阅读说明：本技术 采用迭代计算的模数运算电路 (Modulus operation circuit adopting iterative computation ) 是由 林文景 于 2021-02-19 设计创作，主要内容包括：本发明公开了一种模数运算电路,包括控制器、模数乘法器及模数加法器。控制器将第一数字分为K分段。模数乘法器于(K-1)迭代中对K分段执行模数乘法运算,而模数加法器于(K-1)迭代中对K分段执行模数加法运算,以得出第一数字除以第二数字的余数。(The invention discloses a modulus operation circuit, which comprises a controller, a modulus multiplier and a modulus adder. The controller divides the first number into K segments. The modular multiplier performs modular multiplication on the K segments in the (K-1) iteration, and the modular adder performs modular addition on the K segments in the (K-1) iteration to obtain a remainder of the first number divided by the second number.)

1. A method of operating a modulo arithmetic circuit comprising a controller, a modulo multiplier, and a modulo adder, the method comprising:

the controller divides a first number into K segments;

in a first iteration:

the modulus multiplier executes a first modulus multiplication operation according to a first section and a first base number of the K section to generate a first intermediate result; and

the modulus adder performs a first modulus addition operation to generate a first iteration remainder according to the first intermediate result and a second segment of the K segment; and

in a second iteration:

the modulus multiplier performs a second modulus multiplication operation to generate a second intermediate result according to the first iteration remainder and a second base number; and

the modulus adder performs a second modulus addition operation to generate a second iteration remainder according to the second intermediate result and a third segment of the K segment;

wherein:

k is an integer greater than 2;

a bit length of each of the K segments is less than or equal to a third number;

the third number is an unconditional carry result of a logarithm of the second number based on 2;

the first base number is obtained according to a first exponent value of a base 2 of a bit length of the second segment; and

the second base number is derived from a base-2 second index value of a bit length of the third segment.

2. The method of claim 1, further comprising:

the controller outputs a (K-1) th iteration remainder as a remainder of the division of the first number by the second number after performing a (K-1) th iteration.

3. The method of claim 1 wherein the K segments have a same bit length.

4. The method of claim 1, wherein at least two of the K segments have different bit lengths.

5. The method of claim 1, wherein:

the first radix is a remainder of the first exponent value divided by the second number; and

the second radix is a remainder of the second exponent value divided by the second number.

6. The method of claim 1, wherein:

a bit length of the first segment is less than the third number; and

the modular multiplier performs the first modular multiplication operation according to the first segment and the first radix of the K segment to generate the first intermediate result, comprising:

the modulus multiplier multiplies the first segment by the first base number to generate a multiplication result; and

the modulus multiplier divides the multiplication result by the second number to obtain a remainder to generate the first intermediate result.

7. The method of claim 1, wherein:

a bit length of the first segment is equal to the third number; and

the modular multiplier performs the first modular multiplication operation according to the first segment and the first radix of the K segment to generate the first intermediate result, comprising:

the modulus adder performs a third modulus addition operation on the first segment and zeros to generate a first processed input number;

the analog-to-digital multiplier multiplies the first processed input digit by the first base number to generate a multiplication result; and

the modulus multiplier divides the multiplication result by the second number to obtain a remainder to generate the first intermediate result.

8. The method of claim 1, wherein:

a bit length of the second segment is less than the third number; and

the modulo adder performing the first modulo addition to generate the first iteration remainder according to the first intermediate result and the second segment of the K segment includes:

the modulo adder adding the first intermediate result and the second fractional segment to generate a sum; and

the modulo adder divides the sum by the second number to generate a remainder for the first iteration.

9. The method of claim 1, wherein:

a bit length of the second segment is equal to the third number; and

the modulo adder performing the first modulo addition to generate the first iteration remainder according to the first intermediate result and the second segment of the K segment includes:

the modulus adder performs a fourth modulus addition operation on the second segment and zeros to generate a second processed input number;

the modulus adder adding the first intermediate result and the second processed input number to generate a sum; and

the modulo adder divides the sum by the second number to generate a remainder for the first iteration.

10. The method of claim 1, further comprising:

the controller determines whether a bit length of the first segment is less than the third number or equal to the third number; and

the controller determines whether a bit length of the second segment is less than the third number or equal to the third number.

