{"id":"https://openalex.org/W4294325189","doi":"https://doi.org/10.46586/tches.v2022.i4.163-187","title":"Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion","display_name":"Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion","publication_year":2022,"publication_date":"2022-08-31","ids":{"openalex":"https://openalex.org/W4294325189","doi":"https://doi.org/10.46586/tches.v2022.i4.163-187"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2022.i4.163-187","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i4.163-187","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9817/9322","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/9817/9322","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004549387","display_name":"Kavya Sreedhar","orcid":null},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kavya Sreedhar","raw_affiliation_strings":["Stanford University, Stanford, CA, USA"],"affiliations":[{"raw_affiliation_string":"Stanford University, Stanford, CA, USA","institution_ids":["https://openalex.org/I97018004"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090469068","display_name":"Mark Horowitz","orcid":"https://orcid.org/0000-0003-3245-7542"},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mark Horowitz","raw_affiliation_strings":["Stanford University, Stanford, CA, USA"],"affiliations":[{"raw_affiliation_string":"Stanford University, Stanford, CA, USA","institution_ids":["https://openalex.org/I97018004"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026966440","display_name":"Christopher Torng","orcid":"https://orcid.org/0000-0002-2385-619X"},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Torng","raw_affiliation_strings":["Stanford University, Stanford, CA, USA"],"affiliations":[{"raw_affiliation_string":"Stanford University, Stanford, CA, USA","institution_ids":["https://openalex.org/I97018004"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5004549387"],"corresponding_institution_ids":["https://openalex.org/I97018004"],"apc_list":null,"apc_paid":null,"fwci":2.2317,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.90352019,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"163","last_page":"187"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11693","display_name":"Cryptography and Residue Arithmetic","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11693","display_name":"Cryptography and Residue Arithmetic","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9861999750137329,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.635668933391571},{"id":"https://openalex.org/keywords/application-specific-integrated-circuit","display_name":"Application-specific integrated circuit","score":0.6234008073806763},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.5460401773452759},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.46996161341667175},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.4691687226295471},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4681644141674042},{"id":"https://openalex.org/keywords/hardware-acceleration","display_name":"Hardware acceleration","score":0.44634976983070374},{"id":"https://openalex.org/keywords/time-complexity","display_name":"Time complexity","score":0.43773218989372253},{"id":"https://openalex.org/keywords/field-programmable-gate-array","display_name":"Field-programmable gate array","score":0.36366918683052063},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.35634100437164307},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.32557791471481323},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.25764286518096924}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.635668933391571},{"id":"https://openalex.org/C77390884","wikidata":"https://www.wikidata.org/wiki/Q217302","display_name":"Application-specific integrated circuit","level":2,"score":0.6234008073806763},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.5460401773452759},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.46996161341667175},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.4691687226295471},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4681644141674042},{"id":"https://openalex.org/C13164978","wikidata":"https://www.wikidata.org/wiki/Q600158","display_name":"Hardware acceleration","level":3,"score":0.44634976983070374},{"id":"https://openalex.org/C311688","wikidata":"https://www.wikidata.org/wiki/Q2393193","display_name":"Time complexity","level":2,"score":0.43773218989372253},{"id":"https://openalex.org/C42935608","wikidata":"https://www.wikidata.org/wiki/Q190411","display_name":"Field-programmable gate array","level":2,"score":0.36366918683052063},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.35634100437164307},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.32557791471481323},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.25764286518096924},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tches.v2022.i4.163-187","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i4.163-187","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9817/9322","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:8a382dd46a974497a061033857ce7366","is_oa":true,"landing_page_url":"https://doaj.org/article/8a382dd46a974497a061033857ce7366","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 4 (2022)","raw_type":"article"},{"id":"pmh:oai:doaj.org/article:98d4c673131948d0a4ac22f01d663bed","is_oa":true,"landing_page_url":"https://doaj.org/article/98d4c673131948d0a4ac22f01d663bed","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 4 (2022)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2022.i4.163-187","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i4.163-187","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9817/9322","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7716153948","display_name":null,"funder_award_id":"DSSoC","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306230","display_name":"American