THE MODULAR EXPONENTIATION WITH PRECOMPUTATION OF REDUSED SET OF RESIDUES FOR FIXED-BASE

.


ABBREVIATIONS
GMP is a GNU Multiple Precision Arithmetic library; ME is a modular exponentiation; MPIR is a Multiple Precision Integers and Rationals library.

NOMENCLATURE
A is a base integer value; b is a binary representation of the exponent x; Base is an identifier of a base; e i is a part of binary representation x; exp is an identifier of an exponent; ind R A is an index of residue; k is a bitlength of a value x m is a number of the parts of binary representation x; mod is an identifier of modulo; N is an integer value of modulo; P is an odd prime; q is a positive integer; r is a bitlength of a part of binary representation x; r i, is a residue; R is a primitive root; T' is a period of the residues; u is an offset of a period of the residues; x is an integer value of an exponent; x i is an bit value of an exponent; y is an integer value of modular exponentiation; φ(N) is the Euler's function.

INTRODUCTION
The task of developing an effective computational algorithm for ME for big numbers is relevant enough to solve the problems of modern asymmetric cryptography, for efficient computation of number-theoretic transforms, digital signatures and other applications [1].
The object of study is the process of analysis the developed software implementation of the computation of ME.To efficient compute the ME over large numbers the property of the periodicity of the sequence of residuals for the exponent of the fixed-basis equal to the integer power of two are used.
The subject of study is the computation of ME based on the use the bits of the binary exponent with the precomputation of redused set of residuals for fixed-base.
The purpose of the work is to increase the speed of computation of ME based of computer systems in comparison with the function of ME of the MPIR and Crypto ++ libraries.

PROBLEM STATEMENT
The ME and the discrete logarithm are important operations that require a large number of calculations.The problem of discrete logarithm [1] is formulated so that for known integers A, N, y find the integer x, (A, N) = 1; A, N, y, x ∈ Z) such that log , (0 1).
The number x > 0 is called the discrete logarithm of the number y based on A and modulo N according to formula (1).
The solution of the discrete logarithm problem can be the solution of the equation mod .
That is, determining the number x, which is the solution of equation (2), we find the discrete logarithm.Thus, the problem of the discrete logarithm is reduced to the computation of the ME in the form (2). The discrete logarithm is considered to be a unidirectional function (1), because it is difficult to calculate it in a relatively acceptable time, for example, to break the cryptographic code.The development of an efficient computational algorithm for integer power of a modulo number for large numbers is relevant for solving problems of modern asymmetric cryptography, for the effective implementation of theoretical and numerical transformations and other applied problems.Therefore, it is very important to build algorithmic schemes that provide fast calculation of the ME.

REVIEW OF THE LITERATURE
Many effective methods of ME have been proposed [2,3].Among them are called: right-to-left k-ary exponentiation, left-to-right k-ary exponentiation, sliding window exponentiation, Montgomery ladder, simultaneous multiple exponentiation and their modifications.Considerable attention is paid to their software or hardware implementation [4][5][6] aimed at the effective definition of the discrete logarithm x.
One of the ways to accelerate the computation of modular elevation to the power is to parallelize calculations using modern technologies in universal computer systems [4][5][6].
Mathematical software libraries are used to implement the computation of ME.For example, the Pari/GP software library [7] contains a large set of programs for efficient computations of mathematical functions.The Pari/GP library also includes computation of the ME function for long numbers and other special numbers.A highly optimized modification of the well-known GMP or GNU Multiple Precision Arithmetic Library the MPIR library [8] contains the function of the realization the computation of ME.The library of cryptographic algorithms and schemes Crypto ++ is implemented in C ++ and fully supports 32 and 64-bit architectures of many operating systems and platforms [9].The library contains a set of available primitives for theoretical and numerical operations, such as generation and verification of prime numbers, arithmetic over a finite field, operations on polynomials.

