An electronic calculating device (100) arranged to convert an input number (y) represented ((y.sub.1, y.sub.2, . . . , y.sub.k)) m a residue number system (RNS) to an output number represented in a radix representation ((e.sub.0, e.sub.1, . . . e.sub.s1)), the calculating device comprising an input interface (110) arranged to receive the input number (y) represented in the residue number system, and a processor circuit (120) configured to iteratively update an intermediate number () represented in the residue number system, wherein iterations produce the digits (e.sub.0, e.sub.1, . . . e.sub.s1) in the radix representation with respect to the bases (b.sub.0, b.sub.1, . . . , b.sub.s1), at least one iteration comprises computing the intermediate number modulo a base (b.sub.t) of the radix representation to obtain a digit (e.sub.t=().sub.bt) of the radix representation, updating the intermediate number ((e.sub.t+F)/b.sub.t) by subtracting the digit from the intermediate number, adding an obfuscating number (F; F.sub.t), and dividing by the base (b.sub.t).

There is provided a modular multiplication device for performing a multiplication of a first multiplicand and a second multiplicand modulo a given modulus, each of the multiplicand comprising a given number of digits, each digit having a given word size. The modular multiplication device comprises: a multiplier for multiplying at least one digit of the first multiplicand with the second multiplicand to produce a multiplier output; a modular reduction unit configured to reduce a quantity derived from the multiplier output by the product of an extended modulus and an integer coefficient, the extended modulus being the product of the given modulus with an extension parameter, which provides a reduction output, the reduction output being a positive integer strictly smaller than the extended modulus, wherein the modular multiplication device further comprises a selection unit configured to select the extension parameter such that the time taken for the device to perform the multiplication is independent from the multiplicands.

An apparatus and method for modular multiplication. The modular multiplication apparatus includes a first operation unit for performing a first operation based on a structure of at least one of a serial multiplier and a serial squarer-based multiplier; a second operation unit for performing a second operation based on a structure of at least one of the serial multiplier and the serial squarer-based multiplier; an adder unit for outputting the sum of results of the first operation and the second operation, inputting an intermediate value stream to the first input unit, which calculates the product of the intermediate value stream and a zeta parameter, and outputting a High-Order Term as a result of Montgomery Modular Multiplication, wherein the first and second operation units output a result in digit-serial format in order from the least significant digit to the most significant digit.

There is disclosed a countermeasure using the properties of the Montgomery multiplication for securing cryptographic systems such as RSA and DSA against, in particular, safe-error injection attacks. In the proposed algorithm, the binary exponentiation b=a.sup.d mod n is iteratively calculated using the Montgomery multiplication when the current bit d.sub.i of the exponent d is equal to zero. In that case, the Montgomery multiplication of the actual result of the exponentiation calculation by R is realized. Thanks to this countermeasure, if there is any perturbation of the fault injection type introduced during the computation, it will have visible effect on the final result which renders such attack inefficient to deduce the current bit d.sub.i of the private key d.

A Montgomery modular multiplication device and an embedded security chip. The Montgomery modular multiplication device includes a first Montgomery modular multiplication module, a power calculation module and a second Montgomery modular multiplication module. The first Montgomery modular multiplication module obtains a first operation result A according to two first preset parameters. The power calculation module obtains a second operation result B according to the first operation result A output by the first Montgomery modular multiplication module, the first preset parameters, the second preset parameter and a power calculation function. The first Montgomery modular multiplication module further obtains a Montgomery modular multiplication conversion coefficient according to the first operation result A and the second operation result B. The second Montgomery modular multiplication module obtains a final modular multiplication result according to a first input parameter NA, a second input parameter NB and the Montgomery modular multiplication conversion coefficient.

In this application, example methods for performing quantum Montgomery arithmetic are disclosed. Additionally, circuit implementations are disclosed for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. This application also shows that elliptic curve discrete logarithms on an elliptic curve defined over an n-bit prime field can be computed on a quantum computer with at most 9n+2 log.sub.2(n)+10 qubits using a quantum circuit of at most 512n.sup.3 log.sub.2(n)+3572n.sup.3 Toffoli gates.

A system includes an integrated circuit configured to receive a multiplicand number, a multiplier number, and a modulus at one or more data inputs. The multiplicand number is partitioned into a plurality of multiplicand words. Each multiplicand word has a multiplicand word width. The multiplier number is partitioned into a plurality of multiplier words. Each multiplier word has a multiplier word width different from the multiplicand word width. A plurality of outer loop iterations of an outer loop is performed to iterate through the plurality of the multiplicand words. Each outer loop iteration of the outer loop includes a plurality of inner loop iterations of an inner loop performed to iterate through the plurality of the multiplier words. A Montgomery product of the multiplicand number and the multiplier number with respect to the modulus is determined.

A Montgomery multiplication apparatus (MMA), for multiplying two multiplicands modulo a predefined number, includes a pre-compute circuit and a Montgomery multiplication circuit. The pre-compute circuit is configured to compute a Montgomery pre-compute value by performing a series of iterations. In a given iteration, the pre-compute circuit is configured to modify one or more intermediate values by performing bit-wise operations on the intermediate values calculated in a preceding iteration. The Montgomery multiplication circuit is configured to multiply the two multiplicands, modulo the predefined number, by performing a plurality of Montgomery reduction operations using the Montgomery pre-compute value computed by the pre-compute circuit.

Systems and methods for end-to-end encryption and dynamic resizing and encoding into grouped byte channels are described herein. A query is homomorphically encrypted at a client using dynamic channel techniques. The encrypted query is sent without a private key to a server for evaluation over target data to generate encrypted response without decrypting the encrypted query. The result elements of the encrypted response are grouped, co-located, and dynamically resized and encoded into grouped byte channels using the dynamic channel techniques, without decrypting the encrypted query or the encrypted response. The encrypted response is sent to the client where the client uses the private key and channel extraction techniques associated with the dynamic channel techniques to decrypt and perform channel extraction on the encrypted response to obtain the results of the query without revealing the query or results to a target data owner, an observer, or an attacker.

Systems and methods for efficient fixed-base multi-precision exponentiation are disclosed herein. An example method includes applying a multi-precision exponentiation algorithm to a base number, the multi-precision exponentiation algorithm comprises a pre-generated lookup table used to perform calculations on the base number, the pre-generated lookup table comprising pre-calculated exponentiated values of the base number.