As we draw near to closing out the twentieth century, we see quite clearly that the information-processing and telecommunications revolutions now underway will continue vigorously into the twenty-first. We interact and transact by directing flocks of digital packets towards each other through cyberspace, carrying love notes, digital cash, and secret corporate documents. Our personal and economic lives rely more and more on our ability to let such ethereal carrier pigeons mediate at a distance what we used to do with face-to-face meetings, paper documents, and a firm handshake. Unfortunately, the technical wizardry enabling remote collaborations is founded on broadcasting everything as sequences of zeros and ones that one's own dog wouldn't recognize. What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $10,000,000,000 to another bank? Fortunately, the magical mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information

A new precomputation method is presented for computing g R for a fixed element g and a randomly chosen exponent R in a given group. Our method is more efficient and flexible than the previously proposed methods, especially in the case where the amount of storage available is very small or quite large. It is also very efficient in computing g R y E for a small size E and variable number y, which occurs in the verification of Schnorr's identification scheme or its variants. Finally it is shown that our method is well-suited for parallel processing as well.

for multi-exponentiations

Multiplication and modular reduction of long integers are two primitive operations for the implementation of most public key crypto algorithms. Multiplication can be best performed using Karatsuba's divide-and-conquer technique. However, the modular reduction process is more complicated and time-consuming. Thus an efficient implementation of modular reduction operation is one of main factors affecting the performance of public key cryptosystems. In this paper, we investigate a method for speeding up modular reduction using more or less precomputation based on the modulus, and present implementation results of various algorithms including our proposed methods. 1 Introduction There are two approaches to reducing the computation time for modular exponentiation; reducing the number of modular multiplications required and reducing the computation time for modular multiplication. Since modular exponentiation requires hundreds of modular multiplications, a small improvement by the latter app...

The modular multiplication and exponentiation algorithms based on the Montgomery reduction technique require that the modulus be an odd integer. In this short paper, we show that, with the help of the Chinese Remainder Theorem, the Montgomery reduction algorithm can be used to efficiently perform these modular arithmetic operations with respect to an even modulus.

s), p.146, 1985. [790] J.L. MASSEY AND X. LAI, "Device for converting a digital block and the use thereof", European Patent # 482,154, 29 Apr 1992. [791] , "Device for the conversion of a digital block and use of same", U.S. Patent # 5,214,703, 25 May 1993. [792] J.L. MASSEY AND J.K. OMURA, "Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission ", U.S. Patent # 4,567,600, 28 Jan 1986. [793] J.L. MASSEY AND R.A. RUEPPEL, "Linear ciphers and random sequence generators with multiple clocks", Advances in Cryptology-- Proceedings of EUROCRYPT 84 (LNCS 209), 74--87, 1985. [794] J.L. MASSEY AND S. SERCONEK, "A Fourier transform approach to the linear complexity of nonlinearly filtered sequences", Advances in Cryptology--CRYPTO '94 (LNCS 839), 332--340, 1994. [795] M. MATSUI, "The first experimental cryptanalysis of the Data Encryption Standard", Advances in Cryptology--CRYPTO '94 (LNCS 839), 1--11, 1994. [796] , "Linear cryptanalysis metho...

This paper also appeared in [1219].

This paper also appeared in [1219].