MATERIALS AND METHODS
The general-purpose exponentiation algorithms referred to as repeated square-and-multiply algorithms.
The papers of Knuth [10], Bach and Shallit [11] describe the right-to-left binary exponentiation method.Cohen [12] provides a more comprehensive treatment of the right-to-left and left-to-right binary methods along with their generalizations to the k-ary method.
The central idea to calculate А х mod N is to use the binary representation of the exponent x We write the exponent x as a set of m parts that are equal in binary length r.That is, the binary representation of the value of x consists of m, the bit length of each of them is equal to r=k/m.Then the binary representation of the exponent x will be In this case, the x value will be Accordingly (4,5), the computation of the ME takes the form ( 2) There are three types of exponentiation algorithms А х mod N [13], which include: 1) basic techniques for exponentiation; 2) fixed-exponent x exponentiation algorithms; 3) fixed-base A exponentiation algorithms.
A fixed element of a group (generally z/qz) is repeatedly raised to many different powers in several cryptographic systems.A popular application of fixedbase exponentation is in elliptic curve cryptography, for instance for Diffie-Hellman key agreement and elliptic curve digital signature algorithm verification.Therefore, many research works have been focused on a fixed base of ME [14][15][16].
Compute, respectively (6), the value modulo N for a simple fixed-base A with exponents x =2 i = 1,2,4,8,16… , (i =0,1,2,…, r-1).Let A and N be relatively prime positive integers (A, N) = 1 and denote the least positive integer x =exp N A, in case Accordance of the theorem [17], if A and N relatively prime (A, N) = 1, positive integer x is solution of the congruence (7) if and only if Accordance the Euler's theorem, if A and N relatively prime (A, N) = 1, that А φ(N) ≡1 (mod N).Consequently, we can do conclusion In case q=1, then φ(N) = exp N R, where R is the positive integer is called a primitive root modulo N. ), φ(P 2 k2 ) ,…, φ(P m m1 ) are relatively prime.Thus, calculating (R) i mod N (i = 0,1, 2 ,,… N-1), we form a sequence of residuals (r 0, r 1, r 2 ,… , r i,…, r N-1 ), which periodically repeated for x > (N-1) exponents.For all values of A ∈ Zp, the sequence A i mod P is cyclic for a non-primitive element.
In the case of calculating (7 x ) mod 11 with index x = 32, the index will be equal to (32 mod ind117) = 2, and accordingly ind 7 5.In the case of determining (7 2 ^ 6 ) mod 11, we find the number of the residue in the sequence with the index ind 7 3, which is equal to (2 6 ) mod 10 = 4.After all, the value of the ME for 2 elements in the sequence of residual values r 4 = 3 = (7 2 ^ 6 ) mod 11.
The value of T' is found by the condition Therefore, for a fixed-basis A of the ME of the computation of formula (6), which is equal to the product of the residuals of the exponent (A^2 i ) mod N, (i = 2,3,4,…), you can speed up the process of computing the ME by precomputing the sequence of residuals what repetitions with the period T' after the offset u.

EXPERIMENTS
Mathematical software libraries are used to implement the computation of the ME.For example, the Pari/GP software library [7] contains a large set of programs for fast computations of mathematical functions.The Pari/GP library also includes computations of the Mod (a, n) ^ m function for multi-bit numbers, while using a small amount of memory in the process of performing computations.To work with numbers for modulo, the library uses a separate type t_INTMOD.Its feature is to represent the number in a special form (Montgomery reduction), which simplifies the computation of division by modulo.The Pari / GP library can be used in Linux or Mingw operating systems.
The library of cryptographic algorithms and schemes Crypto ++ is implemented in C ++ and fully supports 32 and 64-bit architectures of many operating systems and platforms [9].The library contains a set of available primitives for theoretical and numerical operations, such as generation and verification of prime numbers, arithmetic over a finite field, operations on polynomials.Each of the Crypto ++ library primitives includes a function set.
The function mod_arithmetic.Exponentiate (base_crypto, exp_crypto) raising the number to the power by modulo.The result of the function is written to the variable actual_result_crypto, and the computation time is fixed and averaged with the output value "crypto++ average time" in nanoseconds.
Compared to the Pari/GP library, the well-known MPIR library [8] is easier in use and can be compiled in Windows easily.Therefore, to implement the algorithm for computing the integer power of a number modulo, we used the MPIR library, which is written in C and assembler, and provides the ability to compile its functions in Visual Studio C ++. Accordingly, in the MPIR library, the data type mpz_t represents large numbers of arbitrary length, which are selected for the power exp of the number base and the mod module with the number of bits from 256 to 2048 bits for testing.
The function mpz_powm (expected_result, base, exp, mod) performs raising the number to the power by modulo from the MPIR library, implementing the algorithm of the sliding window ("Sliding Window") with the use of Montgomery multiplication [14].The result of the function is written to the variable expected_result, and the computation time is fixed and averaged with the output value "mpz_powm average time" in nanoseconds.
The function period_mod_exp (remainders_data, exp) has been developed, which performs the basic iterative algorithm "Right-to-left binary exponentiation" [13].To implement the algorithm, the library functions mpz_init_set (mul, base), mpz_sizeinbase (exp, 2), mpz_tstbit (exp, i), mpz_mul (r, r, mul) from the MPIR library are used, the parameters of which are multi-bit data up to 2048 bits.The algorithm is executed without dividing the exponent into parts, according to formulas (3-6) with m = 1, in one main stream.The function period_mod_exp () computes products modulo using precomputed residuals.The organization of the computation of the ME is performed respectively (11) and the scheme for computing А х mod N in Fig. 1.In the software implementation, the function period_mod_exp (remainders_data, exp) computes the products modulo (11) over the precomputed values of the residuals (A ^ 2 i ) mod N, which are read using the function get_remainder (const RemaindersData & data, size_t power).In the cycle of the function mpz_tstbit (exp, i) binary bits x.i of exponent exp are analyzed to determine to perform or not a multiplication operation modulo (Fig. 2).The computation of the value of the ME ends by writing the result in the variable period_mod_exp_result.The precomputation have been made in a separate function find_remainders () to optimize multiple residual searches (A^2 i ) mod N. The peculiarity of the large values of Base, mod and Exp is also taken into account for which the residuals must be calculated, in case when the value of the period T' is many orders of magnitude greater than the number of bits of the Exp exponent.

