Modular multiplication

Logical cryptanalysis has been introduced by Massacci and Marraro as a general framework for encoding properties of crypto-algorithms into SAT problems, with the aim of generating SAT benchmarks that are controllable and that share the properties of real-world problems and randomly generated problems. In this paper, spurred by the proposal of Cook and Mitchell to encode the factorization of large integers as a SAT problem, we propose the SAT encoding of another aspect of RSA, namely finding (i.e. faking) an RSA signature for a given message without factoring the modulus. Given a small public exponent e, a modulus n and a message m, we can generate a SAT formula whose models correspond to the e-th roots of m modulo n, without encoding the factorization of n or other functions that can be used to factor n. Our encoding can be used to either generate solved instances for SAT or both satisfiable and unsatisfiable instances. We report the experimental results of three solvers, HeerHugo by Groote and Warners, eqsatz by Li, and smodels by Niemela and Simmons, discuss their performances and compare them with standard methods based on factoring.

We study the general nature of the group generated by the symmetries of regular n-sided polygon D n , described as a simple non-abelian finite group. The two symmetry elements r (rotation) and f (reflection) generates the group D n , and by characterizing r as preserving the ordering of vertices and f as reversing the ordering, the conjugate frf-1 also preserves the ordering, resulting to rotation. The symmetries r and f also partitioned the group in to two disjoint sets N (of order n) and S (of order n), and every subgroup of D n is either cyclic or dihedral. The set N is a cyclic group, and each element r∈N described the left action of N on the set S, where N⋅S = S. Moreover, from the relation r-1 = frf-1 , we have seen that any group with properties resembling D n is a homomorphic image of D n , and is isomorphic to D n if and only if it has the same size with D n. And if G is any group generated by two elements x and y where x n = 1 for some n ≥ 3, y 2 = 1, and yxy-1 = x-1 , then there is a surjective homomorphism D n → G. And if O(G) = 2n, then this homomorphism is an isomorphism. And finally, any nontrivial homomorphic image of a dihedral group is dihedral.

This paper discusses several Montgomery multiplication algorithms, two of which h a ve been proposed before. We describe three additional algorithms, and analyze in detail the space and time requirements of all ve methods. These algorithms have been implemented in C and in assembler. The analyses and actual performance results indicate that the Coarsely Integrated Operand Scanning CIOS method, detailed in this paper, is the most e cient of all ve algorithms, at least for the general class of processor we considered. The Montgomery multiplication methods constitute the core of the modular exponentiation operation which is the most popular method used in public-key cryptography for encrypting and signing digital data.

As the use of electronic voting systems and e-commerce systems increases, the efficient batch verification of digital signatures becomes more and more important. In this paper, we first propose a new method to identify bad signatures in batches efficiently for the case when the batch contains one bad signature. The method can find out the bad signature using smaller number of modular multiplications than the existing method. We also propose an extension to the proposed method to find out two or more bad signatures in a batch instance. Experimental results show that our method yields better performance than the existing method in terms of the number of modular multiplications.

In this paper we highlight the benefits of using genus 2 curves in public-key cryptography. Compared to the standardized genus 1 curves, or elliptic curves, arithmetic on genus 2 curves is typically more involved but allows us to work with moduli of half the size. We give a taxonomy of the best known techniques to realize genus 2 based cryptography, which includes fast formulas on the Kummer surface and efficient 4-dimensional GLV decompositions. By studying different modular arithmetic approaches on these curves, we present a range of genus 2 implementations. On a single core of an Intel Core i7-3520M (Ivy Bridge), our implementation on the Kummer surface breaks the 120 thousand cycle barrier which sets a new software speed record at the 128-bit security level for constant-time scalar multiplications compared to all previous genus 1 and genus 2 implementations.

