Techniques for computing a multiplicative modular inverse of two numbers is described. In the case of a and p, p being an n-bit integer, computing the multiplicative modular inverse includes loading in a first register the value of a, and computing, using a first modular multiplier, a square of the first register n times. Concurrently, using a second modular multiplier, a.sup.n is computed. Further, a product of outputs from the first modular multiplier and the second modular multiplier is computed as a result of the multiplicative modular inverse of a and p. In cases where p has more than n bits, the multiplicative modular inverse is computed iteratively using n-bit windows.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises an arithmetic logic unit configured to iteratively perform Montgomery multiplication of a first operand with a second operand to produce an intermediate result, wherein the first operand and the second operand are set to the intermediate result after each iteration, responsive to a termination condition being met, determine an adjustment parameter indicative of a difference between the intermediate result and the cryptographic component, and perform Montgomery multiplication of the intermediate result with the adjustment parameter, to calculate the cryptographic component for the cryptographic function.

Disclosed is a calculation apparatus. The calculation apparatus comprises a memory which stores at least one instruction and a processor which executes the at least one instruction, wherein the processor executes the at least one instruction to store a predetermined base prime number, invert the bits of information about the pre-stored base prime number to generate first prime number information different from the base prime number information, and perform modular calculation on a plurality of ciphertexts by using the generated first prime number information.

A system performs big number multiplication during a cryptographic process. This can occur, for example, when a controller in a storage system encrypts data for storage in its memory or decrypts data read from its memory. To perform the multiplication of these big input numbers quickly, the system uses a modified Toom-Cook algorithm comprising a plurality of levels of coefficient vectors for each of the input numbers. This involves performing a sample extraction process, a point multiplication process, and an interpolation (synthesis) process.

A modular multiplier and a modular multiplication method are provided. The modular multiplier includes: a first register which stores a previous accumulation value calculated at a previous cycle; a second register which stores a previous quotient calculated at the previous cycle; a quotient generator which generates a quotient using the stored previous accumulation value output from the first register; and an accumulator which receives an operand, a bit value of a multiplier, the stored previous accumulation value, and the stored previous quotient to calculate an accumulation value in a current cycle, wherein the calculated accumulation value is updated to the first register, and the generated quotient is updated to the second register.

A modular multiplication circuit includes a main operation circuit, a look-up table, and an addition unit. The main operation circuit updates a sum value and a carry value according to 2.sup.iA corresponding to a first operation value A and m bits of a second operation value B currently under operation, m is a positive integer, i is from 0 to m-1. The look-up table records values related to a modulus, and selects one of the values as a look-up table output value according to the sum value. The addition unit updates the sum value and the carry value according to the look-up table output value and outputs the updated sum value and the updated carry value to the main operation circuit. The modular multiplication circuit updates the sum value and the carry value in a recursive manner by using m different bits of the second operation value B.

A non-modular multiplier, a method for non-modular multiplication and a computational device are provided. The non-modular multiplier includes an interface and circuitry. The interface is configured to receive n-bit integers A and B. The circuitry is configured to calculate a non-modular product (A*B) by performing a sequence of computations, and to randomize a pattern of an electrical power consumed by the multiplier when performing the sequence. The sequence includes: generating a random number w, determining moduli M1 and M2 that depend on a number R=2.sup.k, k equals a bit-length of M1 and M2, and on the random number w, and calculating a first modular product C=A*B % M1 and a second modular product D=A*B % M2, and producing and outputting the non-modular product (A*B) based on the first and second modular products.

A method of securely storing a target number is provided based on the Chinese-Remainder Theorem, A set of n congruence pairs of numbers are generated, wherein a target number (a secret) can be uniquely derived from any t out of the n pairs. In one aspect the divisors are pre-selected such that any randomly selected n integers from the sequence are a valid Asmuth-Bloom sequence for any access structure (t, n) where 1<t≤n≤N. In another aspect, means are provided for pre-storing members of a Mignotte or Asmuth-Bloom sequence of N divisors in a look-up table from which n divisors can be selected. In this way a flexible access structure is supported. CRT secret shares for a selected access structure can be generated without having to perform the laborious process of calculating Mignotte sequences for each secret and access structure. Storage required to store the secret shares is also reduced by storing and retrieving congruence pairs in the form of an index and a remainder.

With respect to a method for execution by an information processing apparatus, the method includes calculating a reciprocal in multiplication on a residue field modulo a power of 2.

An integrated circuit is provided with a modular multiplication circuit. The modular multiplication circuit includes an input multiplier for computing the product of two input signals, truncated multipliers for computing another product based on a modulus value and the product, and a subtraction circuit for computing a difference between the two products. An error correction circuit uses the difference to look up an estimated quotient value and to subtract out an integer multiple of the modulus value from the difference in a single step, wherein the integer multiple is equal to the estimated quotient value. A final adjustment stage is used to remove any remaining residual estimation error.