SWCU192 November 2021 CC1312R7 , CC1352P7 , CC2652P7 , CC2652R7
The sequencer controls modular exponentiation operations. Table 13-22 lists a summary of Modular Exponentiation (ExpMod) operations.
Function | Mathematical Operation | Vector A | Vector B | Vector C | Vector D |
---|---|---|---|---|---|
ExpMod-ACT2 | CA mod B → D | Exponent, length = A_Len | Modulus, length = B_Len | Base, length = B_Len | Result and workspace |
ExpMod-ACT4 | |||||
ExpMod-variable | |||||
ExpMod-CRT | — (See the computation steps in the following list.) | Exp P followed by Exp Q at the next highest even-word address(1), both A_Len long | Mod P + buffer word followed by Mod Q at next highest even-word address(2), both B_Len long | Q inverse, length = B_Len | Input, result (both 2 × B_Len long), and workspace |
The ExpMod-CRT operation performs the following computation steps:
The ExpMod-ACT2, ExpMod-ACT4, and ExpMod-variable functions implement the same mathematical operation but with a differently sized table with precalculated odd-numbered powers. The ExpMod-ACT2 function uses a table with two entries, and the ExpMod-ACT4 function uses a table with eight entries. The ACT4 version provides better performance but requires more memory.
ExpMod-variable and ExpMod-CRT allow a variable amount (from 1 up to and including 16) of odd powers to be selected through the register that is normally used to specify the number of bits to shift for shift operations.
For a user of the PKA engine, the exponentiation functions appear to be extensions of the set of PKCP functions. Input and result vectors are passed the same as for basic PKCP operations.
Table 13-23 lists the restrictions on the input vector for ExpMod operations.
Function | Requirements |
---|---|
ExpMod-ACT2 |
|
ExpMod-ACT4 | |
ExpMod-variable | |
ExpMod-CRT |
|
Table 13-24 lists the required scratchpad sizes for the exponentiation operations. The MLen in the table is the real modulus length (for Mod P in an ExpMod-CRT operation, for modulus B in other operations) in
32-bit words (that is, without trailing zero words at the end). If the last word of the modulus vector as given is nonzero, then MLen equals BLen.
Function | PKA Engine Type | Scratchpad Area Size (32-Bit Words)(1) |
---|---|---|
ExpMod-ACT2 | With LNME | 3 × [M_Len + 2 – (M_Len MOD 2)] + 10 |
PKCP-only | 5 × (M_Len + 2) | |
ExpMod-ACT4 | With LNME | 9 × [M_Len + 2 – (M_Len MOD 2)] |
PKCP-only | 11 × (M_Len + 2) | |
ExpMod-variable | With LNME | Maximum of 3 × [M_Len + 2 – (M_Len MOD 2)] + 10 and (odd-numbered powers + 1) × [M_Len + 2 – (M_Len MOD 2)] |
PKCP-only | (odd-numbered powers + 3) × (M_Len + 2) | |
ExpMod-CRT | With LNME | Maximum of 4 × [M_Len + 2 – (M_Len MOD 2)] + 10 and (odd-numbered powers + 2) × [M_Len + 2 – (M_Len MOD 2)] |
PKCP-only | (odd-numbered powers + 3) × (M_Len + 2) + [M_Len + 2 – (M_Len MOD 2)] |
Table 13-25 lists the result vector and input vector overlap restrictions.
Function | Result Vector | Restrictions |
---|---|---|
ExpMod-ACT2 | D | Scratchpad area starting at D may not overlap with any of the other vectors, except that Base C may be colocated with result vector D to save space (that is, PKA_CPTR = PKA_CPTR is allowed). |
ExpMod-ACT4 | ||
ExpMod-variable | ||
ExpMod-CRT | D | Scratchpad area starting at D may not overlap with any of the other vectors; this is also the location of the main input vector (with length 2 × B_Len). |
For exponentiation operations, the minimum size of the PKA RAM depends on the maximum modulus length and the number of odd-numbered powers. In addition, a fixed number of bytes is required as scratchpad for the sequencer firmware during execution of the exponentiation; this scratchpad must be at the end of the PKA RAM.
Table 13-26 depicts the RAM sizes required for exponentiation operations.
Modulus Size (Non-CRT) | One Odd-Numbered Power | > One Odd-Numbered Power(1) | |
---|---|---|---|
PKA_CPTR = PKA_DPTR | PKA_CPTR ≠ PKA_DPTR | ||
1024 bits | 808 bytes | 944 bytes | + 136 bytes per extra odd-numbered power |
2048 bits | 1576 bytes | 1840 bytes | + 256 bytes per extra odd-numbered power |
4096 bits | 3112 bytes | 3632 bytes | + 520 bytes per extra odd-numbered power |
Scratchpad | + 34 bytes (fixed, at end of PKA RAM) | ||
CRT Moduli | One Odd-Numbered Power | > One odd-numbered Power(1) | |
2 × 512 bits | 696 bytes | + 72 bytes per extra odd-numbered power | |
2 × 1024 bits | 1336 bytes | + 136 bytes per extra odd-numbered power | |
2 × 2048 bits | 2616 bytes | + 264 bytes per extra odd-numbered power | |
Scratchpad | + 72 bytes (fixed, at end of PKA RAM) |
Table 13-27 lists the maximum number of odd-numbered powers that can be used for different standard PKA RAM sizes and PKA engine types (non-CRT operations using PKA_CPTR = PKA_DPTR).
