Exponentiation By Squaring - Montgomery's Ladder Technique

Montgomery's Ladder Technique

Many algorithms for exponentiation do not provide defence against side-channel attacks. Namely, an attacker observing the sequence of squarings and multiplications can (partially) recover the exponent involved in the computation. This is a problem if the exponent should remain secret, as with many public-key cryptosystems. A technique called Montgomery's Ladder addresses this concern.

Given the binary expansion of a positive, non-zero integer n=(nk-1...n0)2 with nk-1=1 we can compute xn as follows:

x1=x; x2=x2 for i=k-2 to 0 do If ni=0 then x2=x1*x2; x1=x12 else x1=x1*x2; x2=x22 return x1

The algorithm performs a fixed sequence of operations (up to log n): a multiplication and squaring takes place for each bit in the exponent, regardless of the bit's specific value.

Read more about this topic:  Exponentiation By Squaring

Famous quotes containing the words montgomery, ladder and/or technique:

    Stand up and bless the Lord,
    Ye children of His choice;
    Stand up, and bless the Lord your God
    With heart, and soul, and voice.
    —James Montgomery (1771–1854)

    We make a ladder for ourselves out of our vices when we trample them.
    St. Augustine (354–430)

    The more technique you have, the less you have to worry about it. The more technique there is, the less there is.
    Pablo Picasso (1881–1973)