Two’s complement overflow detection is traditionally performed by evaluating the carry into and out of the sign bit after full binary addition, or equivalently by comparing operand and result signs. While exact and efficient in hardware, such methods require complete carry evaluation and are less amenable to bounded or early-termination analysis in software and formal reasoning contexts. This paper presents a conservative upper-bound test for detecting potential overflow in two’s complement binary addition based on vector carry analysis. Binary operands are partitioned into ordered vectors of adjacent bits, preserving bit significance, and carry behavior is analyzed through explicit bitwise propagate and generate relations. In prioritizing analysis of the most significant vectors, the proposed method can terminate early when overflow is either impossible or unavoidable, without requiring full carry computation. The approach does not replace exact overflow detection; rather, it provides a sound sufficient condition that guarantees no false negatives while allowing false positives. Such makes the method suitable for static analysis, formal verification, and pedagogical exposition of carry propagation behavior. The paper formally derives the vector-based carry equations, proves soundness of the upper-bound test, and demonstrates the method through worked examples covering positive and negative overflow and non-overflow cases.

It is widely acknowledged that efficient modular multiplication is a key to high-performance implementation of public-key cryptography, be it classical RSA, Diffie-Hellman, or (hyper-) elliptic curve algorithms. In the recent decade, practitioners have relied mainly on two popular methods: Montgomery Multiplication and regular long-integer multiplication in combination with Barrett's modular reduction technique. In this paper, we propose a modification to Barrett's algorithm that leads to a significant reduction (25% to 75%) in multiplications and additions.

Our aim is to study and implement an AM RECEIVER based on Super heterodyne principle virtually used in all modern radio and television receivers.This mainly involves the use ofheterodyning. The signal from the antenna is filtered sufficiently at least to reject the image frequency and possibly amplified. The two stages of RF amplifier are used to get desired frequency and 20-23dB gain. A local oscillator and mixer in the receiver produces a sine wave which mixes with that signal shifting it to a very specific intermediate frequency , usually a lower frequency. The IF signals is filtered and amplified and possibly processed in additional ways. The demodulator uses the IF signals instead of the original radio frequency to recreate a copy of the original modulation.

Most implementations of the modular exponentiation, M E mod N , computation in cryptographic algorithms employ Montgomery multiplication, ABR -1 mod N , instead of modular multiplication, AB mod N , even the former requires some transformational overheads. This is so because a state-of-the-art Montgomery multiplication implementation has a performance advantage over direct modular multiplication based on the Barrett algorithm that more than compensates for the overhead. In this paper, we present a direct modular multiplication method that is comparable in speed to Montgomery multiplication. One consequence is that when the exponent in small, direct computation (which does not incur the transformational overhead) using the modular multiplication algorithm presented here results in practical performance gain. For the exponent 17, for instance, which requires five modular multiplication, a saving of up to 40% can be achieved.

We &scribe a cryptographic library for the Motorola DSP56000 that provides harahre speed yet softwcue&xibility. The library includes modular arithmetic, DES, message digest and other methods. Montgomery modular reduction to give a very fart implementation of RSA.

The study sought and found algorithms for count of all odd composites under or up to a natural number  x . The significance of the algorithm of count of odd composites is that it affords use of the prime number equation (or prime counting function) pi(x)=k-c where  pi(x) stands for total count of primes, k  for total count of odd numbers, and c  total count of odd composites up to a natural number x . The study also examined a sequence of matrices each of u  consecutive primes which produced another prime counting functionpi(x) = e + u(t-1), 0 <= e <= u, which answers the question: what is the nth  prime if n  is given? The study recommends that the odd composites algorithm along with the two prime counting functions should be accepted as platonic objects in number theory, and adopted by schools and colleges globally.

Rivest-Shamir-Adleman (RSA) cryptosystem uses modular multiplication for encryption and decryption. So, performance of RSA can be drastically improved by optimizing modular multiplication. This paper proposes a new parallel, high-radix Montgomery multiplier for 1024 bits multi-core RSA processor. Each computation step operates in radix 4. The computation speed is increased by more than 4 times. We also implement a True Random Number Generator based resilience block to protect the coprocessor against power attacks.

Resumen: Este artículo sugiere diversas alternativas para la implementación en hardware del operador Multiplicación Modular. Se propone una función de costo para evaluar las alternativas de diseño y se les compara con el objeto de optimizar su comportamiento respecto a parámetros como el área ocupada y el tiempo de ejecución. Éste último parámetro es de vital importancia en entornos criptográficos en donde el operador Multiplicación Modular se usa ampliamente.