PKA Engine Type | Operation | Modulus and Exponent Sizes | Maximum Number of Odd-Numbered Powers for PKA RAM Sizes | |||
---|---|---|---|---|---|---|
1 kB | 2 kB | 4 kB | 8 kB | |||
With LNME | Non-CRT | 1024 bits | 4 | 11 | 16 | 16 |
2048 bits | NA | 4 | 12 | 16 | ||
4096 bits | NA | NA | 4 | 12 | ||
CRT | 2 × 512 bits | 6 | 16 | 16 | 16 | |
2 × 1024 bits | NA | 7 | 16 | 16 | ||
2 × 2048 bits | NA | NA | 8 | 16 | ||
PKCP only | Non-CRT | 1024 bits | 2 | 9 | 16 | 16 |
2048 bits | NA | 2 | 10 | 16 | ||
4096 bits | NA | NA | 2 | 10 | ||
CRT | 2 × 512 bits | 4 | 16 | 16 | 16 | |
2 × 1024 bits | NA | 5 | 16 | 16 | ||
2 × 2048 bits | NA | NA | 6 | 16 |
Table 13-28 lists example PKA RAM vector allocations for modular exponentiation operations with and without using CRT. The free space start address is the first free byte following the vector workspace. The sequencer execution scratchpad of 34 bytes (non-CRT) or 72 bytes (using CRT) must fit between the free space start address and the end of the PKA RAM.
The non-CRT operations use PKA_CPTR = PKA_DPTR to save space.
Engine and Operation | (sub-)Vector | Start Address Byte Offset | Size (Words) | Buffer (Words) | |
---|---|---|---|---|---|
With LNME (-PExx), non-CRT (ALENGTH = 0x040 BLENGTH = 0x040 four odd-numbered powers) | Exponent | 0x000 | (APTR = 0x000) | 64 | 0 |
Modulus | 0x100 | (BPTR = 0x040) | 64 | 2 | |
Base | 0x208 | (CPTR = 0x082) | 64 | 2 | |
Result | 0x208 | (DPTR = 0x082) | 64 | 2 | |
Vector workspace | 0x208 | (= result) | 5 × (62 + 2 – 0) = 330 | 0 | |
Free space | 0x730 | (1840 bytes used) | – | – | |
PKCP only (-A and -B), non-CRT (ALENGTH = 0x040 BLENGTH = 0x040 four odd-numbered powers) | Exponent | 0x000 | (APTR = 0x000) | 64 | 0 |
Modulus | 0x100 | (BPTR = 0x040) | 64 | 2 | |
Base | 0x208 | (CPTR = 0x082) | 64 | 2 | |
Result | 0x208 | (DPTR = 0x082) | 64 | 2 | |
Vector workspace | 0x208 | (= result) | 7 × (64 + 2) = 462 | 0 | |
Free space | 0x940 | (2368 bytes used) | – | – | |
With LNME (-PExx), using CRT (ALENGTH = 0x020 BLENGTH = 0x020 four odd-numbered powers) | Exp P | 0x000 | (APTR = 0x000) | 32 | 0 |
Exp Q | 0x080 | 32 | 0 | ||
Mod P | 0x100 | (BPTR = 0x040) | 32 | 2 | |
Mod Q | 0x188 | 32 | 2 | ||
Q inverse | 0x210 | (CPTR = 0x084) | 32 | 0 | |
Input, result | 0x290 | (DPTR = 0x0A4) | 64 | 0 | |
Vector workspace | 0x290 | (= result) | 6 × (32 + 2 – 0) = 204 | 0 | |
Free space | 0x5C0 | (1472 bytes used) | – | – | |
PKCP only (-A and -B), using CRT (ALENGTH = 0x020 BLENGTH = 0x020 four odd-numbered powers) | Exp P | 0x000 | (APTR = 0x000) | 32 | 0 |
Exp Q | 0x080 | 32 | 0 | ||
Mod P | 0x100 | (BPTR = 0x040) | 32 | 2 | |
Mod Q | 0x188 | 32 | 2 | ||
Q inverse | 0x210 | (CPTR = 0x084) | 32 | 0 | |
Input, result | 0x290 | (DPTR = 0x0A4) | 64 | 0 | |
Vector workspace | 0x290 | (= result) | 7 × (32 + 2) + 32 + 2 – 0 = 272 | 0 | |
Free space | 0x6D0 | (1744 bytes used) | – | – |