近年來由於網際網路的發展，電子商務的應用也越來越多。在網路上進行交易時必須防止個人資料洩漏出去，所以「網路安全」這個研究主題越來越重要。要鞏固網路安全可以使用密碼系統，而RSA密碼演算法就是一種特殊的非對稱密碼法，常用於網路上的公鑰加密系統。它是使用兩個質數作為加密與解密的兩個鑰匙(key)，這兩個鑰匙分別稱為公開鑰匙 (public key) 和私人鑰匙 (private key 或是 secret key)。公開鑰匙作為加密，只有使用私人鑰匙才能解密，解密者只要不洩露私人鑰匙，他人就算有公開鑰匙，也是很難把私人鑰匙推算出來，即使利用反向工程來解密也不是一件簡單的事，所以 RSA 算是一種十分安全的加解密演算法。目前為了保證資料的安全性，RSA鑰匙的長度至少要大於512位元。假若使用軟體實做RSA密碼系統，那麼加/解密速度將會非常緩慢，為了達到網路上即時的要求，因此我們將RSA密碼系統以硬體電路實現。

先前已有很多文獻提出RSA的硬體架構，而大部分皆採用Montgomery演算法來實作。這是因為一次RSA加/解密是執行ME mod N運算，直觀上會用到乘法跟除法，但Montgomery演算法是將乘法和除法改成以加法跟移位來完成，缺點是會耗費比較多的時間。假設鑰匙的長度為512位元，根據Montgomery演算法處理一個A•B mod N需要耗費512個時脈週期才能完成。所以假如要執行一次RSA加/解密的模指數運算ME mod N ，等於要耗費512•512個時脈週期，亦即作一次RSA加/解密的模指數運算還是需要花費許多時間。

針對上述缺點，本篇論文採用Radix-4演算法將執行A•B mod N的時脈週期數減少50％並且減少傳統Radix-4架構的最長路徑延遲以達到加速的效果。目前本篇論文所提出的512位元Radix-4模數乘法器（Our-Booth-Radix-4）比Radix-2模數乘法器（4-to-2 CSA架構）快70％，面積則增加24％。與傳統的非布斯Radix-4模數乘法器比較則快20％，而面積減少12％。因此，我們提出的Radix-4模數乘法器（Our-Booth-Radix-4）之整體AT(面積․時間)比先前的版本好。

Thanks to the development of the Internet in recent years, we can see more and more applications on E-commerce in the world. At the same time, we have to prevent our personal information to be leaked out during the transaction. Therefore, topic on researching network security becomes increasingly popular. It is well-known that an encryption system can be applied to consolidate the network security. RSA encryption algorithm is a special kind of asymmetric cryptography, commonly used in public key encryption system on the network, by using two prime numbers as the two keys to encrypt and decrypt. These two keys are called public key and private key, and the key length is at least 512 bits. As a public key encryption, the only way to decrypt is using the private key. As long as the private key is not revealed, it is very difficult to get the private key from the public key even using the reverse engineering. Therefore, RSA encryption algorithm can be regarded as a very safe encryption and decryption algorithm. As the minimum key length has to be greater than 512 bits to ensure information security, using software to execute RSA encryption and decryption will be very slow so that the real time requirement may not be satisfied. Hence we will have to implement RSA encryption system with a hardware circuit to meet the real time requirement on the network.
Modular exponentiation (i.e., ME mod N) in RSA cryptosystem is usually achieved by repeated modular multiplications on large integers. A famous approach to implement the modular multiplication into hardware circuits is based on the Montgomery modular multiplication algorithm, which replaces the trial division by modulus with a series of addition and shift operations. However, a large amount of clock cycle is still required to complete a modular multiplication. For example, Montgomery multiplication algorithm will take 512 clock cycles to complete an A․B mod N. As a result, performing one modular exponentiation ME mod N in RSA cryptosystm will need 512․512 clock cycles.
To counter the above disadvantage, we employ radix-4 algorithm to reduce 50% of clock cycle number for each A•B mod N. In addition, we also modify the architecture of conventional in order to achieve the radix-4 algorithm to reduce its critical path delay so that the performance can be improved further.
Experimental results show that the proposed 1024-bit radix-4 modular multiplier (Our-Booth-Radix-4) before performing as pipeline is 70% faster than the radix-2 multiplier with 24% area overhead. Furthermore, it is 20% faster than traditional radix-4 modular multiplier with 12% area reduction. Therefore, its AT is smaller than the previous architectures.

