Tom St Denis writes: > What is the benefit of having leading/trailing bits fixed? As far as I > know it doesn't make any form of index calculus attack any harder to > apply.
The Handbook of Applied Cryptography, http://www.cacr.math.uwaterloo.ca/hac/, has a chapter on efficient implementations which might provide some insight. You can take advantage of the left FFF's by using the modular reduction algorithm described in section 14.3.4 of the HAC. This is good for the case where the modulus is slightly less than a power of 2. Or you can take advantage of the right FFF's by using Montgomery exponentiation, described in section 14.3.2 of the HAC and also in algorithm 14.94. Montgomery multiplication uses a value m' = - m^(-1) mod b, where m is the modulus and b is the bignum base, typically 2^32 or 2^64. With these moduli m' becomes 1, simplifying the calculations. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