In order to prevent the SPA (Simple Power Analysis) attack against modular exponentiation algorithms, a multiply-always implementation is generally used. Witteman et al. introduced in [14] a new cross-correlation power analysis attack against the multiplyalways implementation. We suggest two new algorithms, resistant to this attack and also to other known attacks. The first algorithm is an alternative approach to exponentiation algorithms used in cryptography, which usually receive as an input some representation (e.g. binary) of the exponent. In our approach both the exponent and the result are functions (not necessarily easily invertible) of the exponentiation algorithm input. We show that this approach can have a good performance and that it is also resistant to several known attacks, especially to the cross-correlation power analysis and also to the attack described in [9]. It is particularly relevant for cryptographic schemes in which the private exponent can be chosen arbitrar...

Improving software algorithms are not easy task, especially for increasing operating speed, and reducing complexity. Different algorithms implemented in cryptosystems used the exponentiation modular arithmetic, however, they suffer very long time complexity. Therefore, faster algorithms are strongly sought. This paper provides fast algorithms for modular multiplication and exponentiation that are suitable for implementation in RSA and DSS public key cryptographic schemes. A comparison of the time complexity measurements for various widely used algorithms is performed with the aim of looking for an efficient combination for the implementation of RSA cryptosystem. Two such algorithms were proposed in this work. The first is a modified convolution algorithm for modular multiplication while the second is a Tabulated Modular Exponentiation (TME) algorithm based on the modified sign-digit algorithm. They are found to give significant overall improvement to modular exponentiation over that of the fastest algorithms studied.

Logical cryptanalysis has been introduced by Massacci and Marraro as a general framework for encoding properties of crypto-algorithms into SAT problems, with the aim of generating SAT benchmarks that are controllable and that share the properties of real-world problems and randomly generated problems. In this paper, spurred by the proposal of Cook and Mitchell to encode the factorization of large integers as a SAT problem, we propose the SAT encoding of another aspect of RSA, namely finding (i.e. faking) an RSA signature for a given message without factoring the modulus. Given a small public exponent e, a modulus n and a message m, we can generate a SAT formula whose models correspond to the e-th roots of m modulo n, without encoding the factorization of n or other functions that can be used to factor n. Our encoding can be used to either generate solved instances for SAT or both satisfiable and unsatisfiable instances. We report the experimental results of three solvers, HeerHugo by Groote and Warners, eqsatz by Li, and smodels by Niemela and Simmons, discuss their performances and compare them with standard methods based on factoring.

Montgomery multiplication is one of the fundamental operations used in cryptographic algorithms, such as RSA and Elliptic Curve Cryptosystems. At CHES 1999, Tenca and Koç introduced a nowclassical architecture for implementing Montgomery multiplication in hardware. With parameters optimized for minimum latency, this architecture performs a single Montgomery multiplication in approximately 2n clock cycles, where n is the size of operands in bits. In this paper we propose and discuss an optimized hardware architecture performing the same operation in approximately n clock cycles. Our architecture is based on pre-computing partial results using two possible assumptions regarding the most significant bit of the previous word, and is only marginally more demanding in terms of the circuit area. The new radix-2 architecture can be extended for the case of radix-4, while preserving a factor of two speed-up over the corresponding radix-4 design by Tenca, Todorov, and Koç from CHES 2001. Our architecture has been verified by modeling it in Verilog-HDL, implementing it using Xilinx Virtex-II 6000 FPGA, and experimentally testing it using SRC-6 reconfigurable computer.

This paper investigates performance and energy characteristics of software algorithms for long integer arithmetic. We analyze and compare the number of RISC-like processor instructions (e.g. singleprecision multiplication, addition, load, and store instructions) required for the execution of different algorithms such as Schoolbook multiplication, Karatsuba and Comba multiplication, as well as Montgomery reduction. Our analysis shows that a combination of Karatsuba-Comba multiplication and Montgomery reduction (the so-called KCM method) allows to achieve better performance than other algorithms for modular multiplication. Furthermore, we present a simple model to compare the energy-efficiency of arithmetic algorithms. This model considers the clock cycles and average current consumption of the base instructions to estimate the overall amount of energy consumed during the execution of an algorithm. Our experiments, conducted on a StrongARM SA-1100 processor, indicate that a 1024-bit KCM multiplication consumes about 22% less energy than other modular multiplication techniques.

