A carry-free architecture for Montgomery inversion

A new carry-free Montgomery inversion algorithm which is suitable for hardware implementation is presented. The algorithm utilizes a new redundant sign digit (RSD) representation and arithmetic to avoid carry propagation in addition and subtraction, which are the atomic operations in the Montgomery inversion algorithm. The proposed algorithm is described in such a way that its hardware realization is straightforward. The algorithm enables very fast computation of multiplicative inversion in GF(p), which is the most time-consuming operation in elliptic and hyperelliptic curve cryptography. Complexity analysis and a gate level implementation of the algorithm reveal that the proposed algorithm provides a speedup of at least 1.95 over the original Montgomery inversion algorithm.