Efficient Modular Arithmetic for SIMD Devices

This paper describes several new improvements of modular arithmetic and how to exploit them in order to gain more efficient implementations of commonly used algorithms, especially in cryptographic applications. We further present a new record for modular multiplications per second on a single desktop computer as well as a new record for the ECM factoring algorithm. This new results allow building personal computers which can handle more than 3 billion modular multiplications per second for a 192 bit module at moderate costs using modern graphic cards.

💡 Research Summary

The paper “Efficient Modular Arithmetic for SIMD Devices” presents a suite of algorithmic improvements aimed at accelerating modular arithmetic on SIMD‑style parallel processors, particularly modern graphics cards. After outlining the stagnation of CPU clock speeds and the rise of heterogeneous computing platforms such as NVIDIA CUDA and the open standard OpenCL, the authors describe the architectural characteristics of SIMD devices: thousands of stream cores sharing a single instruction stream, limited branch synchronization, a hierarchy of memory (registers, local memory, global memory), and the importance of minimizing global memory traffic.

The core of the work focuses on modular reduction techniques. The authors review Barrett reduction and Montgomery reduction, noting that Barrett’s method requires only pre‑computed constants (µ, R) and consists solely of integer arithmetic, while Montgomery reduction works in a transformed residue system and typically needs an extra reduction step after each multiplication. For their implementation they choose Barrett reduction because it integrates more naturally with the subsequent optimizations.

A major contribution is the elimination of costly conditional branches. Two tiny “reduction after addition” and “reduction after subtraction” routines replace the usual if‑else logic with a single subtraction or addition followed by a one‑bit test. In OpenCL these become simple select operations that execute without divergence, preserving SIMD efficiency.

The authors then exploit a mathematical observation (Lemma 1) about Montgomery reduction: when the operands are bounded by 2R′ (or 3R′), the REDC function never exceeds 2R′, allowing intermediate reductions to be omitted. By allocating a word width two bits larger than the modulus (using 2ⁿ⁺² instead of 2ⁿ) and permitting intermediate values up to 2·m, they can chain multiplications without a reduction after every step. This reduces the number of reduction calls from 19 to 11 in their main loop.

Truncated multiplication is another key idea. When only the lower half of a product is needed (as in Barrett reduction), the authors compute it directly using a parameter ρ∈