第一章 緒論……………………………………………………………..1
1.1 研究背景…………………………………………………………………….1
1.2 研究動機與方向…………………………………………………………….1
1.3 貢獻………………………………………………………………………….2
1.4 論文組織…………………………………………………………………….2
第二章 相關研究與背景知識…………………………………………..3
2.1 RSA密碼系統原理………………………………………………………….3
2.2 Radix-2蒙哥馬利模數乘法演算法………………………………………...4
2.3 5-to-2 CSA蒙哥馬利模數乘法演算法……………………………………..7
2.4 4-to-2 CSA蒙哥馬利模數乘法演算法……………………………………..9
2.5 Yang蒙哥馬利模數乘法演算法…………………………………………...11
2.6 模指數演算法………………………………………………………….......13
2.6.1 L-模指數演算法…………………………………………………….13
2.6.2 H-模指數演算法……………………………………………………16
第三章 Radix-4 蒙哥馬利模數乘法演算法與硬體架構…………….19
3.1 Radix-4蒙哥馬利模數乘法演算法………………………………………..19
3.1.1 Radix-4蒙哥馬利模數乘法演算法………………………………...19
3.1.2 Radix-4蒙哥馬利模數乘法器硬體架構…………………………...22
3.2 Our-Radix-4蒙哥馬利模數乘法演算法…………………………………..24
3.2.1 Our-Radix-4蒙哥馬利模數乘法演算法…………………………...24
3.2.2 Our-Radix-4蒙哥馬利模數乘法器硬體架構……………………...26
3.3 Radix-4布斯編碼蒙哥馬利模數乘法演算法……………………………..27
3.3.1 布斯演算法…………………………………………………………28
3.3.2 Radix-4布斯編碼蒙哥馬利模數乘法演算法……………………...29
3.3.3 Radix-4布斯編碼蒙哥馬利模數乘法器硬體架構………………...33
3.4 Our-Booth-Radix-4蒙哥馬利模數乘法演算法…………………………..34
3.4.1 Our-Booth-Radix-4蒙哥馬利模數乘法演算法…………………...35
3.4.2 Our-Booth-Radix-4蒙哥馬利模數乘法器硬體架構……………...38

第四章 實驗數據比較…………………………………………………44
第五章 結論與未來工作………………………………………………49
5.1 結論………………………………………………………………………...49
5.2 未來工作…………………………………………………………………...49
參考文獻………………………………………………………………..50

[1] P. L. Montgomery, “Modular multiplication without trial division,”Math. Comput.
, vol. 44, pp. 519–521, Apr. 1985.
[2] C.McIvor, M.McLoone and J.V.McCanny, “Modified Montgomery modular
multiplication and RSA exponentiation techniques”, IEE Proc.-Comput. Digit. Tech., November 2004, Vol. 151, No. 6, pp. 402-408.
[3] P. S. Chen, S. A. Hwang, and C. W. Wu, “A systolic RSA public
keycryptosystem,” IEEE Int. Symp. Circuits Syst., May 1996, pp.408–411.
[4] D. E. Knuth, The Art of Computer Programming: Seminumeral Algo-rithms. New
York: Addison-Wesley, 1981, vol. 2.
[5] J.-H. Hong and C.-W. Wu, “Radix-4 modular multiplication and exponentiation
algorithms for the RSA public-key cryptosystem,” Asia and South Pacific. Design Automation Conference, 2000.
[6] R.V. Kamala and M.B. Srinivas, “High-Throughput Montgomery Modular
Multiplication,” IFIP International Conference on Very Large Scale
Integration , 2006.
[7] M.-D. Shieh, Member, “A New Algorithm for High-Speed Modular
Multiplication Design,” ieee transactions on circuits and systems—i: regular
papers, vol. 56, no. 9, september 2009.
[8] Y.S. Kim, W.S. Kang, and J.R. Choi,”Implementation of 1024-bit modular
processor for RSA cryptosystem”. http://www.ap-asic.org/2000/proceedings/
10-4.pdf.
[9] V. Bunimov, M. Schimmler, and B. Tolg, “A Complexity-Effective Version of
Montgomery’s Algorithm”. Presented at the Workshop on Complexity Effective
Designs (WECD02), May 2002.


[10] C. D. Walter, “Montgomery exponentiation needs no final subtrac-tions,”
Electron. Lett., vol. 32, no. 21, pp. 1831–1832, Oct. 1999.
[11] J.-H. Hong and C.-W. Wu, “Radix-4 Modular Multiplication and Exponentiation
Algorithms for the RSA Public-Key Cryptosystem,” Asia and South Pacific
Design Automation Conference, 2000.
[12] S.S. Ghoreishi, M.A. Pourmina, H. Bozorgi and M. Dousti, “High Speed RSA
Implementation Based on Modified Booth's Technique and Montgomery's
Multiplication for FPGA Platform,” Second International Conference on
Advances in Circuits, Electronics and Micro-electronics, 2009.
[13] G. Sassaw, C.J. Jimenez and M. Valencia, “High radix implementation of
Montgomery multipliers with CSA,” International Conference on
Microelectronics (ICM), 2010.
[14] J Leu and A. Wu, "Design methodology for Booth-encoded Montgomery module
design for RSA cryptosystem," IEEE Int. Symp. Circuits and Systems
(ISCAS-2000), pp.357-360, May 2000.