| 摘要 |
For calculating the result of an exponentiation B<SUP>d</SUP>, B being a base and d being an exponent which can be described by a binary number from a plurality of bits, a first auxiliary quantity X is at first initialized to a value of 1. Then a second auxiliary quantity Y is initialized to the base B. Then, the bits of the exponent are sequentially processed by updating the first auxiliary quantity X by X<SUP>2 </SUP>or by a value derived from X<SUP>2 </SUP>and by updating the second auxiliary quantity Y by X*Y or by a value derived from X*Y, if a bit of the exponent equals 0. If a bit of the exponent equals 1, the first auxiliary quantity X is updated by X*Y or by a value derived from X*Y and the second auxiliary quantity Y is updated by Y<SUP>2 </SUP>or by a value derived from Y<SUP>2</SUP>. After sequentially processing all the bits of the exponent, the value of the first auxiliary quantity X is used as the result of the exponentiation. Thus a higher degree of security is obtained by homogenizing the time and current profiles. In addition, an increase in performance is enabled by a possible parallel performance of operations.
|