11. A modular arithmetic circuit, comprising:

a controller for dividing a first number into K segments;

a modulus multiplier, coupled to the controller, for performing a first modulus multiplication operation to generate a first intermediate result according to a first segment of the K segments and a first radix during a first iteration, and performing a second modulus multiplication operation to generate a second intermediate result according to a first iteration remainder and a second radix during a second iteration; and

a modulo adder coupled to the controller and configured to perform a first modulo addition to generate the first iteration remainder during the first iteration based on the first intermediate result and a second one of the K segments, and to perform a second modulo addition to generate a second iteration remainder during the second iteration based on the second intermediate result and a third one of the K segments;

wherein:

k is an integer greater than 2;

a bit length of each of the K segments is less than or equal to a third number;

the third number is an unconditional carry result of a logarithm of the second number based on 2;

the first base number is obtained according to a first exponent value of a base 2 of a bit length of the second segment; and

the second base number is derived from a base-2 second index value of a bit length of the third segment.

12. A modulo arithmetic circuit according to claim 11, wherein the controller is further configured to output a (K-1) th iteration remainder as a remainder of the division of the first number by the second number after a (K-1) th iteration.

13. The modulo arithmetic circuit of claim 11, wherein the K segments have a same bit length.

14. The modular arithmetic circuit of claim 11, wherein at least two of the K segments have different bit lengths.

15. The modulo arithmetic circuit of claim 11, wherein:

the first radix is a remainder of the first exponent value divided by the second number; and

the second radix is a remainder of the second exponent value divided by the second number.

16. The modulo arithmetic circuit of claim 11, wherein:

a bit length of the first segment is less than the third number; and

the modulus multiplier multiplies the first segment by the first base to generate a multiplication result, and divides the multiplication result by the second number to obtain a remainder, thereby generating the first intermediate result.

17. The modulo arithmetic circuit of claim 11, wherein:

a bit length of the first segment is equal to the third number;

the modulo adder is further configured to perform a third modulo addition operation on the first segment and zeros to generate a first processed input number; and

the modulo multiplier multiplies the first processed input digit by the first base number to generate a multiplication result, and divides the multiplication result by the second digit to obtain a remainder, thereby generating the first intermediate result.

18. The modulo arithmetic circuit of claim 11, wherein:

a bit length of the second segment is less than the third number; and

the modulo adder adds the first intermediate result and the second fractional segment to generate a sum and divides the sum by the second number to obtain a remainder to generate the first iterative remainder.

19. The modulo arithmetic circuit of claim 11, wherein:

a bit length of the second segment is equal to the third number; and

the modulo adder performs a fourth modulo addition operation on the second segment and zero to generate a second processed input number, adds the first intermediate result and the second processed input number to generate a sum, and divides the sum by the second number to obtain a remainder to generate the first iteration remainder.

20. The modulo arithmetic circuit of claim 11, wherein the controller is further configured to determine whether a bit length of the first segment is less than or equal to the third number and whether a bit length of the second segment is less than or equal to the third number.

21. A method of operating a modulo arithmetic circuit to obtain a remainder of a first number divided by a second number, the modulo arithmetic circuit comprising a controller, a modulo multiplier, and a modulo adder, the method comprising:

the controller divides the first number into two segments;

in a first iteration:

the modulus multiplier executes a first modulus multiplication operation according to a first segment and a first base number of the two segments to generate a first intermediate result; and

the modulus adder performs a first modulus addition operation to generate the remainder according to the first intermediate result and a second segment of the two segments; and

the controller outputs the remainder;

wherein:

a bit length of each of the two segments is less than or equal to a third number;

the third number is an unconditional carry result of a logarithm of the base-2 of the second number; and

the first base is derived from an exponent value based on 2 of a bit length of the second segment.

Technical Field

The present invention relates to a modulo arithmetic circuit, and more particularly, to a modulo arithmetic circuit using iterative computation.

Background

Modular operations (modular operations) are widely used in cryptosystems. For example, many algorithms for generating keys or digital signatures require modulus operations, and often employ dividers to perform the modulus operations and obtain a remainder after division is complete. However, the hardware for implementing the divider is quite complex and requires a large circuit area. If the cryptosystem needs to perform modulus operation on a large number of values, the divider will need a larger area, making the cryptosystem impractical to construct.

