A montgomery-suitable fiat-Shamir-like authentication scheme

Abstract

Montgomery’s algorithm [2] is a process for computing A B 2−|n| modulo n in O(Log(n)) memory space. Here we construct a Fiat-Shamir-like authentication scheme [1] suitable for Montgomery environnments without introducing any overhead in the number of modular multiplications requested for the execution of the normal protocol. A very recent result [3] establishes (in a constructive way) that A B 2−|n| mod n can be computed with the same complexity (timewise and hardwarewise) as A B (not mod n). This theoretical reduction of the problem of modular multiplication, recently applied to the design of today’s fastest hardware modular multiplier, is very important since it implies that the protocol presented hereafter can be executed in the same time as a Fiat-Shamir where all modular multiplications are replaced by standard multiplications. The fact that no constants are to be precalculated beforehand and the small amount of RAM requested for software implementation of the new protocol makes it highly convenient for smart-card applications.