The paper examines the question of how learning multiple tasks interacts with neural architectures and the flow of information through those architectures. It approaches the question by using the idealization of an artificial neural network where it is possible to ask more precise questions about the effects of modular versus nonmodular architectures as well as the effects of sequential vs. simultaneous learning of tasks. While prior work has shown a clear advantage of modular architectures when the two tasks must be learned at the same time from the start, this advantage may disappear when one task is first learned to a criterion before the second task is undertaken. Nonmodular networks, in some cases of sequential learning, achieve success levels comparable to those of modular networks. In particular, if a nonmodular network is to learn two tasks of different difficulty and the more difficult task is presented first and learned to a criterion, then the network will learn the second easier one without permanent degradation of the first one. In contrast, if the easier task is learned first, a nonmodular task may perform significantly less well than a modular one. It seems that the reason for these difference has to do with the fact that the sequential presentation of the more difficult task first minimizes interference between the two tasks. More broadly, the studies summarized in this paper seem to imply that no single learning architecture is optimal for all situations.

In this paper, new structures that implement the RSA cryptographic algorithm are presented. The core of these architectures is the modular exponential operation based on a modified Montgomery modular multiplier, where the operations of multiplication and modular reduction are carried out in parallel rather than in an interleaved way as in the traditional Montgomery multiplier. The digit approach has been adopted to implement the modified Montgomery multipliers, where by pipelining the feedback loops; one or two modular multiplication operations can be interleaved to use the same multiplier structure. Thus, RSA structures that use a single Montgomery multiplier, termed area-efficient architectures, and architectures that require two Montgomery multipliers, called speed-efficient architectures, are presented. The proposed architectures are scalable and parameterized. Furthermore, by varying the digit size and the level of pipelining, the designer is provided with an efficient way of c...

The new modular multiplier structures proposed in this paper are based on a short precision magnitude comparison instead of the full magnitude comparison operation. Another feature of these structures is that the comparison operations are carried out first. Only once this has been achieved that the reduction operation takes place, while in previous work both the comparison and the reduction operations are interleaved. This has resulted in a reduction of the number of stages required for the implementation of the modular reduction operation. Serial implementations have shown that the new radix-2 algorithm has a better area usage than similar structures available in the literature while the proposed radix-4 algorithm exhibits better area usage than similar structures with relatively similar speed performances. The parallel implementation of these algorithms has also shown that the new radix-4 algorithm has the best area usage while its speed performances are similar to that of structures proposed in the literature.

‫ـ‬ ‫ـــ‬ Finding multiplicative inverse (Modular Inversion) operation is the most time-consuming operation in Elliptic Curve Crypto-system (ECC) operations which affects the performance of ECC. Moreover, several factors that affect the design of ECC have not been intensively investigated in the majority of researches related to ECC, Such as system utilization, area, resources-consuming and area*time cost factors, which play significant role in designing efficient ECC for different applications. This work applies Binary Edwards ECC point doubling operation over GF(p) using projective coordinates instead of affine coordinates due to its ability to remove the long time inversion operation by converting it to a number of multiplication operations. We also utilize the inherent parallelism in ECC operations by mapping its computations to parallel hardware design, in order to improve the performance of ECC. Our results show that the shortest time delay is achieved using 7-Parallel Multipliers (PM) design with projection (X/Z, Y/Z), which overcomes both serial design and the design with affine coordinates. Furthermore, this research proposes a variety of design choices by varying the degree of parallelism to tune-up several factors that affect ECC in order to investigate possible enhancements. It is shown by our experiments that the hardware utilization can be improved by 55%, with less area, and acceptable timeconsuming level compared to other designs in the same projection. In other words, we compromise the performance to enhance system utilization degree, and AT cost, and to reduce area and resourceconsuming. This trade-off between factors is useful to determine the efficient design to be used for different ECC applications based on their requirements and available resources. Especially, when the time-consuming is not the main priority.