Disclosure of Invention

The invention relates to an operation method of a modulus operation circuit, which comprises a controller, a modulus multiplier and a modulus adder, wherein the method comprises the steps that the controller divides a first digit into K sections, in a first iteration, the modulus multiplier executes a first modulus multiplication operation according to the first sections and first base numbers of the K sections to generate a first intermediate result, the modulus adder executes a first modulus addition operation according to the first intermediate result and second sections of the K sections to generate a first iteration remainder, in a second iteration, the modulus multiplier executes a second modulus multiplication operation according to the first iteration remainder and second base numbers to generate a second intermediate result, and the modulus adder executes a second modulus addition operation according to the second intermediate result and third sections of the K sections to generate a second iteration remainder. K is an integer greater than 2. The bit length of each of the K segments is less than or equal to a third number. The third number is the result of an unconditional carry of the base-2 logarithm of the second number. The first base is derived from a base-2 first exponent value of the bit length of the second segment. The second base number is derived from a base-2 second index value of the bit length of the third segment.

The invention relates to another analog-to-digital operation circuit, which comprises a controller, an analog-to-digital multiplier and an analog-to-digital adder. The controller is configured to divide the first number into K segments. The modulus multiplier is coupled to the controller and configured to perform a first modulus multiplication operation to generate a first intermediate result according to a first segment of the K segments and a first radix during a first iteration, and perform a second modulus multiplication operation to generate a second intermediate result according to a first iteration remainder and a second radix during a second iteration. The modulus adder is coupled to the controller and configured to perform a first modulus addition operation to generate a first iteration remainder during a first iteration according to the first intermediate result and a second one of the K segments, and perform a second modulus addition operation to generate a second iteration remainder during a second iteration according to the second intermediate result and a third one of the K segments. K is an integer greater than 2. The bit length of each of the K segments is less than or equal to a third number. The third number is the result of an unconditional carry of the base-2 logarithm of the second number. The first base is derived from a base-2 first exponent value of the bit length of the second segment. The second base number is derived from a base-2 second index value of the bit length of the third segment.

The invention relates to another operation method of an analog-digital operation circuit, wherein the analog-digital operation circuit comprises a controller, an analog-digital multiplier and an analog-digital adder, and the method comprises the step that the controller divides a first number into two segments. In the first iteration, the modulus multiplier performs a first modulus multiplication operation according to the first segment of the two segments and the first base number to generate a first intermediate result, and the modulus adder performs a first modulus addition operation according to the first intermediate result and the second segment of the two segments to generate a first iteration remainder. The controller outputs the remainder. The bit length of each of the two segments is less than or equal to a third number. The third number is the result of an unconditional carry of the base-2 logarithm of the second number. The first base is derived from a base-2 first exponent value of the bit length of the second segment.

Drawings

Fig. 1 shows a modulo arithmetic circuit according to an embodiment of the present invention.

FIG. 2 is a flow chart illustrating a method of operation of the analog-to-digital circuit of FIG. 1.

Wherein the reference numerals are as follows:

100 modulus arithmetic circuit

110 controller

120 modulus multiplier

130 modulus adder

200 method

S210 to S250 step

A1 first number

AS 1-ASK segmentation

N1 second number

R1 remainder

Detailed Description

Fig. 1 shows a modulo operation circuit 100 according to an embodiment of the invention. The modulo arithmetic circuit 100 includes a controller 110, a modulo multiplier 120, and a modulo adder 130. In some embodiments, the modulo arithmetic circuit 100 may be used to divide the first number a1 by the second number N1 to yield the remainder R1.

In fig. 1, the modulo multiplier 120 and the modulo adder 130 are coupled to the controller 110. The analog-to-digital multiplier 120 may be implemented by multiplying two input numbersTo generate a product and the remainder of the output product divided by another input number, thereby performing a modular multiplication operation. The modulo adder 130 performs a modulo addition operation by adding two input numbers to generate a sum and dividing the output sum by the remainder of the other input number. In addition, the controller 110 can control the data flow of the modulo multiplier 120 and the modulo adder 130. In some embodiments, the controller 110 may divide the first number a1 into K segments AS1 through ASK, where K may be an integer greater than or equal to 2. In some embodiments, to maintain the area of the modulo arithmetic circuit 100 within a desired size, each of the K segments AS1 through ASK may have a bit length less than or equal to the third number n 1. The third number N1 may be an unconditional carry result of the base-2 logarithm of the second number N1, i.e., N1 may be log₂N1. In fig. 1, bit lengths AB1 to ABK of the segments AS1 to ASK may be the same; however, in some other embodiments, the bit lengths AB1 through ABK of at least two segments may be different.

Since the first number a1 is divided into K segments AS1 to ASK, the first number a1 can be represented by the following formula (1).

In equation (1), the first number a1 can be further expressed in the manner of equations (2) to (7), where K is an integer greater than 3 and less than (K-1).

