US 20050246406 A9 Abstract An emod operation is a computational substitute for a traditional modulus operation, one that is computationally less expensive but also less precise. Where a modulus operation may be defined for some base number n, the emod operation determines a modulus of an operand using a “phantom modulus,” one that is an integer multiple of n. The phantom modulus is chosen to make emod calculations computationally inexpensive when compared to a modulus operation. Thus, the emod operation is particularly useful for multiplications or exponential operations using very large operands. Upon conclusion of interstitial processing associated with the multiplications or exponential operations, a single, traditional modulus operation may be used to obtain a final result.
Claims(5) 1. A method of performing a modulus operation upon an operand that is represented by mathematical function to be performed iteratively, the modulus taken with respect to a value n, comprising:
upon conclusion of each of a plurality of interstitial iterations, determining a modulus of a result thereof using a phantom modulus that is a multiple of n, the phantom modulus approximating 2 ^{k }for some arbitrary k, and upon conclusion of a final iteration, determining a modulus of a result thereof using a true modulus n. 2. A method of resolving an (A·B) mod n operation, comprising,
iteratively, for each of several words of B:
shifting a value c by a word length,
adding to the shifted value c, a value A·B[i], where B[i] is the ith word of B, performing an emod operation on a result of the addition, using a phantom modulus mn that is a multiple of n, and
following a last iteration, performing a modulus operation on the result of the addition from the last iteration. 3. A method of resolving an (A·B) mod n, operation comprising:
iteratively, for each of several words of B:
generating a quotient q from a higher order portion of an earlier valuation of c,
generating a remainder r from a lower order portion of the value c,
revaluing c to be A·B[i]+r+d·q, where d is a precision value of a phantom modulus, where B[i] is the ith word of B,
following a last iteration, performing a modulus operation on the result of the revaluing from the last iteration. 4. A method of resolving an (A·B) mod n operation, comprising:
iteratively, for each of several words of B:
generating a quotient q[i] from a higher order portion of an earlier valuation of c, where i represents the current iteration,
generating a remainder r[i] from a lower order portion of the value c,
shifting left a quotient q[i−1] by a word width
revaluing c to be A·B[i]+r[i]+d·q[i−1], where d is a precision value of a phantom modulus, where B[i] is the ith word of B and the revaluing uses the shifted quotient,
following a last iteration, performing a modulus operation on the result of the revaluing from the last iteration. 5. A method of resolving an A^{B }mod n operation, comprising:
iteratively, for each bit position i of B:
performing a c=(c·c) emod n operation, and
if the ith bit position of B is a 1, performing a c=(c·A) emod n operation; and
following a last iteration, performing A mod N operation of c obtained from the last operation, wherein the emod n operation calculates a modulus result from a phantom modulus mn, where mn is an integer multiple of n. Description The present invention relates to modulus calculations. In particular, it relates to modulus calculations that may be performed with high degrees of efficiency. A modulus calculation (colloquially, a “mod” calculation) determines the remainder of a division operation. Thus, the expression A mod N determines a result that is the remainder obtained by dividing the number A by N. Example: 17 divided by 3 is 5 with a remainder of 2. “17 mod 3” yields a result having value 2. Mod calculations are performed in many computing applications including key negotiation conducted between two parties before engaging in encrypted communication. In the key negotiation context, evaluation of equations having the form (A Assuming operands of length l and an equal number of 0s and 1s therein, evaluation of A Accordingly, there is a need in the art for a fast, computationally inexpensive technique for resolving mod operations with large operands. Embodiments of the present invention introduce an “emod” operation for use in mod calculations. The emod is a computational substitute for a traditional mod operation, one that is computationally less expensive but also less precise. The emod operation may be used in connection with interstitial multiplications that may be generated during evaluation of an A Although computers perform arithmetic operations having binary values (base 2), the advantages of the emod operation might best be understood with an example using traditional decimal numbers (base 10). To evaluate the operation 23754 mod 3331, it would be conventional to divide 23754 by the modulus 3331 to obtain the remainder 437. However, such division is computationally expensive. It would be far easier to use some multiple of the modulus that is closer to 10 The example illustrated above also works in a binary scheme. In the base 2 domain, for some modulus n, a multiple is chosen that closely approximates some 2 Given a modulus n, a phantom modulus mn may be chosen such that m·n=2 Evaluation of (A·B) emod n According to an embodiment, evaluation of:
