A secure algorithm for inversion modulo 2^k

Sadiel de la Fe Siverio, Carles Ferrer Ramis

Research output: Contribution to journalArticleResearchpeer-review


Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo pk was proposed, which may speed up the calculation of a modulus dependent quantity used in the Montgomery multiplication. The original algorithm lacks security countermeasures; thus, a straightforward implementation may expose the input. This is an issue if that input is a secret. In the RSA-CRT signature using Montgomery multiplication, the moduli are secrets (primes p and q). Therefore, the moduli dependent quantities related to p and q must be securely computed. This paper presents a security analysis of the novel method considering that it might be used to compute secrets. We demonstrate that a Side Channel Analysis leads to disclose the data being manipulated. In consequence, a secure variant for inversions modulo 2k is proposed, through the application of two known countermeasures. In terms of performance, the secure variant is still comparable with the original one.
Original languageEnglish
Pages (from-to)1
Number of pages8
Issue number3
Publication statusPublished - Sep 2018


Dive into the research topics of 'A secure algorithm for inversion modulo 2^k'. Together they form a unique fingerprint.

Cite this