METHOD AND DEVICE FOR CALCULATING THE RESULT OF AN EXPONENTIATION

摘要

For calculating the result of an exponentiation Bd, whereby B is a base and d is an exponent, which can be represented by a binary number of a plurality of bits, a first auxiliary variable X is firstly initialized to a value from 1 (102). A second auxiliary variable Y is then initialized to the base B (102). After this, the bits of the exponent are sequentially processed (104), as the first auxiliary variable X is updated with X2 or with a value derived from X2 and the second auxiliary variable Y is updated with X*Y or with a value derived from X*Y, if a bit of the exponent is equal to 0 (104a). If a bit of the exponent is equal to 1, the first auxiliary variable X is updated with X*Y or with a value derived from X*Y and the second auxiliary variable Y is updated with Y2 or with a value derived from Y2 (104b). After the sequential processing of all exponent bits, the value of the first auxiliary variable X is used as the exponentiation result (106). A high security is thus obtained by homogenizing the timing and power profile. The parallel computability also permits a performance gain.