Can Schönhage Multiplication Speed Up The RSA Encryption or Decryption?

Introduction Mult Algo Comparison Summary
Can Schönhage multiplication speed up the

RSA encryption or decryption?
Luis Carlos Coronado García

coronado@cdc.informatik.tu-darmstadt.de
Department of Computer Science
University of Technology, Darmstadt
16th June / MoraviaCrypt’05
FB Informatik
Outline
1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words
2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.
3 Comparison Amongst the Multiplication Algorithms

Theoretical
Practical
FB Informatik
RSA
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
RSA
Description of the RSA Algorithm.

Arithmetical Operations.
p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
m ∈ ZN , c = m mod N.
Modular exponentiation ⇒ Modular multiplication.
Montgomery: Modular multiplication without trial division.
FB Informatik
Motivation
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
Motivation
1 2
General Number Field Sieve O(e1.9229(ln n) 3 (ln ln n) 3 ).
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
Lenstra and Verhuel [2001] suggest: 1028 in 2002, a 2054
in 2023 and a 4047 in 2050.
Shor [1994]. Factoring quantum algorithm.
Hughes [1997]. L quantum bits and ng quantum gates,
where L = 5n + 4 and ng = 25n3 + O(n2 ).
FB Informatik
Motivation
1 2
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
in 2023 and a 4047 in 2050.
FB Informatik
Motivation
1 2
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
in 2023 and a 4047 in 2050.
FB Informatik
Motivation
1 2
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
in 2023 and a 4047 in 2050.
FB Informatik
Motivation
1 2
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
in 2023 and a 4047 in 2050.
FB Informatik
Motivation
Hypothetical QC at 500 MHz wo Moore’s Law (time I).
Quantum
N bits gates time I time II
29 2564 3.35 × 109 33.56 sec 2.23 min
210 5124 2.68 × 1010 4.47 min 17.89 min
211 10244 2.14 × 1011 35.79 min 2.38 hrs
212 20484 1.71 × 1012 4.77 hrs 19.08 hrs
213 40964 1.37 × 1013 1.59 days 6.36 days
214 81924 1.09 × 1014 12.72 days 50.90 days
215 163844 8.79 × 1014 101.80 days 3.55 years
216 327684 7.03 × 1015 2.23 years 8.23 years
217 655364 5.62 × 1016 17.85 years 14.96 years
218 1.31 × 106 4.50 × 1017 142.80 years 22.83 years
219 2.62 × 106 3.60 × 1018 1142.47 years 31.55 years
FB Informatik
Motivation
Hypothetical QC at 500 MHz wo Moore’s Law (time I).

Hypothetical QC at 25 MHz w an each 3-years Moore’s Law
(time II).
Quantum
N bits gates time I time II
29 2564 3.35 × 109 33.56 sec 2.23 min
210 5124 2.68 × 1010 4.47 min 17.89 min
2 11 10244 2.14 × 1011 35.79 min 2.38 hrs
2 12 20484 1.71 × 10 12 4.77 hrs 19.08 hrs
213 40964 1.37 × 1013 1.59 days 6.36 days
214 81924 1.09 × 1014 12.72 days 50.90 days
2 15 163844 8.79 × 1014 101.80 days 3.55 years
2 16 327684 7.03 × 10 15 2.23 years 8.23 years
217 655364 5.62 × 1016 17.85 years 14.96 years
218 1.31 × 106 4.50 × 1017 142.80 years 22.83 years
219 2.62 × 10 6 3.60 × 1018 1142.47 years 31.55 years
FB Informatik
Motivation

