Skip to content


  • Research Article
  • Open Access

Modular Inverse Algorithms Without Multiplications for Cryptographic Applications

EURASIP Journal on Embedded Systems20062006:032192

  • Received: 19 July 2005
  • Accepted: 17 January 2006
  • Published:


Hardware and algorithmic optimization techniques are presented to the left-shift, right-shift, and the traditional Euclidean-modular inverse algorithms. Theoretical arguments and extensive simulations determined the resulting expected running time. On many computational platforms these turn out to be the fastest known algorithms for moderate operand lengths. They are based on variants of Euclidean-type extended GCD algorithms. On the considered computational platforms for operand lengths used in cryptography, the fastest presented modular inverse algorithms need about twice the time of modular multiplications, or even less. Consequently, in elliptic curve cryptography delaying modular divisions is slower (affine coordinates are the best) and the RSA and ElGamal cryptosystems can be accelerated.


  • Algorithmic Optimization
  • Optimization Technique
  • Control Structure
  • Elliptic Curve
  • Theoretical Argument

[1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22]

Authors’ Affiliations

Seagate Research, 1251 Waterfront Place, Pittsburgh, PA 15222, USA


  1. Joye M, Paillier P: GCD-free algorithms for computing modular inverses. Proceedings of 5th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '03), September 2003, Cologne, Germany, Lecture Notes in Computer Science 2779: 243-253.Google Scholar
  2. Schönhage A, Strassen V: Schnelle Multiplikation großer Zahlen. Computing 1971, 7: 281-292. 10.1007/BF02242355View ArticleMATHGoogle Scholar
  3. GNU Multiple Precision Arithmetic Library manual,
  4. Hankerson DR, Menezes AJ, Vanstone SA: Guide to Elliptic Curve Cryptography. Springer, New York, NY, USA; 2004.MATHGoogle Scholar
  5. Menezes AJ, van Oorschot PC, Vanstone SA: Handbook of Applied Cryptography. CRC Press, Boca Raton, Fla, USA; 1996.View ArticleGoogle Scholar
  6. Hars L: Fast truncated multiplication and its applications in cryptography. Proceedings of 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '05), August 2005, Edinburgh, Scotland Google Scholar
  7. Shantz SC: From Euclid's GCD to Montgomery multiplication to the great divide. In Tech. Rep. TR-2001-95. Sun Microsystems Laboratories, Santa Clara, Calif, USA; 2001.Google Scholar
  8. Jedwab J, Mitchell CJ: Minimum weight modified signed-digit representations and fast exponentiation. Electronics Letters 1989,25(17):1171-1172. 10.1049/el:19890785View ArticleMATHGoogle Scholar
  9. Cohen H, Miyaji A, Ono T: Efficient elliptic curve exponentiation using mixed coordinates. In Proceedings of International Conference on the Theory and Applications of Cryptology and Information Security, Advances in Cryptology (ASIACRYPT '98), October 1998, Beijing, China, Lecture Notes in Computer Science Edited by: Ohta K, Pei D. 1514: 51-65.Google Scholar
  10. Ercegovac MD, Lang T: Digital Arithmetic. Morgan Kaufmann, San Francisco, Calif, USA; 2004. chapter 2Google Scholar
  11. Hars L: Long modular multiplication for cryptographic applications. Proceedings of 6th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '04), August 2004, Cambridge, Mass, USA, Lecture Notes in Computer Science 3156: 44-61. Google Scholar
  12. Knuth DE: The Art of Computer Programming, Volume 2: Seminumerical Algorithms. 3rd edition. Addison-Wesley, Reading, Mass, USA; 1997.Google Scholar
  13. Stein J: Computational problems associated with Racah algebra. Journal of Computational Physics 1967,1(3):397-405. 10.1016/0021-9991(67)90047-2View ArticleMATHGoogle Scholar
  14. Brent RP, Kung HT: Systolic VLSI arrays for linear-time GCD computation. In Proceedings of International Conference on Very Large Scale Integration (VLSI' 83), August 1983, Trondheim, Norway Edited by: Anceau V, Aas EJ. 145-154.Google Scholar
  15. Kaliski BS Jr.: The Montgomery inverse and its applications. IEEE Transactions on Computers 1995,44(8):1064-1065. 10.1109/12.403725View ArticleMATHGoogle Scholar
  16. Savaş E, Koç ÇK: The Montgomery modular inverse-revisited. IEEE Transactions on Computers 2000,49(7):763-766. 10.1109/12.863048View ArticleGoogle Scholar
  17. Lórencz R: New algorithm for classical modular inverse. Proceedings of 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '02), August 2002, Redwood Shores, Calif, USA, Lecture Notes in Computer Science 2523: 57-70.Google Scholar
  18. Jebelean T: Comparing several GCD algorithms. Proceedings of 11th IEEE Symposium on Computer Arithmetic (ARITH-11 '93), June-July 1993, Windsor, Ontario, Canada 180-185.View ArticleGoogle Scholar
  19. Vallée B: Complete Analysis of the Binary GCD Algorithm. 1998,
  20. Schroeppel R, Orman H, O'Malley S: Fast key exchange with elliptic curve systems. In Tech. Rep. 95-03. Department of Computer Science, The University of Arizona, Tucson, Ariz, USA; 1995.Google Scholar
  21. Jebelean T: A double-digit Lehmer-Euclid algorithm for finding the GCD of long integers. Journal of Symbolic Computation 1995,19(1–3):145-157. Technical report version also available 10.1006/jsco.1995.1009MathSciNetView ArticleMATHGoogle Scholar
  22. Weber K: The accelerated integer GCD algorithm. ACM Transactions on Mathematical Software 1995,21(1):111-122. 10.1145/200979.201042View ArticleMATHGoogle Scholar


© Laszlo Hars. 2006

This article is published under license to BioMed Central Ltd. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.