When we need to compute $z = xy \text{ mod } N$ and the Montgomery Reduction of $x$ is $xR^{-1}$ why should the choice of R be $2^l$ where $l$ is the length of $N$ to the base $2$? Why cannot we have a larger $R$?
2026-03-26 06:30:53.1774506653
Montgomery Reduction - what should the choice of R be?
118 Views Asked by Bumbble Comm https://math.techqa.club/user/bumbble-comm/detail At
1
There are 1 best solutions below
Related Questions in MODULAR-ARITHMETIC
- How do I find the least x that satisfies this congruence properties?
- Counting the number of solutions of the congruence $x^k\equiv h$ (mod q)
- Remainder of $22!$ upon division with $23$?
- Does increasing the modulo decrease collisions?
- Congruence equation ...
- Reducing products in modular arithmetic
- Product of sums of all subsets mod $k$?
- Lack of clarity over modular arithmetic notation
- How to prove infinitely many integer triples $x,y,z$ such that $x^2 + y^2 + z^2$ is divisible by $(x + y +z)$
- Can $\mathbb{Z}_2$ be constructed as the closure of $4\mathbb{Z}+1$?
Related Questions in EXPONENTIATION
- exponential equation with different bases; no logarithms
- Is square root of $y^2$ for every $y>0,y\in\mathbb{R}$?
- Definite sum for $(1+a)^n$
- Fractional exponents definition and the additive law of exponents
- Fourth term in the expansion of $(1-2x)^{3/2}$
- Why is $\int_{0}^{t} e^{nt} \mathrm{\ dt} = \frac{1}{n} \left(e^{nt} - 1\right)$? [solved; notation is also faulty in the first place]
- Exponentiation property of the modulo operator
- When are $\left(\frac{a}{b}\right)^c$ and $\frac{a^c}{b^c}$ equivalent?
- How can I rewrite expression to get log out of exponent
- Compare $2^{2016}$ and $10^{605}$ without a calculator
Trending Questions
- Induction on the number of equations
- How to convince a math teacher of this simple and obvious fact?
- Find $E[XY|Y+Z=1 ]$
- Refuting the Anti-Cantor Cranks
- What are imaginary numbers?
- Determine the adjoint of $\tilde Q(x)$ for $\tilde Q(x)u:=(Qu)(x)$ where $Q:U→L^2(Ω,ℝ^d$ is a Hilbert-Schmidt operator and $U$ is a Hilbert space
- Why does this innovative method of subtraction from a third grader always work?
- How do we know that the number $1$ is not equal to the number $-1$?
- What are the Implications of having VΩ as a model for a theory?
- Defining a Galois Field based on primitive element versus polynomial?
- Can't find the relationship between two columns of numbers. Please Help
- Is computer science a branch of mathematics?
- Is there a bijection of $\mathbb{R}^n$ with itself such that the forward map is connected but the inverse is not?
- Identification of a quadrilateral as a trapezoid, rectangle, or square
- Generator of inertia group in function field extension
Popular # Hahtags
second-order-logic
numerical-methods
puzzle
logic
probability
number-theory
winding-number
real-analysis
integration
calculus
complex-analysis
sequences-and-series
proof-writing
set-theory
functions
homotopy-theory
elementary-number-theory
ordinary-differential-equations
circles
derivatives
game-theory
definite-integrals
elementary-set-theory
limits
multivariable-calculus
geometry
algebraic-number-theory
proof-verification
partial-derivative
algebra-precalculus
Popular Questions
- What is the integral of 1/x?
- How many squares actually ARE in this picture? Is this a trick question with no right answer?
- Is a matrix multiplied with its transpose something special?
- What is the difference between independent and mutually exclusive events?
- Visually stunning math concepts which are easy to explain
- taylor series of $\ln(1+x)$?
- How to tell if a set of vectors spans a space?
- Calculus question taking derivative to find horizontal tangent line
- How to determine if a function is one-to-one?
- Determine if vectors are linearly independent
- What does it mean to have a determinant equal to zero?
- Is this Batman equation for real?
- How to find perpendicular vector to another vector?
- How to find mean and median from histogram
- How many sides does a circle have?
Theoretically $R$ needs to be such that $2^{l-1} < N < R = 2^l$. But practically $l$ is chosen to be multiples of CPU word so if 1 word is 32 bits and $l$ comes out to be 30 as per above equation, l will instead be chosen as 32 and then $R = 2^{32}$.
$2^l$ is chosen because in computers, it is efficient to do operations like multiplication, division, modulus with powers of 2.
Multiplication by $2^l$ is equivalent to shifting first $l$ bits to the left (and put zero at the place of shifted bits).
Division by $2^l$ is equivalent to shifting first $l$ bits to the right.
Taking modulo $2^l$ is equivalent to choosing the first $l$ bits only.