Fast constant-time gcd computation and modular inversion

Authors

  • Daniel J. Bernstein Department of Computer Science, University of Illinois at Chicago, Chicago, IL 60607–7045, USA; Horst Görtz Institute for IT Security, Ruhr University Bochum
  • Bo-Yin Yang Institute of Information Science and Research Center of Information Technology and Innovation, Academia Sinica, 128 Section 2 Academia Road, Taipei 115-29

DOI:

https://doi.org/10.13154/tches.v2019.i3.340-398

Keywords:

Euclid’s algorithm, greatest common divisor, gcd, modular reciprocal, modular inversion, constant-time computations, branchless algorithms, algorithm, design, NTRU, Curve25519

Abstract

This paper introduces streamlined constant-time variants of Euclid’s algorithm, both for polynomial inputs and for integer inputs. As concrete applications, this paper saves time in (1) modular inversion for Curve25519, which was previously believed to be handled much more efficiently by Fermat’s method, and (2) key generation for the ntruhrss701 and sntrup4591761 lattice-based cryptosystems.

Published

2019-05-09

Issue

Section

Articles

How to Cite

Bernstein, D. J., & Yang, B.-Y. (2019). Fast constant-time gcd computation and modular inversion. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3), 340-398. https://doi.org/10.13154/tches.v2019.i3.340-398