近年來網路已經跟我們的生活密不可分，而人們在網路上進行交易的次數也越來越多，使得網路安全越來越重要。為了保證資料透過網路傳送時不被竊取，加解密系統經常用於確保資料傳輸的安全以及隱密性。
RSA密碼系統是一個廣為人知的公開金鑰密碼系統，經由大量的模數指數運算來進行加密、解密。隨著科技的進步，RSA加解密系統的金鑰長度也必須大於等於1024位元，才能達到足夠的安全性，以免被人使用暴力法破解。然而因為位元數過大，使用軟體無法達到即時加解密的要求，因此我們將RSA加解密系統實作為硬體，來提升其運算的速度。
模數指數運算是RSA加解密系統最主要的運算，而模數指數運算則可以轉變成一連串的模數乘法運算，本論文即採用目前最常使用於RSA加解密系統的蒙哥馬利演算法來進行模數乘法運算。
基於傳統蒙哥馬利演算法的架構會有大量扇出的問題，本論文採用字組式的架構來解決該問題，並且利用高基數的做法，使得模數乘法所需的整體迴圈數減少。此外，我們也在高基數中使用hybrid-radix的概念，來減少中間壓縮元件的數量。
本論文首先使用上述幾項技術設計蒙哥馬利乘法器，並且將之用於實作模數指數運算，接著比較各種模數指數演算法與架構的優缺點，並且針對不同的基數以及字組大小來比較面積以及效能上的差異。

The Internet has been inseparable from our life in the rest year. More and more people trade on the Internet, so the network security will be increasingly important. In order to guarantee data transmission on the network is safe, encryption systems are often used to ensure the security and privacy of data transmission.
RSA cryptosystem is a public and well-known key cryptography system, via a large number of modular exponentiation for encryption and decryption. With advances in technology, the key length of RSA encryption system must be not less than 1024, so that sufficient security can be achieved to avoid the brute-force attack. Because the bit number of key is too large, encryption and decryption software cannot achieve immediate results in real time. Therefore, we will design the hardware circuit of RSA encryption system hardware to enhance its operational speed.
Modular exponentiation is the most important operations in RSA encryption system, and modular exponentiation can be converted into a series of modular multiplication. The thesis uses Montgomery algorithm for modular multiplication, which is the most commonly used modular multiplication in the RSA encryption system, to implement the modular exponentiation.
The traditional architecture of Montgomery algorithm suffers from the high fan-out problems, so this thesis uses word-base architecture to solve the problem. By using high-radix technique, we reduce the clock cycle number of whole module multiplication as well. In addition, we also use hybrid-radix concept to reduce the number of intermediate compressors.
In this thesis, we design the Montgomery multiplier with the techniques mentioned above, and the proposed Montgomery multiplier is used to implement modular exponentiation. In addition, we compare the advantages and disadvantages of exponential
iii
modular exponentiation algorithms and architectures. The difference in performance and area of the architecture with the different radix and word size is also compared.

誌謝 ii
論文提要 iii
摘要 iv
第一章 緒論 1
1.1 研究動機 1
1.2 論文大綱 2
第二章 研究背景 3
2.1 RSA密碼系統原理 3
2.2模數指數演算法 5
2.2.1 H-模數指數演算法 6
2.2.2 L-模數指數演算法 7
2.2.3 M-ary 模數指數演算法 8
2.3蒙哥馬利演算法 9
2.4 進位節省蒙哥馬利演算法 11
2.4.1 5-to-2 CSA蒙哥馬利演算法及架構 11
2.4.2 4-to-2 CSA蒙哥馬利演算法及架構 13
2.5 字組式蒙哥馬利演算法及架構 15
2.5.1 字組式蒙哥馬利演算法 16
2.5.2 字組式蒙哥馬利乘法器架構 18
2.5.3 字組式蒙哥馬利演算法的資料相依性 19
第三章 高基數之字組式蒙哥馬利乘法器 21
3.1高基數蒙哥馬利演算法 21
3.1.1 商數決定中的乘法省略 22
3.1.2商數決定中的加法省略 23
3.1.3商數管線化 25
3.2 High-radix 26
3.2.1 High-radix Booth 編碼 27
3.2.2混和式基數 29
3.3 低延遲技術 30
3.3.1 預先計算之低延遲技術 30
3.3.2 重新排程之低延遲技術 31
3.3.3 Tsai採用的低延遲技術 34
3.3.4 採用的低延遲技術 37
第四章 提出的演算法及硬體架構設計 38
4.1 提出的混和式基數字組式蒙哥馬利乘法演算法 38
4.2 演算法之架構分析及比較 41
4.3 提出的混和式基數之字組式蒙哥馬利乘法器架構 43
4.3.1 提出的字組式蒙哥馬利乘法器整體架構 43
4.3.2 處理單元設計 45
4.3.3壓縮樹設計 47
4.4 提出的指數架構 48
第五章 實驗數據 50
5.1 實驗步驟與結果 50
5.2 實驗結果 52
第六章 結論與未來研究方向 54
6.1 結論 54
6.2 未來研究方向 54
參考文獻 55

