Exponentiation By Squaring - Montgomery's Ladder Technique

Montgomery's Ladder Technique

Many algorithms for exponentiation do not provide defence against side-channel attacks. Namely, an attacker observing the sequence of squarings and multiplications can (partially) recover the exponent involved in the computation. This is a problem if the exponent should remain secret, as with many public-key cryptosystems. A technique called Montgomery's Ladder addresses this concern.

Given the binary expansion of a positive, non-zero integer n=(nk-1...n0)2 with nk-1=1 we can compute xn as follows:

x1=x; x2=x2 for i=k-2 to 0 do If ni=0 then x2=x1*x2; x1=x12 else x1=x1*x2; x2=x22 return x1

The algorithm performs a fixed sequence of operations (up to log n): a multiplication and squaring takes place for each bit in the exponent, regardless of the bit's specific value.

Read more about this topic:  Exponentiation By Squaring

Famous quotes containing the words montgomery, ladder and/or technique:

    Yet nightly pitch my moving tent,
    A day’s march nearer home.
    —James Montgomery (1771–1854)

    When Titian was mixing brown madder,
    His model was posed up a ladder.
    Said Titian, “That position
    Calls for coition,”
    So he lept up the ladder and had her.
    Anonymous.

    The moment a man begins to talk about technique that’s proof that he is fresh out of ideas.
    Raymond Chandler (1888–1959)