RESULTS
To compare the computation efficiency of the developed ME function for a fixed basis with precomputation, two ME functions implemented from the Crypto ++ 8.2 and MPIR libraries are used.The comparison is performed with previously developed functions Single (), which performs in one main thread without taking into account the periodicity, and Parallel (), which performs in using two threads [18] computation of the ME.
Numerical experiments were carried out on a computer system with a multi-core microprocessor with shared memory in a 64-bit Windows.Testing was performed on computer systems with processors an Intel Core i9-10980XE (18 cores, 36 threads, 3.0GHz) and AMD Ryzen 3600 (  To compute the ME with a given number of trials the values of exponent Exp, numbers Base and mod were given by pseudo-random numbers with number of binary digit to 2048 bits.To reduce the total computation time on increasing the number of digits of big numbers the number of trials of latch-up of the computation time is decrease correspondent.The results are presented in Table 3 Testing for the average execution time of computation of ME (Table 3) was performed by the functions: mpz_powm () from the MPIR library, crypto++ () from the Crypto ++ library.The comparison is performed with previously [22] developed functions Single () and Parallel ().The developed function period_mod () performs the computation of ME by forming an reduced sequence of residuals.The precomputation time to determine of the sequence of residuals is not taken into account.The results of the calculation of ME with all functions are compared for the accuracy of their implementation, which confirms the possibility of using the property of periodicity of the sequence of residuals for powers equal to integers of degree two.

DISCUSSION
The period_mod () function of the ME reduces the computation time relative to other functions with increasing bit size, starting from data values from 512 bits.Reducing the computation time of the period_mod () function as well as Single () and Parallel () depends on the number of logical one in the binary representation of the Exp exponent, which determines the number of multiplication operations in the main stream.The periodicity of the sequence of residues has its own characteristics and depends on the specific values of Base, mod and Exp, because they can differ by many orders of magnitude bits.In the Table 2 shows the cases when Base and mod are relatively prime (Base, mod) = 1.The results of the average execution time for the given relatively prime data are consistent with the basic properties that are well studied in number theory.
The software implementation period_mod () through a single-threaded computation shows a slight reduction in the time of determination of the modular exponent with an increase throughput of microprocessors (Table 3).Therefore, based on of the developed software the further implementation of the computation of ME using multithreaded technologies will provide an opportunity the efficient computation of discrete logarithm.

CONCLUSIONS
The work compares and analyses the developed software implementation of the computation of ME and the software implementation of the functions of Crypto++ and MPIR libraries.The computational scheme of the ME, the software implementation of the algorithm using single thread for computing of ME, the run time results of the computation on multi-core microprocessors of universal computer systems have been described.As a result, has developed the function period_mod() of the computation, what speedups the execution of the computations of ME for fixed-base with precomputation.The execution time of the algorithms depends on the specific values of the Base, mod and Exp of modular exponentiation.The software implementation with increasing the number of binary digits of data shows a reduction of computation time near two times with regard to the MPIR function of computing modular exponentiation.
The scientific novelty of obtained results lies in the implementation of the algorithm of computing the modular exponentiation based on the use of a reduced set of residuals and the fundamental property of modularity.
The practical significance of the work lies in the fact that the obtained results can be successfully apply in the modern asymmetric cryptography, for efficient computation of number-theoretic transforms and other computational problems.

Figure 1 -
Figure 1 -The scheme for computing А х mod N

Figure 2 -
Figure 2 -The chart of the algorithm for determining to perform or not a multiplication under modulo in the function period_mod_exp() to compute the value of the METhe precomputation includes finding the sequence of residuals for fixed numbers Base and mod for exp = 2 i (i = 0,1,2,…) and analysis of periodicity.In the program for computing the sequence of residuals is performed by the function find_remainders (const mpz_class & base, const mpz_class & mod, size_t max_exp_bits), which contains the function bool find_period (const std::vector<mpz_class> & remainders) to set the indication of finding the period.The function update_remainders (RemaindersData & data), shortens the length of the sequence of residuals to the end of the first periodicity.This function writes the offset period_offset beginning of the period and the length of the period period_size in the corresponding fields of the structure RemaindersData {mpz_class base; mpz_class mod; std::vector <mpz_class> remainders; size_t period_offset; size_t period_size;} also.The precomputation have been made in a separate function find_remainders () to optimize multiple residual searches (A^2 i ) mod N. The peculiarity of the large values of Base, mod and Exp is also taken into account for which the residuals must be calculated, in case when the value of the period T' is many orders of magnitude greater than the number of bits of the Exp exponent.
However the positive integer of modulo N, possesses a primitive root R if only if N=2, 4, P k or 2P k , k is positive integer.The primitive root for modulo N =P 1 km does not have, except крім if φ(P 1 k1

Table 1 -
Periodic repetition of residual values 7 ^ 2 i mod 11

Table 2 .
6 cores, 12 threads, 3.0GHz).The average time data of the test with prime numbers P for Base and mod, that are

Table 2 -
The average execution time (ns) of the function period_mod() of computing the ME