The combinatorics of product scanning multiplication and squaring

Abstract

Multiprecision multiplication and squaring are fundamental operations used heavily in fielded public key cryptosystems. The method called product scanning for both multiplication and squaring requires fewer memory accesses than the competing approach called operand scanning. A correctness proof for product scanning loop logic will assure that the method works as intended (beyond engineering testing) and will improve understanding of it. However, no proofs of correctness for product scanning multiplication loop logic nor product scanning squaring loop logic has been provided before, to our knowledge. To this end, in this note we provide exact combinatorial characterizations of the loop structure for both product scanning multiplication and product scanning squaring and then use these characterizations to present the first proofs of correctness for the iterative loops of these methods. Specifically, we identify the two combinatorial families that are inherently present in the loop structures. We give closed form expressions that count the size of these families and show successor algorithms for them. The combinatorial families we present may help shed light on the structure of similar methods. We also present loop control code that leverages these two successor algorithms. This has applications to implementations of cryptography and multiprecision libraries.