (s.sub.2) by application to said condensate of a second white box implementation (WB.sub.s2) of: generation of the main nonce (k); and a second modular arithmetic operation function of the first internal state (s.sub.1), of the main signature nonce (k) and of the secret key (x); (d) generation of a digital signature of the document from the first internal state (s.sub.1) and the second internal state (s.sub.2).

In this application, example methods for performing quantum Montgomery arithmetic are disclosed. Additionally, circuit implementations are disclosed for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. This application also shows that elliptic curve discrete logarithms on an elliptic curve defined over an n-bit prime field can be computed on a quantum computer with at most 9n+2 log.sub.2(n)+10 qubits using a quantum circuit of at most 512n.sup.3 log.sub.2(n)+3572n.sup.3 Toffoli gates.