In one embodiment, the method of Where shiftleft(w,c) merely shifts left the c operand by w bits. This is equivalent to a multiplication by 2 The emod operator operates based on a phantom modulus mn=m·n, yielding a precision factor d=2 In one embodiment, the method of This implementation requires that the product d·q is available immediately. In practice, since this product may take some time to generate, the method effectively becomes stalled until the product becomes available. In an alternate embodiment, the method may complete a current iteration without having the d·q product available. Instead, it may advance to the next iteration of i and integrate the d·q product from a previous iteration. Following the final iteration, the quotient from the final iteration may be added to c (box In one embodiment, the method of In this embodiment, the d·q product from a prior iteration (relabeled as d·q1) is shifted left to account for positional differences between the two words. As noted above, the embodiment of Multiplication of Large Numbers with Small Numbers As described above, the multiplicand B may be parsed into a plurality of smaller words B[w], w=0 to M−1, and the words may be used as a basis on which to perform the multiplication with the multiplier A. A discussion of a circuit implementation for this embodiment follows. The shifters The shifters Alternatively, the shifters The 3A register Outputs from the A register The IPG The 3× multiplier, as its name implies, may generate a value that is three times a multiplicand when presented at the input terminal. A second inverter The shifters Outputs from the inverters According to an embodiment, when it is desired to perform a multiplication based on a long multiplicand A and a shorter multiplier B, the multiplicand A may be input to the IPG The IPG may include a controller In an embodiment, the multiplier B may be parsed into several four bit segments s
Where {overscore (A)} is the two's complement of an input A. The control value CTRL may be related to the four bits input pattern by: CTRL=−4s _{i3}+2s _{i2} +s _{i1} +s _{i0} (8)
where s _{ij }represents the j^{th }bit position of segment s_{i}. For the segment s_{0}, the zero^{th }bit position, which would be a fictional bit position “B_{−1},” may be set to 0 to render the response of the controller to segment s_{0 }consistent with Table 1.
It may be observed from The IPG embodiments described above may be applied to multiplier circuits of a variety of architectures. In each application, use of an IPG permits the multiplier circuit to achieve faster operation essentially by permitting additions to occur once every three bit positions rather than once per bit position as is conventional. During operation, the IPG Once values are loaded in each of the interstitial product registers In an embodiment for a multiplicand A of length m and a multiplier B of length n, the product register Traditional combinatorial multipliers include one interstitial product register for each bit position of a multiplier B. In the foregoing embodiment, there need be only one interstitial product register (say, During operation, the multiplier circuit As in the embodiment of In another embodiment, a multiplier circuit may omit use of a multiplier register (such as the multiplier On each clock cycle, the contents of the product register The second IPG The multiplication circuit As is known, a carry save adder generates a result in the so-called “redundant form.” Carry save adders are faster than other types of adders because they generate results of addition operations without performing a traditional carry propagation (a time consuming operation). Instead, the addition results are stored using multiple bits per “bit position.” Multiple additions can be performed in redundant form. After a final addition, a single carry propagation may be performed to obtain a result in non-redundant form. According to an embodiment, a portion of the product register The foregoing embodiments have been presented in connection with an evaluation of a (A·B) emod n operation. If done in connection with an (A·B) mod n operation, the methods illustrated in Evaluation of A Embodiments of the emod operation are described below in the context of an A The outer loop may scan the bits of the exponent and to control the multiplications. Each pass of the outer loop may include squaring operation:
Upon conclusion of the last iteration, the method The inner loop of the operation may be performed using any of the methods described hereinabove with respect to Determining d and m. To determine the parameters d and m, the number of significant bits in n, size(n), may be determined so that:
To find m and d from n and 2k, note that:
Equation 15 has a property that:
In another embodiment, the calculation of (2 In one embodiment, the calculation of m and d may be implemented in software according to the following pseudocode. ^{k }div n) and d=(2^{k}−mn) where the function selectbits(max downto min, c) returns the bits in c from and including positions max and down to min. The embodiments presented hereinabove provide a computational substitute for a mod operation, labeled “emod,” that incurs much less computational expense at the cost of lost precision. It is useful when performing a mod operation in connection with multiplications or exponential operations. By applying an emod operation to interstitial products, the length operands may be maintained to be within some predetermined length window. When a final product is obtained, a traditional mod operation may be applied to obtain a final result. This scheme obtains a final result with much less processing than would be possible using only the mod operation. Several embodiments of the present invention are specifically illustrated and described herein. However, it will be appreciated that modifications and variations of the present invention are covered by the above teachings and within the purview of the appended claims without departing from the spirit and intended scope of the invention. Referenced by
Classifications
Legal Events
Rotate |