Flexible Design of a Modular Simultaneous Exponentiation Core


Name: mod_sim_exp
Created: Oct 16, 2012
Updated: Dec 15, 2021
SVN Updated: Aug 21, 2013
SVN: Browse
Latest version: download (might take a bit to start...)
Statistics: View
Bugs: 0 reported / 0 solved
Star2you like it: star it!

Other project properties

Category:Crypto core
Development status:Alpha
Additional info:FPGA proven
WishBone compliant: No
WishBone version: n/a
License: LGPL

Project information

The Modular Simultaneous Exponentiation core is a flexible hardware design to support modular simultaneous exponentiations in embedded systems. It is able to compute a double exponentiation as given by

g0e0⋅ g1e1 mod m

Where g0, g1 and m are n-bit numbers and the exponents e0 and e1 are t-bit numbers. This operation is commonly used in anonymous credential and authentication cryptosystems like DSA, Idemix, etc.. For this reason the core is designed with the use of large base operands in mind (n\=512, 1024, 1536 bit and more..). The hardware is optimized for these simultaneous exponentiations, but also supports single base exponentiations and single Montgomery multiplications. Flexibility is offered to the user by providing the possibility to split the multiplier pipeline into 2 smaller parts, so that in total 3 different base operand lengths can be supported. The length of the exponents can be chosen freely by the controlling software.

The goal of this project is to develop a general core that works on different systems (Xilinx, Altera, ...) and supports various bus interfaces like AXI, PLB and wishbone.

The driver source can be found at:


The architecture for the full IP core is shown in the figure below. It consists of 2 major parts, the actual exponentiation core (mod_sim_exp_core entity) and a bus interface wrapped around it.

The mod_sim_exp_core entity is the top level of the modular simultaneous exponentiation core. It is made up by 4 main blocks:

  • a pipelined Montgomery multiplier as the main processing unit
  • RAM to store the operands and the modulus
  • a FIFO to store the exponents
  • a control unit which controls the multiplier for the exponentiation and multiplication operations

For further information about the architecture and internal workings, see the documentation on SVN.


The design is working on both PLB and AXI with a generic operand RAM.
The project is no longer being maintained.