Scribd
Upload
65 views45 pages

Can Schönhage Multiplication Speed Up The RSA Encryption or Decryption?

The document discusses RSA encryption and decryption and ways to potentially speed it up. It introduces the RSA algorithm and outlines that it involves large number multiplications. It then discusses different multiplication algorithms and compares them theoretically and practically to determine if Schonhage multiplication could accelerate RSA computations. The motivation section notes that as quantum computing advances, larger key sizes will be needed to maintain security, increasing the need for faster multiplication algorithms.

Uploaded by

Quyền Nguyễn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views45 pages

Can Schönhage Multiplication Speed Up The RSA Encryption or Decryption?

The document discusses RSA encryption and decryption and ways to potentially speed it up. It introduces the RSA algorithm and outlines that it involves large number multiplications. It then discusses different multiplication algorithms and compares them theoretically and practically to determine if Schonhage multiplication could accelerate RSA computations. The motivation section notes that as quantum computing advances, larger key sizes will be needed to maintain security, increasing the need for faster multiplication algorithms.

Uploaded by

Quyền Nguyễn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 45

Introduction Mult Algo Comparison Summary

Can Schönhage multiplication speed up the


RSA encryption or decryption?

Luis Carlos Coronado García


[email protected]
Department of Computer Science
University of Technology, Darmstadt

16th June / MoraviaCrypt’05

FB Informatik
Introduction Mult Algo Comparison Summary

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

RSA

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

RSA

Description of the RSA Algorithm.


Arithmetical Operations.

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
m ∈ ZN , c = m mod N.
Modular exponentiation ⇒ Modular multiplication.
Montgomery: Modular multiplication without trial division.

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

1 2
General Number Field Sieve O(e1.9229(ln n) 3 (ln ln n) 3 ).
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
Lenstra and Verhuel [2001] suggest: 1028 in 2002, a 2054
in 2023 and a 4047 in 2050.
Shor [1994]. Factoring quantum algorithm.
Hughes [1997]. L quantum bits and ng quantum gates,
where L = 5n + 4 and ng = 25n3 + O(n2 ).

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

1 2
General Number Field Sieve O(e1.9229(ln n) 3 (ln ln n) 3 ).
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
Lenstra and Verhuel [2001] suggest: 1028 in 2002, a 2054
in 2023 and a 4047 in 2050.
Shor [1994]. Factoring quantum algorithm.
Hughes [1997]. L quantum bits and ng quantum gates,
where L = 5n + 4 and ng = 25n3 + O(n2 ).

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

1 2
General Number Field Sieve O(e1.9229(ln n) 3 (ln ln n) 3 ).
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
Lenstra and Verhuel [2001] suggest: 1028 in 2002, a 2054
in 2023 and a 4047 in 2050.
Shor [1994]. Factoring quantum algorithm.
Hughes [1997]. L quantum bits and ng quantum gates,
where L = 5n + 4 and ng = 25n3 + O(n2 ).

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

1 2
General Number Field Sieve O(e1.9229(ln n) 3 (ln ln n) 3 ).
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
Lenstra and Verhuel [2001] suggest: 1028 in 2002, a 2054
in 2023 and a 4047 in 2050.
Shor [1994]. Factoring quantum algorithm.
Hughes [1997]. L quantum bits and ng quantum gates,
where L = 5n + 4 and ng = 25n3 + O(n2 ).

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

1 2
General Number Field Sieve O(e1.9229(ln n) 3 (ln ln n) 3 ).
1
Brent [1999] Y = 13.24(B log 2) 3 + 1928.6.
768 in 2009.86; 1024 in 2018.04; 2048 in 2041.29; 4096 in
2070.57.
Lenstra and Verhuel [2001] suggest: 1028 in 2002, a 2054
in 2023 and a 4047 in 2050.
Shor [1994]. Factoring quantum algorithm.
Hughes [1997]. L quantum bits and ng quantum gates,
where L = 5n + 4 and ng = 25n3 + O(n2 ).

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

Hypothetical QC at 500 MHz wo Moore’s Law (time I).

