Haibin Shen,Yier Jin

DOI: https://doi.org/10.1016/j.ipl.2008.01.012

IF: 0.851

2008-01-01

Information Processing Letters

Abstract:Based on the shifted polynomial basis (SPB), a high efficient bit-parallel multiplier for the field GF(2m) defined by an equally-spaced trinomial (EST) is proposed. The use of SPB significantly reduces time delay of the proposed multiplier and at the same time Karatsuba method is combined with SPB to decrease space complexity. As a result, with the same time complexity, approximately 3/4 gates of previous multipliers are used in the proposed multiplier.

Qiucheng Deng,Xuefei Bai,Li Guo,Yao Wang

DOI: https://doi.org/10.1109/primeasia.2009.5397344

2009-01-01

Abstract:In this paper, a fast hardware implementation of multiplicative inversion in GF(2m) using the optimal normal basis of type II is presented. The approach followed is based on the Sunar-Koc multiplier and the Itoh-Tsujii algorithm. Our design is able to compute multiplicative inversion in GF(2233) using only 26 clock cycles.

Yi’er Jin,Haibin Shen,Huafeng Chen,Xiaolang Yan

DOI: https://doi.org/10.1007/s11767-006-0257-4

2008-01-01

Abstract:A new structure of bit-parallel Polynomial Basis (PB) multiplier is proposed, which is based on a fast modular reduction method. The method was recommended by the National Institute of Standards and Technology (NIST). It takes advantage of the characteristics of irreducible polynomial, i.e., the degree of the second item of irreducible polynomial is far less than the degree of the polynomial in the finite fields GF(2 m ). Deductions are made for a class of finite field in which trinomials are chosen as irreducible polynomials. Let the trinomial be x m + x h +1, where 1 ≤ k ≤ [m/1]. The proposed structure has shorter critical path than the best known one up to date, while the space requirement keeps the same. The structure is practical, especially in real time cryptographic applications.

T Zhou,XJ Wu,GQ Bai,HY Chen

DOI: https://doi.org/10.1049/el:20020472

2002-01-01

Electronics Letters

Abstract:A new, efficient algorithm for modular inversion in Galois field GF(p) is presented. Very large scale integration (VLSI) implementation of the algorithm is described and the high performance and low silicon penalty is demonstrated.

T Zhou,XJ Wu,GQ Bai,HY Chen

DOI: https://doi.org/10.1109/icccas.2002.1179061

2002-01-01

Abstract:Modular inversion is one of the kernel arithmetic operations in public key cryptosystems, so the design of low-cost and high-speed hardware implementation is absolutely necessary. In this paper, an improved algorithm for prime fields is presented for hardware facilitation and optimization. The hardware-oriented algorithm involves only ordinary addition/subtraction, and does not need any modular operations or multiplication and division. All of the arithmetic operations in the algorithm can be accomplished by only one adder. These features make it very suitable for fast small VLSI implementation. The VLSI implementation of the algorithm is also given and shows the high performance and low silicon penalty.

Haining Fan,Masud Anwarul Hasan

DOI: https://doi.org/10.1109/TCSI.2006.883855

2006-01-01

Abstract:A new nonpipelined bit-parallel-shifted polynomial basis multiplier for GF(2n) is presented. For some irreducible trinomials, the space complexity of the multiplier matches the best results available in the literature, and its gate delay is equal to T A+lceillog2nrceilTX, where TA and TX are the delay of one two-input and and xor gates, respectively. To the best of our knowledge, this is the first time that the gate delay bound TA+lceillog2nrceilTX is reached. For some irreducible pentanomials, its gate delay is equal to TA +(1+lceillog2nrceil)TX. NIST has recommended five binary fields for the elliptic curve digital signature algorithm applications: GF(2163), GF(2233), GF(2 283), GF(2409), and GF(2571), but no irreducible trinomials exist for three degrees, viz., 163, 283 and 571. For the three corresponding binary fields, we show that the gate delay of the proposed multiplier is TA+(1+lceillog2nrceil)TX. This result outperforms the previously known results

HAN YONGXIANG,BAI GUOQIANG,CHEN HONGYI

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.02.001

2008-01-01

Abstract:On , through Extended Euclidean algorithm for binary polynomials, this paper presents a modular inversion circuit on affine coordinates. Base on Fermat's theorem, we designed a modular inversion circuit on standard projective coordinates, which can reuse multiplication and squaring modules. Comparison and analysis on their performances has been made. These circuits hold practical value, and the second one has been embedded in an ECC chip.