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
FB Informatik
Motivation

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
FB Informatik
Motivation

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
FB Informatik
MoB
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
MoB
Base Words.
Arithmetical Operations of Base Words.
ν0
ν0 ∈ N, 0 ≤ B < 22 is a Base Word.
One multipication of two base words = one computation
unit.
One addition of two base words = q computation units
(0 < q ≤ 1).
MOB(Alg, bit-length) is the multiplications of base words
needed by algorithm Alg for multiplying two integers of size
bit-length.
FB Informatik
MoB
Base Words.
ν0
unit.
(0 < q ≤ 1).
bit-length.
FB Informatik
MoB
Base Words.
ν0
unit.
(0 < q ≤ 1).
bit-length.
FB Informatik
MoB
Base Words.
ν0
unit.
(0 < q ≤ 1).
bit-length.
FB Informatik
Na, Ka and T3
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
Na, Ka and T3
Multiplication Algorithms and MOB.
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Na, Ka and T3
Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
C(ν) < 18q5ν log3 2 .
FB Informatik
Schönhage
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
Schönhage
Schönhage.
Schönhage:
It takes the advantage of Fast Fourier Transform: O(κ2κ )
for 2κ summands.
2κ multiplication of numbers of length n(κ)
O(L log L log log L)
FB Informatik
Schönhage
Schönhage.
Schönhage:
for 2κ summands.
FB Informatik
Schönhage
Schönhage.
Schönhage:
for 2κ summands.
FB Informatik
Schönhage
Schönhage and MOB.
MOB(Sch, 2ν0 +ν ) =
MOB(MA, 2ν0 +ν ) if ν < 5

2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise
Observation
n(κ) = 2ν+1−2κ + κ+3
κ+ν
2 κ 2 0 . If 3 ≤ κ then n(κ) has a
ν+1
minimum in κ = 2
κ = ν+1

2
FB Informatik
Schönhage
Schönhage and MOB.

Observation
n(κ) = 2ν+1−2κ + κ+3
κ+ν
ν+1
minimum in κ = 2
κ = ν+1

2
FB Informatik
Schönhage
Schönhage and MOB.

Observation
n(κ) = 2ν+1−2κ + κ+3
κ+ν
ν+1
minimum in κ = 2
κ = ν+1

2
FB Informatik
Theoretical
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
Theoretical
Behaviour of log2 (MOB(alg, 2log_size )) with q = 0.9.
45.0
Naive
40.0
35.0 Karatsuba
Toom-Cook
30.0 Schonhage
25.0
20.0
15.0
10.0
5.0
0.0
0.0 5.0 10.015.020.025.0 FB Informatik
Theoretical
Behaviour of log2 (MOB(alg, 2log_size )) with q = 0.9.
FB Informatik
Practical
Outline
1 Introduction
RSA Algorithm
Motivation
Algorithms.

Theoretical
Practical
FB Informatik
Practical
Timing on Linux on an Intel Pentium 4 at 2.4 GHz.
10.0 Naive
Karatsuba
5.0 Toom-Cook
Schonhage
0.0
-5.0
-10.0
-15.0
-20.0
0.0 5.0 10.0 15.0 20.0 25.0 FB Informatik
Practical
Timing on Linux on an Intel Pentium 4 at 2.4 GHz.
FB Informatik
Summary
Comparison of multiplications of base words (MOB)

amongst some multiplication algorithms.
Selection of an adequate κ for Schönhage algorithm.
Schönhage is the best for number of bit length ≥ 217 .
FB Informatik
Questions?
Thank you for your attention!
FB Informatik

Can Schönhage Multiplication Speed Up The RSA Encryption or Decryption?

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Can Schönhage Multiplication Speed Up The RSA Encryption or Decryption?

Uploaded by

Copyright:

Available Formats

Introduction Mult Algo Comparison Summary

Can Schönhage multiplication speed up the

Luis Carlos Coronado García

16th June / MoraviaCrypt’05

3 Comparison Amongst the Multiplication Algorithms

3 Comparison Amongst the Multiplication Algorithms

Description of the RSA Algorithm.

3 Comparison Amongst the Multiplication Algorithms

Hypothetical QC at 500 MHz wo Moore’s Law (time I).

Hypothetical QC at 500 MHz wo Moore’s Law (time I).

Description of the RSA Algorithm.

Description of the RSA Algorithm.

Description of the RSA Algorithm.

3 Comparison Amongst the Multiplication Algorithms

3 Comparison Amongst the Multiplication Algorithms

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

Multiplication Algorithms and MOB.

3 Comparison Amongst the Multiplication Algorithms

Schönhage and MOB.

2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise

Schönhage and MOB.

2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise

Schönhage and MOB.

2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise

3 Comparison Amongst the Multiplication Algorithms

Behaviour of log2 (MOB(alg, 2log_size )) with q = 0.9.

Behaviour of log2 (MOB(alg, 2log_size )) with q = 0.9.

3 Comparison Amongst the Multiplication Algorithms

Timing on Linux on an Intel Pentium 4 at 2.4 GHz.

Timing on Linux on an Intel Pentium 4 at 2.4 GHz.

Comparison of multiplications of base words (MOB)

You might also like