Heart Association","ror":"https://ror.org/013kjyp64"},{"id":"https://openalex.org/F4320315684","display_name":"Stanford SystemX Alliance","ror":null},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4294325189.pdf","grobid_xml":"https://content.openalex.org/works/W4294325189.grobid-xml"},"referenced_works_count":64,"referenced_works":["https://openalex.org/W1493873707","https://openalex.org/W1496801598","https://openalex.org/W1529753904","https://openalex.org/W1540780472","https://openalex.org/W1550016006","https://openalex.org/W1554747120","https://openalex.org/W1583935850","https://openalex.org/W1606822455","https://openalex.org/W1649758727","https://openalex.org/W1681998736","https://openalex.org/W1910751411","https://openalex.org/W1913321306","https://openalex.org/W1989675557","https://openalex.org/W1996360405","https://openalex.org/W2001121794","https://openalex.org/W2003736153","https://openalex.org/W2004216036","https://openalex.org/W2014355030","https://openalex.org/W2025418297","https://openalex.org/W2029377897","https://openalex.org/W2034202310","https://openalex.org/W2054255249","https://openalex.org/W2063001983","https://openalex.org/W2073952448","https://openalex.org/W2080491095","https://openalex.org/W2084440794","https://openalex.org/W2109107584","https://openalex.org/W2118495140","https://openalex.org/W2123923527","https://openalex.org/W2132607847","https://openalex.org/W2136714656","https://openalex.org/W2143108881","https://openalex.org/W2152297169","https://openalex.org/W2152836635","https://openalex.org/W2152851586","https://openalex.org/W2171693610","https://openalex.org/W2463159614","https://openalex.org/W2575957503","https://openalex.org/W2592527754","https://openalex.org/W2767028443","https://openalex.org/W2781195426","https://openalex.org/W2785533954","https://openalex.org/W2884026699","https://openalex.org/W2885172320","https://openalex.org/W2888974282","https://openalex.org/W2899466157","https://openalex.org/W2900771846","https://openalex.org/W2904069009","https://openalex.org/W2943126371","https://openalex.org/W2951701972","https://openalex.org/W3020843872","https://openalex.org/W3046678272","https://openalex.org/W3082601075","https://openalex.org/W3115387218","https://openalex.org/W3158728252","https://openalex.org/W3164529969","https://openalex.org/W3165498570","https://openalex.org/W3189675058","https://openalex.org/W3206343681","https://openalex.org/W4213181947","https://openalex.org/W4232836212","https://openalex.org/W4240620085","https://openalex.org/W4245047333","https://openalex.org/W4298159580"],"related_works":["https://openalex.org/W2101846464","https://openalex.org/W1906038973","https://openalex.org/W2544231511","https://openalex.org/W1998559372","https://openalex.org/W2046484674","https://openalex.org/W2942475889","https://openalex.org/W2132165562","https://openalex.org/W2953704063","https://openalex.org/W4327635304","https://openalex.org/W2359847778"],"abstract_inverted_index":{"The":[0,73],"extended":[1],"GCD":[2],"(XGCD)":[3],"calculation,":[4],"which":[5],"computes":[6],"B\u00e9zout":[7],"coefficients":[8],"ba,":[9],"bb":[10,17],"such":[11],"that":[12,47,95,139,207],"ba":[13],"\u2217":[14,18],"a0":[15],"+":[16],"b0":[19],"=":[20],"GCD(a0,":[21],"b0),":[22],"is":[23,35,140,151,198,208,216],"a":[24,53,114],"critical":[25],"operation":[26],"in":[27,90,164,178,187],"many":[28],"cryptographic":[29],"applications.":[30],"In":[31],"particular,":[32],"large-integer":[33,115],"XGCD":[34,116,136,163,175,205],"computationally":[36],"dominant":[37],"for":[38,60,126,154,176,203],"two":[39],"applications":[40],"of":[41,82,98,181,211],"increasing":[42],"interest:":[43],"verifiable":[44],"delay":[45],"functions":[46],"square":[48],"binary":[49],"quadratic":[50],"forms":[51],"within":[52],"class":[54],"group":[55],"and":[56,123,142,147,150,172],"constant-time":[57,148,173,212],"modular":[58],"inversion":[59],"elliptic":[61],"curve":[62],"cryptography.":[63],"Most":[64],"prior":[65],"work":[66,215],"has":[67],"focused":[68],"on":[69,80],"fast":[70,145],"software":[71],"implementations.":[72],"few":[74],"works":[75],"investigating":[76],"hardware":[77,137],"acceleration":[78],"build":[79],"variants":[81,97],"Euclid\u2019s":[83],"division-based":[84],"algorithm,":[85],"following":[86],"the":[87,169,179,184,199,204],"approach":[88],"used":[89],"optimized":[91],"software.":[92],"We":[93,108,194],"show":[94],"adopting":[96],"Stein\u2019s":[99],"subtraction-based":[100],"algorithm":[101],"instead":[102],"leads":[103,132],"to":[104,134],"significantly":[105],"faster":[106,167,190],"hardware.":[107],"quantify":[109],"this":[110],"advantage":[111],"by":[112],"performing":[113],"accelerator":[117,138],"design":[118,160,197],"space":[119],"exploration":[120,131],"comparing":[121],"Euclid-":[122],"Stein-based":[124],"algorithms":[125],"various":[127],"application":[128],"requirements.":[129],"This":[130],"us":[133],"an":[135],"flexible":[141],"efficient,":[143],"supports":[144],"average":[146],"evaluation,":[149],"easily":[152],"extensible":[153],"polynomial":[155],"GCD.":[156],"Our":[157,214],"16nm":[158],"ASIC":[159,202],"calculates":[161],"1024-bit":[162],"294ns":[165],"(8x":[166],"than":[168,191],"state-of-the-art":[170,192],"ASIC)":[171],"255-bit":[174],"inverses":[177],"field":[180],"integers":[182],"modulo":[183],"prime":[185],"2255\u221219":[186],"85ns":[188],"(31\u00d7":[189],"software).":[193],"believe":[195],"our":[196],"first":[200],"high-performance":[201],"computation":[206],"also":[209],"capable":[210],"evaluation.":[213],"publicly":[217],"available":[218],"at":[219],"https://github.com/kavyasreedhar/sreedhar-xgcd-hardware-ches2022.":[220]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}