Chinese Remainder Theorem Approach to Montgomery-Type Algorithms
Guangwu Xu, Yiran Jia, Yanze Yang
TL;DR
The paper addresses the opacity of Montgomery-type modular reductions by introducing a Chinese Remainder Theorem (CRT) framework derived from Qin's Identity, which unifies the derivation and analysis of Montgomery reduction and its variants. It shows how the core reduction $TR^{-1} \pmod N$ (with $R$ a power of two) can be derived as $r = (T - mN)/R$ using $m \equiv TN^{-1} \pmod R$, and it extends this CRT viewpoint to interpret Seiler's Signed Montgomery, Plantard's reductions, and related signed variants. The authors provide rigorous CRT-based derivations, identify correctness conditions, and present counterexamples (notably for $\alpha=0$ in Plantard-type schemes) that expose erroneous designs, while highlighting parameter regimes (e.g., $R=2^{2n}$ and $N < 2^n/\phi$, or $\alpha \ge 1$ in signed variants) where the methods are valid. This framework yields a transparent, uniform method for validating Montgomery-type reductions and is relevant for applications in lattice-based and post-quantum cryptography that rely on efficient modular reduction.
Abstract
This paper explores the ability of the Chinese Remainder Theorem formalism to model Montgomery-type algorithms. A derivation of CRT based on Qin's Identity gives Montgomery reduction algorithm immediately. This establishes a unified framework to treat modular reduction algorithms of Montgomery-type. Several recent notable variants of Montgomery algorithm are analyzed, validation of these methods are performed within the framework. Problems in some erroneous design of reduction algorithms of Montgomery-type in the literature are detected and counter examples are easily generated by using the CRT formulation.