[1] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signature and public-key cryptosystems,”Communications of the ACM, vol. 21, pp. 120-126, Feb. 1978.
[2] P. L. Montgomery, “Modular multiplication without trial division,” Mathmatics Computation, vol. 44, pp. 519-521, Apr. 1985
[3] C. D. Walter, “Montgomery exponentiation needs no final subtractions,” Elextron. Lett., vol. 32, no. 21, pp. 1831-1832, Oct. 1999.
[4] T. W. Kwon, C. S. You, W. S. Heo, Y. K. Kang, and J. R. Choi, “Two implementation methods of a 1024-bit RSA cryptoprocessor based on modified Montgomery algorithm,” Proc. IEEE Int. Symp. Circuits Syst., vol. 4, pp. 650-653, May 2001.
[5] A. Cilardo, A. Mazzeo, L. Romano, and G. P. Saggese, “Carry-save Montgomery modular exponentiation on reconfigurable hardware,” Proc. Des., Autom. Test Eur. Conf. Exhibition, vol. 3, pp.206-211, Feb. 2004.
[6] C. McIvor, M. McLoone, and J. V. McCanny, “Modified Montgomery modular multiplication and RSA exponentiation techniques,” IEE Proc. Computers and Digital Techniques, vol. 151, no. 6, pp. 402-408, Nov. 2004.
[7] P. Kornerup, “High-Radix Modular Multiplication for Cryptosystems,” Proc. IEEE Symp. Computer Arithmetic, pp. 277-283, Jun 1993.
[8] R. V. Kamala and M. B. Srinivas, “High-Throughput Montgomery Modular Multiplication,” IFIP International Conference on Very Large Scale Integration, pp. 58-62, Oct. 2006.
[9] A. F. Tenca and C. K. Koc, “A scalable architecture for modular multiplication based on Montgomery’s algorithm,” IEEE Tans. Computers, vol. 52, no. 9, pp. 1215-1221, Sept. 2003.
[10] A. F. Tenca and A. Tawalbeh, “An efficient and Scalable Radix-4 Modular Modular Multiplier Design Using Recoding Techniques,” Proc. Asilomar Conf. Signals, Systems, and Computers, pp. 1445-1450, Nov. 2003.
[11] D. Harris, R. Krishnamurthy, S. Mathew, and S. Hsu, “An improved unified scalable radix-2 Montgomery multiplier,” IEEE Symp. Computer Arithmetic, pp. 1196-1200, Jan. 2005.
[12] N. Pinckney and D. Harris, “Parallelized radix-4 scalable Montgomery multipliers,” J. Integrated Circuits and Syst., vol. 3, no. 1, pp. 39-45, Mar. 2008.
[13] P. Amberg, N. Pinckney, and D. M. Harris, “Parallel High-Radix Montgomery Multipliers,” Proc. Asilomar Conf. Signals, Systems, and Computers, pp. 772-776, Oct. 2008.
[14] M. Huang, K. Gaj, and T. El-Ghazawi, “New Hardware Architectures for Montgomery Modular Multiplication Algorithm,” IEEE Trans. Computer, vol. 60, no. 7, pp. 923-936, July 2011.
[15] M. D. Shieh and W. C. Lin. “Word-Based Montgomery Modular Multiplication Algorithm for Low-Latency Scalable Architecutures,” IEEE Trans. Computers, vol. 59, no. 8, pp. 1145-1151, Aug. 2010.
[16] S. H. Wang, W. C. Lin, J. H. Ye, and M. D. Shieh, “Fast Scalable Radix-4 Montgomery Modular Multiplier,” IEEE International Symposium Circuits and Systems, pp. 3049-3052, May 2012.
[17] 張凱程, “適用於RSA加解密系統之高效能低功率可調式模數乘法器,” 國立中山大學, 碩士論文, July 2010.
[18] 陳佳妏, “低耗能多重字組模數乘法器之設計,” 國立中山大學, 碩士論文, July 2012.
[19] T. Blun and C. Paar, “Montgomery Modular Exponentiation on Reconfigurable Hardware,” Proc. 14th IEEE Symp. Computer Arithmetic, pp. 70-77, Apr. 1999.
[20] C. Walter, “Systolic Modular Multiplication,” IEEE Trans. Computers, vol. 35, no. 1, pp. 1-12 Jan, 1986.
[21] CIC Referenced Flow for Cell-based IC Design, National Chip Implementation Center, Hsinchu, Taiwan, 2008.
[22] TSMC 0.90-μm (CL090G) Process 1.2-Volt SAGE-XTM Standard Cell Library Databook, Artisan Components, Sunnyvale, CA, Jan. 2004.
[23] 邱昶騰, “高效能高基數蒙哥馬利模數乘法器,” 國立中山大學, 碩士論文, July 2013.
[24] 蔡嘉和, “高效能基數四之字組式蒙哥馬利模數乘法器,” 國立中山大學, 碩士論文, July 2014.
[25] 許桓偉, “適用於RSA 加解密系統之高效能低功率模數乘法器,” 國立中山大學, 碩士論文, 2011.
[26] 許弘譯, “適用於RSA 密碼系統的高效能基數-4 蒙哥馬利模數乘法器,” 國立中山大學, 碩士論文, 2011.
[27] 陳俊吉, “高基數字組式蒙哥馬利乘法器之通用化設計方法, ” 國立中山大學, 碩士論文, 2015.
[28] G. Sassaw, C.J. Jimenez, and M. Valencia, “High Radix Implementation of
Montgomery Multipliers with CSA,” International Conference on
Microelectronics (ICM), pp. 315-318, Dec. 2010.
[29] Holger Orup, “ Simplifying Quotient Determination in High-Radix Modular
Multiplication, ” IEEE Symp. Computer Arithmetic, pp. 193-199, Jul. 1995.
[30] 呂仁堯 , “高效能高基數之字組式蒙哥馬利模數乘法器,“ 國立中山大學, 碩士論文, 2014.