Fast modular exponentiation of large numbers with large exponents

Abstract

In many problems, modular exponentiation |xb|m is a basic computation, often responsible for the overall time performance, as in some cryptosystems, since its implementation requires a large number of multiplications.It is known that |xb|m = |x|b|φ(m)|m for any x in [1, m- 1] if m is prime; in this case the number of multiplications depends on φ(m) instead of depending on b. It was also stated that previous relation holds in the case m = pq, with p and q prime; this case occurs in the RSA method.In this paper it is proved that such a relation holds in general for any x in [1, m - 1] when m is a product of any number n of distinct primes and that it does not hold in the other cases for the whole range [1, m - 1].Moreover, a general method is given to compute |xb|m without any hypothesis on m, for any x in [1, m - 1], with a number of modular multiplications not exceeding those required when m is a product of primes.Next, it is shown that representing x in a residue number system (RNS) with proper moduli mi allows to compute |xb|m by n modular exponentiations |xib|mi in parallel and, in turn, to replace b by |b|φ(mi in the worst case, thus executing a very low number of multiplications, namely ⌈log2mi⌉ for each residue digit.A general architecture is also proposed and evaluated, as a possible implementation of the proposed method for the modular exponentiation.