This paper describes a hardware architecture for modular multiplication operation which is efficient for bit-lengths suitable for both commonly used types of Public Key Cryptography (PKC) i.e. ECC and RSA Cryptosystems. The challenge of current PKC implementations is to deal with long numbers (160-2048 bits) in order to achieve system's efficiency, as well as security. RSA, still the most popular PKC, has at its root the modular exponentiation operation. Modular exponentiation consists of repeated modular multiplications, which is also the basic operation for ECC protocols. The solution proposed in this work uses a systolic array implementation and can be used for arbitrary precisions. We also present modular exponentiation based on the Montgomery's Multiplication Method (MMM).

This paper describes an efficient FPGA implementation for modular multiplication in the finite field GF(2 m) that is suitable for implementing Elliptic Curve Cryptosystems. We have developed a systolic array implementation of a Montgomery modular multiplication. Our solution is efficient for large finite fields (m=160-193) that offer a high security level, and it can be scaled easily to larger values of m. The clock frequency of the implementation is independent of the field size. In contrast to earlier work, the design is not restricted to field representations using irreducible trinomials.

This paper describes a hardware implementation of an arithmetic processor which is efficient for bit-lengths suitable for both commonly used types of Public Key Cryptography (PKC), i.e., Elliptic Curve (EC) and RSA Cryptosystems. Montgomery modular multiplication in a systolic array architecture is used for modular multiplication. The processor consists of special operational blocks for Montgomery Modular Multiplication, modular addition/subtraction, EC Point doubling/addition, modular multiplicative inversion, EC point multiplier, projective to affine coordinates conversion and Montgomery to normal representation conversion.

This paper describes a hardware implementation of an arithmetic processor which is efficient for elliptic curve (EC) cryptosystems, which are becoming increasingly popular as an alternative for public key cryptosystems based on factoring. The modular multiplication is implemented using a Montgomery modular multiplication in a systolic array architecture, which has the advantage that the clock frequency becomes independent of the bit length m.

We introduce a set of four twisted Edwards curves that satisfy common security requirements and allow for fast implementations of scalar multiplication on 8, 16, and 32-bit processors. Our curves are defined by an equation of the form −x 2 + y 2 = 1 + dx 2 y 2 over a prime field Fp, where d is a small non-square modulo p. The underlying prime fields are based on "pseudo-Mersenne" primes given by p = 2 k − c and have in common that p ≡ 5 mod 8, k is a multiple of 32 minus 1, and c is at most eight bits long. Due to these common features, our primes facilitate a parameterized implementation of the low-level arithmetic so that one and the same arithmetic function is able to process operands of different length. The four twisted Edwards curves we present in this paper are all birationally equivalent to Montgomery curves of the form −(A + 2)y 2 = x 3 + Ax 2 + x where 4/(A + 2) is small. Even though this contrasts with the usual practice of choosing (A + 2)/4 to be small, we show that the Montgomery form of our curves allows for an equally efficient implementation of point doubling as Curve25519. The four curves we put forward roughly match the common symmetric security levels of 80, 96, 112, and 128 bits. Moreover, their Weierstraß representations are isomorphic to curves of the form y 2 = x 3 − 3x + b so as to facilitate inter-operability with TinyECC and other legacy software.

In last years, many modulus sets in the Residue Number System (RNS) for increasing Dynamic Range (DR) and parallelism are presented. Hence, for reach these purposes a new 5-Moduli Set for even n, and its efficient reverse converter design are introduced in this paper. This modulus set contains pair-wise relatively prime, and it offers the maximum feasible DR. New CRT-I and MRC are used to obtain a high-performance memory-less reverse converter for this modulus set. Also, we review improving the modular multiplication with this modulus set, and its dynamic range compared with other modulus sets.

In last years, many modulus sets in the Residue Number System (RNS) for increasing Dynamic Range (DR) and parallelism are presented. Hence, for reach these purposes a new 5-Moduli Set for even n, and its efficient reverse converter design are introduced in this paper. This modulus set contains pair-wise relatively prime, and it offers the maximum feasible DR. New CRT-I and MRC are used to obtain a high-performance memory-less reverse converter for this modulus set. Also, we review improving the modular multiplication with this modulus set, and its dynamic range compared with other modulus sets.

