A modular multiplication circuit includes a main operation circuit, a look-up table, and an addition unit. The main operation circuit updates a sum value and a carry value according to 2.sup.iA corresponding to a first operation value A and m bits of a second operation value B currently under operation, m is a positive integer, i is from 0 to m-1. The look-up table records values related to a modulus, and selects one of the values as a look-up table output value according to the sum value. The addition unit updates the sum value and the carry value according to the look-up table output value and outputs the updated sum value and the updated carry value to the main operation circuit. The modular multiplication circuit updates the sum value and the carry value in a recursive manner by using m different bits of the second operation value B.

Aspects of the present disclosure involve a method and a system to execute the method to perform a cryptographic operation involving a modulo N computation, the method comprising loading a first integer number and a second integer number, wherein the first integer number and the second integer number are within an interval of 2N integer numbers, and performing an arithmetic operation involving the first integer number and the second integer number, wherein the arithmetic operation is to produce a third integer number, and wherein the arithmetic operation comprises a shifting operation to ensure that the third integer number is inside the interval of 2N integer numbers.

A Montgomery multiplier includes a partial product computing unit for multiplying a multiplicand and a multiplier; a modulus reduction computing unit for performing a multiplication of a modulus and a quotient that reflects a quotient sign; an accumulation unit for accumulating in a intermediate value an output value of the partial product computing unit and an output value of the modulus reduction computing unit from a previous cycle; a quotient computing unit for receiving an accumulation value of the accumulation unit during a current cycle and calculating a quotient sign to be used during a next cycle; and a quotient sign determination unit for determining a quotient sign to be used during a next cycle from the multiplicand, the multiplier and the quotient.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises a processor configured to set a start value to be equal to R mod n, perform b iterations of a shift and subtract operation on the start value to produce a base value, wherein the start value is set to be equal to the base value after each iteration, set a multiplication operand to be equal to the base value, and perform k iterations of a Montgomery modular multiplication of the multiplication operand with the multiplication operand to produce an intermediate result, wherein the multiplication operand is set to be equal to the intermediate result after each iteration, wherein the shift and subtract operation comprises determining a shifted start value which is equivalent to the start value multiplied by two, and subtracting n from the shifted start value if the shifted start value is greater than or equal to n.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises an arithmetic logic unit configured to iteratively perform Montgomery multiplication of a first operand with a second operand to produce an intermediate result, wherein the first operand and the second operand are set to the intermediate result after each iteration, responsive to a termination condition being met, determine an adjustment parameter indicative of a difference between the intermediate result and the cryptographic component, and perform Montgomery multiplication of the intermediate result with the adjustment parameter, to calculate the cryptographic component for the cryptographic function.

A computer processing system having at least one accelerator operably configured to compute modular multiplication with a modulus of special form and having a systolic carry-save architecture configured to implement Montgomery multiplication and reduction and having multiple processing element types composed of Full Adders and AND gates.

A processing device for federated learning, including: a modular exponentiation module including at least one modular exponentiation engine; a pre-processing module for providing operations corresponding to a plurality of operator modes; a montgomerization module for providing montgomerization operations; a confusion calculation module for providing modular multiplication operations in montgomery space; a montgomery reduction module for providing montgomery reduction operations; and a controller for determining, according to an input operator mode, whether to enable at least two modules out of the pre-processing module, the montgomerization module, the confusion calculation module, and the montgomery reduction module, so as for cooperatively performing the input operator mode together with the modular exponentiation module.

Disclosed are apparatuses, systems, and techniques to perform and facilitate fast and efficient modular computational operations, such as Montgomery multiplication with reduced interdependencies, using optimized processing resources.

An electronic calculating device (100) arranged to convert an input number (y) represented ((y.sub.1, y.sub.2, . . . , y.sub.k)) m a residue number system (RNS) to an output number represented in a radix representation ((e.sub.0, e.sub.1, . . . e.sub.s−1)), the calculating device comprising an input interface (110) arranged to receive the input number (y) represented in the residue number system, and a processor circuit (120) configured to iteratively update an intermediate number (ŷ) represented in the residue number system, wherein iterations produce the digits (e.sub.0, e.sub.1, . . . e.sub.s−1) in the radix representation with respect to the bases (b.sub.0, b.sub.1, . . . , b.sub.s−1), at least one iteration comprises computing the intermediate number modulo a base (b.sub.t) of the radix representation to obtain a digit (e.sub.t=(ŷ).sub.bt) of the radix representation, updating the intermediate number (ŷ←(ŷ−e.sub.t+F)/b.sub.t) by subtracting the digit from the intermediate number, adding an obfuscating number (F; F.sub.t), and dividing by the base (b.sub.t).

A modular multiplication circuit includes a main operation circuit, a look-up table, and an addition unit. The main operation circuit updates a sum value and a carry value according to 2.sup.iA corresponding to a first operation value A and m bits of a second operation value B currently under operation, m is a positive integer, i is from 0 to m−1. The look-up table records values related to a modulus, and selects one of the values as a look-up table output value according to the sum value. The addition unit updates the sum value and the carry value according to the look-up table output value and outputs the updated sum value and the updated carry value to the main operation circuit. The modular multiplication circuit updates the sum value and the carry value in a recursive manner by using m different bits of the second operation value B.