Secure Montgomery Multiplication and Repeated Squares for Modular Exponentiation

Abstract: The BMR16 circuit garbling scheme introduces gadgets that allow for ciphertext-free modular addition, while the multiplication of private inputs modulo a prime p can be done with 2(p - 1) ciphertexts as described in Malkin, Pastro, and Shelat's An algebraic approach to garbling. By using a residue number system (RNS), we can construct a circuit to handle the squaring and multiplication of inputs modulo a large N via the methods described in Hollman and Gorissen's multi-layer residue number system. We expand on the existing techniques for arithmetic modulo p to develop methods to handle arithmetic in a positional, base-p number system. We evaluate the ciphertext cost of both of these methods and compare their performance for squaring in various large moduli.