In order to prevent the SPA (Simple Power Analysis) attack against modular exponentiation algorithms, a multiply-always implementation is generally used. Witteman et al. introduced in [14] a new cross-correlation power analysis attack against the multiplyalways implementation. We suggest two new algorithms, resistant to this attack and also to other known attacks. The first algorithm is an alternative approach to exponentiation algorithms used in cryptography, which usually receive as an input some representation (e.g. binary) of the exponent. In our approach both the exponent and the result are functions (not necessarily easily invertible) of the exponentiation algorithm input. We show that this approach can have a good performance and that it is also resistant to several known attacks, especially to the cross-correlation power analysis and also to the attack described in [9]. It is particularly relevant for cryptographic schemes in which the private exponent can be chosen arbitrarily. Another exponentiation algorithm that we present here may be preferable for use with RSA in certain settings. It is resistant to the cross-correlation power analysis attack, C safe error attack, and other attacks; although it involves squaring operations.

In order to prevent the SPA (Simple Power Analysis) attack against modular exponentiation algorithms, a multiply-always implementation is generally used. Witteman et al. introduced in [14] a new cross-correlation power analysis attack against the multiplyalways implementation. We suggest two new algorithms, resistant to this attack and also to other known attacks. The first algorithm is an alternative approach to exponentiation algorithms used in cryptography, which usually receive as an input some representation (e.g. binary) of the exponent. In our approach both the exponent and the result are functions (not necessarily easily invertible) of the exponentiation algorithm input. We show that this approach can have a good performance and that it is also resistant to several known attacks, especially to the cross-correlation power analysis and also to the attack described in [9]. It is particularly relevant for cryptographic schemes in which the private exponent can be chosen arbitrar...

We consider the problem of exactly computing the number of integers in a Chinese Remainder Representation (crr) whose pseudorank does not equal the rank. We call this number the census. The rank is key in developing crr-intrinsic methods for comparing integers in crr, a problem known to be notoriously difficult. Pseudorank can be computed in highly restrictive computation models. We have developed and implemented a fast, efficient algorithm for computing the census based on using a variant of the fft to compute iterated products of polynomials of very large degree, and with arbitrary size integer coefficients. Experimental census results are tabulated. This census information makes possible a new approach to exploring the fine structure of crr.

We consider a speciÿc class of satisÿability (SAT) problems, the conjunctions of (nested) equivalencies (CoE). It is well known that CNF (conjunctive normal form) translations of CoE formulas are hard for branching and resolution algorithms. Tseitin proved that regular resolution requires a running time exponential in the size of the input. We review a polynomial time algorithm for solving CoE formulas, and address the problem of recognizing a CoE formula by its CNF representation. Making use of elliptic approximations of 3SAT problems, the so-called doubly balanced 3SAT formulas can be seen to be equivalent to CoE formulas. Subsequently, the notion of doubly balancedness is generalized by using polynomial representations of satisÿability problems, to obtain a general characterization of CoE formulas. We brie y address the problem of ÿnding CoE subformulas, and ÿnally the application of the developed theory to several DIMACS benchmarks is discussed.