A1＝{[(AS1×2^AB2+AS2)×2^AB3+AS3]×2^AB4+AS4}×2^AB5...+ASK

Formula (2)

T1＝AS1×2^AB2+ AS 2; formula (3)

T2＝T1×2^AB3+ AS 3; formula (4)

T3＝T2×2^AB4+ AS 4; formula (5)

...

Tk ═ T (k-1) × 2AB (k +1) + AS (k +1) formula (6)

...

T (K-1) ═ T (K-2) × 2ABK + ASK ═ a1 formula (7)

In this case, for the iteration values T1, T2 through T (K-1) having smaller values, the complex modulus operation of the first number a1 can be divided into several simplified modulus operations. I.e., the (K-1) iteration is performed by the modulo multiplier 120 and the modulo adder 130 to perform the modulo operation to obtain the remainder R1, thereby eliminating the need for complex division circuits that perform large value modulo operations.

In some embodiments, K may be equal to 2. That is, the first number a1 may be divided into two segments AS1 and AS 2. In this case, the modulus operation does not require multiple iterations to obtain the remainder R1. I.e., iterating the modulo operation of the value T1, yields the remainder R1.

Fig. 2 shows a method 200 of operating the modulo arithmetic circuit 100 to derive the remainder R1. The method 200 includes steps S210 to S250.

S210: the controller 110 divides the first number a1 into K segments AS1 through ASK;

s220: in a first iteration, the modulo multiplier 120 performs a modulo multiplication operation according to the first segment AS1 and the first radix B1 to generate a first intermediate result ITM 1;

s222: the modulus adder 130 performs a modulus addition operation according to the first intermediate result ITM1 and the second segment AS2 to generate a first iteration remainder ITR 1;

s230: if the (K-1) th iteration is completed, executing the step S250, otherwise, executing the step S240;

s240: in the kth iteration, the modulus multiplier 120 performs a modulus multiplication operation according to the (k-1) th iteration remainder and the kth base number to generate a kth intermediate result;

s242: the modulo adder 130 performs a modulo addition operation according to the kth intermediate result and the (K +1) th segment of the K segments to generate a kth iteration remainder, and jumps to step S230;

s250: the (K-1) th iteration remainder is output as the remainder R1 of the first number A1 divided by the second number N1.

After the first number a1 is divided into K segments AS1 to ASK in step S210, a modulo operation may be performed on the iterative value T1 in steps S220 and S222. For example, in step S220, the modulo multiplier 120 may perform a modulo multiplication operation to generate a first intermediate result ITM1 according to the first segment AS1, the first radix B1, and the second number N1. The first intermediate result ITM1 may be represented by equation (8) below.

ITM1 ═ (AS1 × B1) mod N1 equation (8)

That is, the modulus multiplier 120 may multiply the first segment AS1 by the first radix B1 to generate a multiplication result and generate a first intermediate result ITM1 by dividing the multiplication result by the second number N1 to obtain a remainder. In some embodiments, the first radix B1 may be a base-2 exponent value of the bit length AB2 of the second segment AS2, i.e., the first radix B1 may be represented AS a 2^AB2. However, in some embodiments, to ensure that AS 1xb 1 is within the computational capabilities of the modular multiplier 120, the first radix B1 may be the first exponent value 2^AB2The remainder of the division by the second number N1, i.e., the first radix B1, may be 2^AB2mod N1. Also, in step S222, the modulo adder 130 may perform a modulo addition operation according to the first intermediate result ITM1, the second segment AS2, and the second number N1 to generate a first iterative remainder ITR 1. The first iteration remainder ITR1 may be represented by equation (9) below.

ITR1＝(ITM1+AS2)mod N1＝[(AS1×B1)mod N1+AS2]mod N1

Formula (9)

That is, the modulus adder 130 may add the first intermediate result ITM1 and the second segment AS2 to generate a sum and divide the sum by the second number N1 to generate a remainder to generate the first iterative remainder ITR 1.

After steps S220 and S222, a remainder ITR1 of the iteration value T1 divided by the second number N1 may be obtained, and the first iteration remainder ITR1 may be used for the next iteration. For example, in step S240, during the second iteration, the modulus multiplier 120 may perform a modulus multiplication operation according to the first iteration remainder ITR1 and the second radix B2 to generate a second intermediate result ITM 2. The second intermediate result ITM2 may be represented by equation (10) below.

