Truncated multiplication and batch software SIMD AVX512 implementation for faster Montgomery multiplications and modular exponentiation

TL;DR

This paper introduces optimized SIMD AVX512 implementations for batch multi-precision modular arithmetic, including a novel truncated Montgomery multiplication that significantly accelerates cryptographic computations.

Contribution

It presents a new truncated multiplication method for faster Montgomery reductions and demonstrates substantial speed improvements over existing libraries in batch cryptographic operations.

Findings

Truncated Montgomery multiplication speeds up modular reduction by nearly 20%.

Our implementations are over 4 times faster than GMP and OpenSSL for modular operations.

Speedups of 1.75x and 1.38x in fixed-window exponentiation for 1024 and 2048-bit sizes, respectively.

Abstract

This paper presents software implementations of batch computations, dealing with multi-precision integer operations. In this work, we use the Single Instruction Multiple Data (SIMD) AVX512 instruction set of the x86-64 processors, in particular the vectorized fused multiplier-adder VPMADD52. We focus on batch multiplications, squarings, modular multiplications, modular squarings and constant time modular exponentiations of 8 values using a word-slicing storage. We explore the use of Schoolbook and Karatsuba approaches with operands up to 4108 and 4154 bits respectively. We also introduce a truncated multiplication that speeds up the computation of the Montgomery modular reduction in the context of software implementation. Our Truncated Montgomery modular multiplication improvement offers speed gains of almost 20 % over the conventional non-truncated versions. Compared to the state-of-the-art GMP and OpenSSL libraries, our speedup modular operations are more than 4 times faster. Compared to OpenSSL BN_mod_exp_mont_consttimex2 using AVX512 and madd52* (madd52hi or madd52lo) in 256-bit registers, in fixed-window exponentiations of sizes 1024 and 2048 , our 512-bit implementation provides speedups of respectively 1.75 and 1.38, while the 256-bit version speedups are 1.51 and 1.05 for 1024 and 2048 -bit sizes (batch of 4 values in this case).