Amys MRNS

1
Amys MRNS
2
Fact
Let X (X1 mod R1, X2 mod R2 ) Let X Y1
R1(Y2 R2(Y3 ) ) Then Y1 X1 Y2 (X2 -
Y1)R1-1 mod R2 Y3 (((X2 - Y1)R1-1 ) - Y2) R2-1
mod R3 etc
3
Problem
A problem calls for many multiplications and
reductions modulo a large modulus M of n
bits. Multiplications can be performed in time
O(n2). Standard reductions, however, require
W(n3) work using a standard division approach.
4
An initial approachMontgomery Reduction
Let M be an n-bit number, R 2n2 , Z lt MR RF(Z)
(Z - M(ZM-1 mod R))/R Then RF(Z) ZR-1 mod
M 0 lt RF(Z) lt 2M Note that because R is a power
of 2, the cost is 2 multiplications
5
To perform k multiplications

• Put all operands in Montgomery Form (XR mod M)
• Do multiplications with Montgomery reductions
  interspersed e.g. RF(XR YR) XYR mod M
• At the end, perform one more Montgomery
  Reduction and subtract M if necessary to get the
  answer modulo M

6
Redundant Number Systems
If an operation such as multiplication requires
O(n2) time. This can be reduced to O(n) time.
Let q1 qn be a set of relatively prime
constant-size numbers. C.R.T. A a1 mod q1,
an mod qn B b1 mod q1, bn mod qn AB
a1b1 mod q1, anbn mod qn
Problem Overflow
7
Idea perform Montgomery Reduction inside RNS
T r1, rk, qk1, q2k such that R Pri
and Q Pri gt 4M Represent (XR-1 mod M) in RNS
system T
8
Issue Reducing Z to RF(Z) in System T
RF(Z) (Z - M(ZM-1 mod R))/R
For i 1 to k, Zi M-1 Zi mod ri For I k1 to
2k Zi (Zi - M Z1) R-1 T r1, rk, q1,
qk such that R Pri and Q Pri gt 4M Represent
(XR-1 mod M) in RNS system T