Contents vii 5.4.2 A branch and cut framework. 5.4.3 Numerical experiments. 5.4.4 Cutting planes 5.4.5 A note on solving SAT problems via MAX2SAT 5.5 A semidefinite relaxation of the SAT problem 5.5.1 A sufficient condition for unsatisfiability 5.5.2 A certificate of unsatisfiability based on eigenvalues 5.5.3 An eigenvalue optimization problem. 5.5.4 The dual relaxation. 5.5.5 Properties of the gap relaxations 5.6 The gap for various SAT problems .. 5.6.1 The gap for 2SAT problems 5.6 .2 The gap for a class of covering problems 5.6 .3 The gap for 3SAT problems 5.7 Some computational experiences. 5.7.1 Approximating MAX-SAT solutions. 5.7.2 Reduction in size of search trees. 5.8 Constructing tighter relaxations 6 A Nonlinear Approach To Combinatorial Optimization 111 6.1 Introduction. 111 6.2 Preliminaries and notation. .... . 6.3 A nonconvex continuous model 6.3.1 A special class of binary feasibility problems 114 6.3.2 The general case 119 6.4 Two minimization algorithms 124 6.4.1 A potential reduction algorithm 125 6.4.2 A gradient descent method. 126 6.4.3 Local minima 128 6.5 Two specific applications. 129 6.5.1 The satisfiability problem 129 6.5.2 The frequency assignment problem 130 6.5 .3 Computational results 133 6.6 Conclud ing remarks. 135 A Representing linear inequalities by CNF formulas 137 B Taylor approximations and elliptic approximations 141 Bibliography 145 Samenvatting 155 Curriculum vitae 157 XI xii Preface Organization of this thesis This thesis is subdivided in six chapters. The first and second of these give an introduction to the satisfiability problem , its complexity, some applications, a number of algorithms and models relevant for this thesis. Along the way, classes of difficult satisfiability problems are encountered and some interesting and challenging phenomena in SAT solving are pointed out. These act as a motivation for the research described in the remaining four chapters. These chapters can be read independently, since all treat different aspects of and approaches to satisfiability solving. Where necessary they are cross-referenced. The chapters are based on several papers which are specified below. Chapter 3 Enhancing the DPLL algorithm using elliptic approximations. J .P. Warners and H. van Maaren. Solving satisfi ability problems using elliptic approximations-Effective branching rules. To appear in Discrete Applied Mathematics. H. van Maaren and J .P. Warners. Solving satisfiability problems using elliptic approximations-A note on volumes and weights.

This paper describes a differential electromagnetic analysis attack performed on a hardware implementation of an elliptic curve cryptosystem. We describe the use of the distance of mean test. The number of measurements needed to get a clear idea of the right guess of the key-bit is taken as indication of the success of the attack. We can find the right key-bit by using only 2000 measurements. Also we give a electromagnetic model for the FPGA we use in our experiments. The amplitude, the direction and the position of the current on the FPGA's lines with respect to the position of the antenna have an influence on the measured electromagnetic radiation in the FPGA's surrounding area.

This paper presents a scalable hardware implementation of both commonly used public key cryptosystems, RSA and Elliptic Curve Cryptosystem (ECC) on the same platform. The introduced hardware accelerator features a design which can be varied from very small (less than 20 Kgates) targeting wireless applications, up to a very big design (more than 100 Kgates) used for network security. In latter option it can include a few dedicated large number arithmetic units each of which is a systolic array performing the Montgomery Modular Multiplication (MMM). The bound on the Montgomery parameter has been optimized to facilitate more secure ECC point operations. Furthermore, we present a new possibility for CRT scheme which is less vulnerable to side-channel attacks.

This article discusses some of the practical issues of studying the basic principles of the four-stroke diesel engine operation. Four-stroke cycle is logical and intuitive. All four obvious steps necessary to implement the full working cycle, there exist clearly: intake-compression-combustion-exhaust. On each of them assigned to a single stroke, i.e. moving the piston from the bottom dead center BDC to the top dead center TDC and vice versa. This principle was published for the first time by the French engineer of Alphonse Beau de Rochas in 1862 (Siorpaes, 1980)-in thirty years prior to the well-known patent No. 67207 of (Diesel, 1892) which united in it ideas of many engineers of the XIX century. Since then designs of four-cycle diesels considerably changed, but the general principle of operation remained the invariable.

Arithmetic operations are generally slowest operations in digital design which is the bottleneck in most of the systems. Optimizing adder circuits provides faster performance in arithmetic circuits. Field Programmable Gate Arrays (FPGA) are very popular to implement logic circuits. 6-input Look-Up Table (LUT) devices are on the market which dramatically increases the performance. In this paper, alternative addition structures, based on redundant carry-free arithmetic and suitable for 6 input LUT devices, are presented. A new double carry-save addition architecture is proposed, which reduces the critical path of the addition process for 6-input LUT devices.