Speed records for multi-prime RSA using AVX2 architectures

Abstract

RSA is a popular public key algorithm. Its private key operation is modular exponentiation with a composite 2k-bit modulus that is the product of two kbit primes. Computing 2k-bit modular exponentiation can be sped up four fold with the Chinese Remainder Theorem (CRT), requiring two k-bit modular exponentiations (plus recombination). Multi-prime RSA is the generalization to the case where the modulus is a product of r ≥ 3 primes of (roughly) equal bit-length, 2k/r. Here, CRT trades 2k-bit modular exponentiation with r modular exponentiations, with 2k/r-bit moduli (plus recombination). This paper discusses multi-prime RSA with key lengths (=2k) of 2048/3072/4096 bits, and r = 3 or r = 4 primes. With these parameters, the security of multi-prime RSA is comparable to that of classical RSA. We show how to optimize multi-prime RSA on modern processors, by parallelizing r modular exponentiations and leveraging “vector” instructions, achieving performance gains of up to 5.07x.