Efficient software implementations of modular exponentiation

Research output: Contribution to journalArticlepeer-review


The significant cost of RSA computations affects the efficiency and responsiveness of SSL/TLS servers, and therefore software implementations of RSA are an important target for optimization. To this end, we study here efficient software implementations of modular exponentiation, which are also protected against software side channel analyses. We target superior performance for the ubiquitous ×86_64 architectures, used in most server platforms. The paper proposes optimizations in several directions: the Montgomery multiplications primitives, the w-ary modular exponentiation flow, and reduced cost of side channel mitigation. For a comparison baseline, we use the current OpenSSL version, 1. 0. 0e. Our implementation-called "RSAZ"-is more than 1. 6 times faster than OpenSSL for both 1,024 and 2,048-bit keys, on the previous generation 2010 Intel® Core processors and on the 2nd generation Intel® Core processors. The RSAZ code was contributed to OpenSSL as a patch, and improvements proposed in an earlier version of this paper have already been incorporated into the future OpenSSL version.

Original languageEnglish
Pages (from-to)31-43
Number of pages13
JournalJournal of Cryptographic Engineering
Issue number1
StatePublished - May 2012


  • Modular arithmetic
  • Modular exponentiation
  • Montgomery multiplication
  • RSA

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Efficient software implementations of modular exponentiation'. Together they form a unique fingerprint.

Cite this