Go Back

Source code


Name: mod_sim_exp
Created: Oct 16, 2012
Updated: Jul 6, 2013
SVN Updated: Aug 21, 2013

Other project properties

Category: Crypto core
Language: VHDL
Development status: Alpha
Additional info: FPGA proven
WishBone Compliant: No
License: LGPL

Project information

The Modular Simultaneous Exponentiation core is a flexible hardware design to support modular simultaneous exponentiations in embedded systems. It is able to compute a double exponentiation as given by


Where , and are -bit numbers and the exponents and are -bit numbers. This operation is commonly used in anonymous credential and authentication cryptosystems like DSA, Idemix, etc.. For this reason the core is designed with the use of large base operands in mind ( =512, 1024, 1536 bit and more..). The hardware is optimized for these simultaneous exponentiations, but also supports single base exponentiations and single Montgomery multiplications. Flexibility is offered to the user by providing the possibility to split the multiplier pipeline into 2 smaller parts, so that in total 3 different base operand lengths can be supported. The length of the exponents can be chosen freely by the controlling software.
The goal of this project is to develop a general core that works on different systems (Xilinx, Altera, ...) and supports various bus interfaces like AXI, PLB and wishbone.
The driver source can be found at: https://code.google.com/p/libmme/


The architecture for the full IP core is shown in the figure below. It consists of 2 major parts, the actual exponentiation core (mod_sim_exp_core entity) and a bus interface wrapped around it.
The mod_sim_exp_core entity is the top level of the modular simultaneous exponentiation core. It is made up by 4 main blocks:

  • a pipelined Montgomery multiplier as the main processing unit
  • RAM to store the operands and the modulus
  • a FIFO to store the exponents
  • a control unit which controls the multiplier for the exponentiation and multiplication operations
For further information about the architecture and internal workings, see the documentation on SVN.


The design is working on both PLB and AXI with a generic operand RAM.
Currently the possibility to run the multiplier on a higher clock than the bus clock is being implemented.