Quantum
N bits gates time I time II
29 2564 3.35 × 109 33.56 sec 2.23 min
210 5124 2.68 × 1010 4.47 min 17.89 min
211 10244 2.14 × 1011 35.79 min 2.38 hrs
212 20484 1.71 × 1012 4.77 hrs 19.08 hrs
213 40964 1.37 × 1013 1.59 days 6.36 days
214 81924 1.09 × 1014 12.72 days 50.90 days
215 163844 8.79 × 1014 101.80 days 3.55 years
216 327684 7.03 × 1015 2.23 years 8.23 years
217 655364 5.62 × 1016 17.85 years 14.96 years
218 1.31 × 106 4.50 × 1017 142.80 years 22.83 years
219 2.62 × 106 3.60 × 1018 1142.47 years 31.55 years
FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

Hypothetical QC at 500 MHz wo Moore’s Law (time I).


Hypothetical QC at 25 MHz w an each 3-years Moore’s Law
(time II).
Quantum
N bits gates time I time II
29 2564 3.35 × 109 33.56 sec 2.23 min
210 5124 2.68 × 1010 4.47 min 17.89 min
2 11 10244 2.14 × 1011 35.79 min 2.38 hrs
2 12 20484 1.71 × 10 12 4.77 hrs 19.08 hrs
213 40964 1.37 × 1013 1.59 days 6.36 days
214 81924 1.09 × 1014 12.72 days 50.90 days
2 15 163844 8.79 × 1014 101.80 days 3.55 years
2 16 327684 7.03 × 10 15 2.23 years 8.23 years
217 655364 5.62 × 1016 17.85 years 14.96 years
218 1.31 × 106 4.50 × 1017 142.80 years 22.83 years
219 2.62 × 10 6 3.60 × 1018 1142.47 years 31.55 years
FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

Description of the RSA Algorithm.


Arithmetical Operations.

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
m ∈ ZN , c = m mod N.
Modular exponentiation ⇒ Modular multiplication.
Montgomery: Modular multiplication without trial division.

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

Description of the RSA Algorithm.


Arithmetical Operations.

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
m ∈ ZN , c = m mod N.
Modular exponentiation ⇒ Modular multiplication.
Montgomery: Modular multiplication without trial division.

FB Informatik
Introduction Mult Algo Comparison Summary

Motivation

Description of the RSA Algorithm.


Arithmetical Operations.

p, q ∈ P, N = pq, e, d ∈ ZN s.t. ed ∼
= 1 mod ϕ(N).
e
m ∈ ZN , c = m mod N.
Modular exponentiation ⇒ Modular multiplication.
Montgomery: Modular multiplication without trial division.

FB Informatik
Introduction Mult Algo Comparison Summary

MoB

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

MoB

Base Words.
Arithmetical Operations of Base Words.

ν0
ν0 ∈ N, 0 ≤ B < 22 is a Base Word.
One multipication of two base words = one computation
unit.
One addition of two base words = q computation units
(0 < q ≤ 1).
MOB(Alg, bit-length) is the multiplications of base words
needed by algorithm Alg for multiplying two integers of size
bit-length.

FB Informatik
Introduction Mult Algo Comparison Summary

MoB

Base Words.
Arithmetical Operations of Base Words.

ν0
ν0 ∈ N, 0 ≤ B < 22 is a Base Word.
One multipication of two base words = one computation
unit.
One addition of two base words = q computation units
(0 < q ≤ 1).
MOB(Alg, bit-length) is the multiplications of base words
needed by algorithm Alg for multiplying two integers of size
bit-length.

FB Informatik
Introduction Mult Algo Comparison Summary

MoB

Base Words.
Arithmetical Operations of Base Words.

ν0
ν0 ∈ N, 0 ≤ B < 22 is a Base Word.
One multipication of two base words = one computation
unit.
One addition of two base words = q computation units
(0 < q ≤ 1).
MOB(Alg, bit-length) is the multiplications of base words
needed by algorithm Alg for multiplying two integers of size
bit-length.

FB Informatik
Introduction Mult Algo Comparison Summary

MoB

Base Words.
Arithmetical Operations of Base Words.

ν0
ν0 ∈ N, 0 ≤ B < 22 is a Base Word.
One multipication of two base words = one computation
unit.
One addition of two base words = q computation units
(0 < q ≤ 1).
MOB(Alg, bit-length) is the multiplications of base words
needed by algorithm Alg for multiplying two integers of size
bit-length.

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Na, Ka and T3

Multiplication Algorithms and MOB.

