Ruhr-Uni-Bochum

Fast constant-time gcd computation and modular inversion

2019

Conference / Journal

Authors

Daniel Bernstein Bo-Yin Yang

Research Hub

Research Hub B: Eingebettete Sicherheit

Research Challenges

RC 6: Next-Generation Implementation Security

Abstract

This paper introduces streamlined constant-time variants of Euclid's algorithm, both for polynomial inputs and for integer inputs. As concrete applications, this paper saves time in (1) modular inversion for Curve25519, which was previously believed to be handled much more efficiently by Fermat's method, and (2) key generation for the ntruhrss701 and sntrup4591761 lattice-based cryptosystems.

Tags

Asymmetric Cryptography
Software Implementation