# Joel Brigida

## CDA-4321: Cryptographic Engineering

## Prelab #3: Efficient Reduction Operations
### Modular Arithmetic

# Montgomery Multiplication, Addition & Subtraction:

- Function Definitions:

In [1]:
def mod_add(a, b): 
    return (a + b) % p

def mod_sub(a, b): 
    return (a - b) % p

def mont_mult(a, b): 
    return (a * b * Rinv) % p

### Values for Modular Arithmetic:

In [2]:
p = 2^20 - 3
R = 2^20
R2 = (R^2) % p
Rinv = inverse_mod(R, p)

a = 0x486d1
b = 0xd1dc3
c = 0x138a4
d = 0x47f45
e = 0xbdcc8

## Perform Operations in Montgomery Domain:

Need to perform: $$ (a \times b + c \times d - e) $$ In the Montgomery domain.

Order of operations: 
$$ (a \times b) = r_1 $$ 
$$ (c \times d) = r_2 $$ 
$$ (r1 + r2) = r_3 $$ 
$$ r_3 - e = r_4 $$
$$ \therefore \, r_4 = (a \times b + c \times d - e) $$ 

In [3]:
aa = mont_mult(a, R2)
print(f'aa = {hex(aa)}')

bb = mont_mult(b, R2)
print(f'bb = {hex(bb)}')

cc = mont_mult(c, R2)
print(f'cc = {hex(cc)}')

dd = mont_mult(d, R2)
print(f'dd = {hex(dd)}')

ee = mont_mult(e, R2)
print(f'ee = {hex(ee)}\n')

r1 = mont_mult(aa, bb)
r2 = mont_mult(cc, dd)
r3 = mod_add(r1, r2)
r4 = mod_sub(r3, ee)

print(f'r4 = {hex(r4)} in hexadecimal in Montgomery Domain')
print(f'r4 = {hex(mont_mult(r4, 1))} in Real Domain\n')

print(f'Answer Check: r4 = {hex(((a * b) + (c * d) - e) % p)}')

aa = 0xd9473
bb = 0x7594f
cc = 0x3a9ec
dd = 0xd7dcf
ee = 0x3965e

r4 = 0x9e15a in hexadecimal in Montgomery Domain
r4 = 0x34b1e in Real Domain

Answer Check: r4 = 0x34b1e


# Barrett Reduction

## Algorithm:

$$ q_1 = \bigg \lfloor \frac{x}{2^{k + 1}} \bigg \rfloor $$

$$ q_2 = q_1 \times \mu $$

$$ q_3 = \bigg \lfloor \frac{q_2}{2^{k + 1}} \bigg \rfloor $$

$$ r_1 = x \bmod 2^{k + 1} $$

$$ r_2 = q_3 \times p \bmod 2^{k + 1} $$

$$ r = r_1 - r_2 $$

$$ \text{If } r < 0 \text{ then: } \, \, r = r + 2^{k + 1} $$ 

$$ \text{While } r \ge p \text{ then: } \, \, r = r - p $$

$$ \text{Return } r $$

## Function Definition:

In [9]:
def barrettReduction(x, p, k, mu):    
    q1 = x >> (k - 1)
    print(f'q1 = {hex(q1)}')

    q2 = q1 * mu
    print(f'q2 = {hex(q2)}')

    q3 = q2 >> (k + 1)

    r1 = x & (2^(k + 1) - 1)        # x mod 2^(k+1) : mask to perform mod operation
    print(f'r1 = {hex(r1)}')

    r2 = q3 * p & (2^(k + 1))   # q3 * p mod 2^(k+1)
    print(f'r2 = {hex(r2)}\n')

    r = r1 - r2
    print(f'Before if: r = {hex(r)}')

    if r < 0:
        r = r + (2^(k+1))

    print(f'After if: r = {hex(r)}')

    while r >= p:
        r = r - p

    print(f'After while: r = {hex(r)}')
    return r

## Values For Reduction:

In [5]:
x = 10256
p = 71
k = 7
mu = (2^(2 * k)) // p # integer division

print(f'mu = {hex(mu)}')

mu = 0xe6


In [11]:
barrettOutput = barrettReduction(x, p, k, mu)
print(f'\n\nResult of Barrett Reduction: {hex(barrettOutput)} = {barrettOutput}')

q1 = 0xa0
q2 = 0x8fc0
r1 = 0x10
r2 = 0xa9

Before if: r = -0x99
After if: r = 0x67
After while: r = 0x20


Result of Barrett Reduction: 0x20 = 32


In [None]:
a = 2^15 - 1

print(f'a = {bin(a)} = {hex(a)}')