ITM2 ═ (ITR1 × B2) mod N1 equation (10)

At one endIn some embodiments, the second radix B2 may be derived from the base-2 exponent value of the bit length AB3 of the third segment AS3, i.e., the second radix B2 may be represented AS a base-2^AB3. However, in some embodiments, to ensure that the value of ITR1xB2 is within the computational capabilities of the modular multiplier 120, the second radix B2 may be a second exponent value of 2^AB3The remainder of the division by the second number N1, i.e., the second radix B2, may be 2^AB3 mod N1。

Also, in step S242, the modulo adder 130 may perform a modulo addition operation based on the second intermediate result ITM2 and the third segment AS3 to generate a second iterative remainder ITR 2. The second iteration remainder ITR2 may be represented by equation (11) below.

ITR2 ═ (ITM2+ AS3) mod N1 formula (11)

After steps S240 and S242, the remainder ITR2 of the iteration value T2 divided by the second number N1 may be obtained, and the second iteration remainder ITR2 may be used for the next iteration, and so on. Finally, after the (K-1) th iteration is completed, step S230 stops further iterations, and in step S250 the modulo arithmetic circuit 100 outputs the (K-1) th iteration remainder as the remainder R1 of the first number A1 divided by the second number N1.

In some embodiments, the computation power of the modulo multiplier 120 and the modulo adder 130 may be fixed in order to maintain the size of the modulo operation circuit 100 within an acceptable range. For example, the computation power of the modulo multiplier 120 and the modulo adder 130 may only be sufficient to handle numbers having a bit length equal to or less than the third number n 1. Therefore, if the bit length AB1 of the first segment AS1 is smaller than the third number n1, equation (8) can be directly performed by the modulo multiplier 120.

However, if the bit length AB1 of the first segment AS1 is equal to the third number n1, the computation may exceed the capability of the modulo multiplier 120. To ensure the correctness of the calculation result, the modulo operation may be performed on the first segment AS1 before the modulo multiplier 120 performs the modulo multiplication operation. In some embodiments, to reuse hardware and reduce the area of the modulo operation circuit 100, a modulo adder 130 may be used to perform the modulo operation. For example, the modulo adder 130 may perform a modulo addition operation on the first segment AS1 and zeros to generate a processed input number PI1, and the modulo multiplier 120 multiplies the processed input number PI1 by the first base B1 to generate a multiplication result, and divides the multiplication result by the second number N1 to obtain a remainder to generate the first intermediate result ITM 1. That is, if the bit length AB1 of the first segment AS1 is equal to the third number n1, equation (12) is performed in step S220 instead of equation (8).

ITM1 ═ (PI1 × B1) mod N1 ═ AS1 mod N1 × B1] mod N1 equation (12)

Similarly, if the bit length AB2 of the second segment AS2 is less than the third number n1, equation (9) may be directly performed by the modulo adder 130.

However, if the bit length AB2 of the second segment AS2 is equal to the third number n1, the computation may exceed the capability of the modulo adder 130. To ensure the correctness of the calculation results, another modulo operation may be performed on second segment AS2 before modulo adder 130 performs the modulo addition operation. In some embodiments, to reuse hardware and reduce the area of the modulo operation circuit 100, a modulo adder 130 may be used to perform the modulo operation. For example, the modulo adder 130 may perform a modulo addition operation on the second segment AS2 and zeros to generate the processed input number PI2, and the modulo adder 130 adds the first intermediate result ITM1 to the processed input number PI2 to generate a sum, which is divided by the second number N1 to generate the remainder for generating the first iterative remainder ITR 1. That is, if the bit length AB2 of the second segment AS2 is equal to the third number n1, formula (13) is performed in step S222 instead of formula (9).

ITR1 ═ (ITM1+ PI2) mod N1 ═ ITM1+ (AS2mod N1) mod N1 equation (13)

In some embodiments, method 200 may further include the step of controller 130 determining whether the bit length of segments AS 1-ASK is less than third number n1 or equal to third number n 1. Therefore, if the calculation exceeds the capability of the modulo multiplier 120 or the modulo adder 130, the additional modulo operations can be performed on the segments AS1 to ASK before being processed by the modulo multiplier 120 and the modulo adder 130, thereby ensuring the correct calculation result of the modulo operation circuit 100.

In summary, the modulo arithmetic circuit and the method for operating the modulo arithmetic circuit according to the embodiments of the present invention can perform a plurality of iterations of modulo arithmetic by using the modulo multiplier and the modulo adder. Therefore, a complicated division circuit for performing a modulo operation on a large number can be omitted, and the area of the modulo operation circuit can be greatly reduced.

The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.