Discussion forum for Cryptology ePrint Archive
reports posted in 2008
Please put the report number in the subject.
Question on GŁneysu & Paar's DSP based fast modular reduction unit
Posted by: Artur
Date: 06 May 2010 17:39
This questions concerns the paper "Ultra High Performance ECC over NIST Primes on Commercial FPGAs" from CHES 2008.
GŁneysu uses the reduction algorithm of Solinas for NIST (generalized Mersenne) primes P-224 and P-256 in his algorithm listings 1 and 2. In figure 5 he displays a digital circuit block diagram of the reduction chain implementing the fast modular reduction step. While GŁneysu clearly implies that the diagram is meant only to show the "general structure" of a DSP based fast reduction circuit, it is not clear to me at all how to implement the circuit, say, for P-224.
Does anyone know the configuration of the DSPs? E.g., how do we determine when to reset and accumulate and also how do we know when and where to add in the various c_i's. (I.e., what are the mux select line configurations per cycle.) What about the carries from each 32-bit digit to the next?
Has anyone verified the results of this paper?