Naïve:
O(L2 ) or O(22v ) for L = 2v .
MOB(Na, 2ν0 +ν ) = 22ν + 3q(22ν − 2ν )
Karatsuba:
O(Llog2 3 ) or O(3v ) for L = 2v .
MOB(Ka, 2ν0 +ν ) = 3ν + 10q(3ν − 2ν )
Toom-Cook:
O(Llog3 5 ) or O(5v log3 2 ) for L = 2v .
MOB(TC, 2ν0 +ν ) = 5ν log3 2 + 24q(5ν log3 2 − 2ν ) + C(ν).
C(ν) < 18q5ν log3 2 .

FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Schönhage.

Schönhage:
It takes the advantage of Fast Fourier Transform: O(κ2κ )
for 2κ summands.
2κ multiplication of numbers of length n(κ)
O(L log L log log L)

FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Schönhage.

Schönhage:
It takes the advantage of Fast Fourier Transform: O(κ2κ )
for 2κ summands.
2κ multiplication of numbers of length n(κ)
O(L log L log log L)

FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Schönhage.

Schönhage:
It takes the advantage of Fast Fourier Transform: O(κ2κ )
for 2κ summands.
2κ multiplication of numbers of length n(κ)
O(L log L log log L)

FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Schönhage and MOB.

MOB(Sch, 2ν0 +ν ) =
MOB(MA, 2ν0 +ν ) if ν < 5


2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise

Observation
n(κ) = 2ν+1−2κ + κ+3
  κ+ν
2 κ 2 0 . If 3 ≤ κ then n(κ) has a
ν+1
minimum in κ = 2

κ = ν+1
 
2

FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Schönhage and MOB.

MOB(Sch, 2ν0 +ν ) =
MOB(MA, 2ν0 +ν ) if ν < 5


2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise

Observation
n(κ) = 2ν+1−2κ + κ+3
  κ+ν
2 κ 2 0 . If 3 ≤ κ then n(κ) has a
ν+1
minimum in κ = 2

κ = ν+1
 
2

FB Informatik
Introduction Mult Algo Comparison Summary

Schönhage

Schönhage and MOB.

MOB(Sch, 2ν0 +ν ) =
MOB(MA, 2ν0 +ν ) if ν < 5


2κ MOB(Sch, 2ν0 +κ (2ν+1−2κ + 1)) + qκ2ν+2 otherwise

Observation
n(κ) = 2ν+1−2κ + κ+3
  κ+ν
2 κ 2 0 . If 3 ≤ κ then n(κ) has a
ν+1
minimum in κ = 2

κ = ν+1
 
2

FB Informatik
Introduction Mult Algo Comparison Summary

Theoretical

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

Theoretical

Behaviour of log2 (MOB(alg, 2log_size )) with q = 0.9.

45.0
Naive
40.0
35.0 Karatsuba
Toom-Cook
30.0 Schonhage

25.0
20.0
15.0
10.0
5.0
0.0
0.0 5.0 10.015.020.025.0 FB Informatik
Introduction Mult Algo Comparison Summary

Theoretical

Behaviour of log2 (MOB(alg, 2log_size )) with q = 0.9.

FB Informatik
Introduction Mult Algo Comparison Summary

Practical

Outline

1 Introduction
RSA Algorithm
Motivation
Multiplications of Base Words

2 Multiplication Algorithms
Naïve, Karatsuba and Toom-Cook Multiplication
Algorithms.
Schönhage Multiplication Algorithm.

3 Comparison Amongst the Multiplication Algorithms


Theoretical
Practical
FB Informatik
Introduction Mult Algo Comparison Summary

Practical

Timing on Linux on an Intel Pentium 4 at 2.4 GHz.

10.0 Naive
Karatsuba
5.0 Toom-Cook
Schonhage
0.0

-5.0

-10.0

-15.0

-20.0
0.0 5.0 10.0 15.0 20.0 25.0 FB Informatik
Introduction Mult Algo Comparison Summary

Practical

Timing on Linux on an Intel Pentium 4 at 2.4 GHz.

FB Informatik
Introduction Mult Algo Comparison Summary

Summary

Comparison of multiplications of base words (MOB)


amongst some multiplication algorithms.
Selection of an adequate κ for Schönhage algorithm.
Schönhage is the best for number of bit length ≥ 217 .

FB Informatik
Introduction Mult Algo Comparison Summary

Questions?
Thank you for your attention!

FB Informatik

You might also like