Fast constant-time gcd computation and modular inversion

Authors

  • Daniel J. Bernstein Department of Computer Science, University of Illinois at Chicago, Chicago, IL 60607–7045, USA; Horst Görtz Institute for IT Security, Ruhr University Bochum
  • Bo-Yin Yang Institute of Information Science and Research Center of Information Technology and Innovation, Academia Sinica, 128 Section 2 Academia Road, Taipei 115-29

DOI:

https://doi.org/10.13154/tches.v2019.i3.340-398

Keywords:

Euclid’s algorithm, greatest common divisor, gcd, modular reciprocal, modular inversion, constant-time computations, branchless algorithms, algorithm, design, NTRU, Curve25519

Abstract

This paper introduces streamlined constant-time variants of Euclid’s algorithm, both for polynomial inputs and for integer inputs. As concrete applications, this paper saves time in (1) modular inversion for Curve25519, which was previously believed to be handled much more efficiently by Fermat’s method, and (2) key generation for the ntruhrss701 and sntrup4591761 lattice-based cryptosystems.

Downloads

Published

2019-05-09

Issue

Volume 2019, Issue 3

Section

Articles

License

Copyright (c) 2019 Daniel J. Bernstein, Bo-Yin Yang

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Fast constant-time gcd computation and modular inversion. (2019). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3), 340-398. https://doi.org/10.13154/tches.v2019.i3.340-398