Ronald Rietman

Henk D. L. Hollmann, Ronald Rietman, Sebastiaan de Hoogh et al.

We present a method to increase the dynamical range of a Residue Number System (RNS) by adding virtual RNS layers on top of the original RNS, where the required modular arithmetic for a modulus on any non-bottom layer is implemented by means of an RNS Montgomery multiplication algorithm that uses the RNS on the layer below. As a result, the actual arithmetic is deferred to the bottom layer. The multiplication algorithm that we use is based on an algorithm by Bajard and Imbert, extended to work with pseudo-residues (remainders with a larger range than the modulus). The resulting Recursive Residue Number System (RRNS) can be used to implement modular addition, multiplication, and multiply-and-accumulate for very large (2000+ bits) moduli, using only modular operations for small (for example 8-bits) moduli. A hardware implementation of this method allows for massive parallelization. Our method can be applied in cryptographic algorithms such as RSA to realize modular exponentiation with a large (2048-bit, or even 4096-bit) modulus. Due to the use of full RNS Montgomery algorithms, the system does not involve any carries, therefore cryptographic attacks that exploit carries cannot be applied.

Oscar Garcia-Morchon, Ronald Rietman, Ludo Tolhuizen et al.

We consider a two polynomials analogue of the polynomial interpolation problem. Namely, we consider the Mixing Modular Operations (MMO) problem of recovering two polynomials $f\in \Z_p[x]$ and $g\in \Z_q[x]$ of known degree, where $p$ and $q$ are two (un)known positive integers, from the values of $f(t)\bmod p + g(t)\bmod q$ at polynomially many points $t \in \Z$. We show that if $p$ and $q$ are known, the MMO problem is equivalent to computing a close vector in a lattice with respect to the infinity norm. We also implemented in the SAGE system a heuristic polynomial-time algorithm. If $p$ and $q$ are kept secret, we do not know how to solve this problem. This problem is motivated by several potential cryptographic applications.

Oscar Garcia-Morchon, Ronald Rietman, Igor E. Shparlinski et al.

Motivated by a recently introduced HIMMO key distribution scheme, we consider a modification of the noisy polynomial interpolation problem of recovering an unknown polynomial $f(X) \in Z[X]$ from approximate values of the residues of $f(t)$ modulo a prime $p$ at polynomially many points $t$ taken from a short interval.