Xiaodong Yan,Shuguo Li

DOI: https://doi.org/10.1109/icasic.2007.4415574

2007-01-01

Abstract:This paper proposes a new, efficient algorithm for modular inversion in Galois field GF(p). This algorithm reduces the number of operations cycles required by 31% when compared with previous algorithms reported in the literature. The 256 bit modular inversion circuit based on the proposed algorithm is implemented in 0.18 mum CMOS standard cell technology. The synthesis result shows a significant speed-up in the same area complexity.

周涛,吴行军,白国强,陈弘毅

DOI: https://doi.org/10.3321/j.issn:1000-0054.2003.01.037

2003-01-01

Abstract:Modular inversion is one of the key arithmetic operations in public key cryptosystems, so low-cost, high-speed hardware implementation is absolutely necessary. This paper presents an algorithm for prime fields for hardware implementation. The algorithm involves only ordinary addition/subtraction and does not need any modular operations, multiplications or divisions. All of the arithmetic operations in the algorithm can be accomplished by only one adder, so it is very suitable for fast very large scale integration (VLSI) implementation. The VLSI implementation of the algorithm is also given with good performance and low silicon penalty.

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/trustcom.2015.399

2015-01-01

Abstract:Lattice based cryptography is considered as an important candidate for post-quantum cryptosystems. Various lattice based cryptosystems are based on the Ring learning with errors (Ring-LWE) problem. As a basic operation of Ring-LWE problem, polynomial multiplication over rings is the most critical and computationally intensive operation of these cryptosystems. In this paper, we exploit the number theoretic transform (NTT) to build a family of scalable polynomial multiplier architectures, which provide designers with a trade-off choice of speed vs. area. Our multiplier architectures reduce the required clock cycles from 8n+1.5n lg n) to (2n+1.5n lg n)/B, where n is the dimension of the polynomials and B is number of butterfly operators. The experimental results on a Spartan-6 FPGA show that our proposed polynomial multiplier (B = 2) achieves a speedup of 2.5 times on average and consumes less slices and block RAMs when compared with the state of art of compact design. On a Stratix FPGA, our polynomial multiplier (B = 4) is able to achieve a speedup of 1.2 times on average and save around 90% Memory ALUTs, 75% block memory bits, and 63% DSPs when compared with the state of art of high speed design. On a Spartan-6 FPGA, our polynomial multiplier (B = 8) is capable to calculate the product of two polynomials of degree 256/512/1024/2048 in 2.88/5.71/11.46/24.89 µs.

Ruoyu Wu,Ming Xu,Yingqing Yang,Guanzhong Tian,Ping Yu,Yangfan Zhao,Lian,Longhua Ma

DOI: https://doi.org/10.1109/tcsii.2022.3197314

2022-01-01

IEEE Transactions on Circuits & Systems II Express Briefs

Abstract:High-radix Montgomery Modular Multiplication (MMM) is flexible and consumes fewer cycles, but turns inefficient especially when it comes to low-bit calculation. In this brief, we propose a high-radix MMM algorithm, called Separated Iterative Digit-Digit Modular Multiplication (S-IDDMM), which accelerates the MMM by taking full advantage of multipliers and adders. The relationship among clock cycles, pipeline of multiplications and number of multipliers for the proposed algorithm is derived and utilized to optimize the overall efficiency jointly. Xilinx Virtex-7 FPGA implementations of S-IDDMM in 256 bits and 512 bits are constructed with radix-32 and radix-64, respectively. Compared with IDDMM design reported elsewhere (Amiet et al., 2016), our calculation time is reduced by more than 2 times with a similar area cost, due to deep use of multipliers and higher frequency.

Xiang Feng,Shuguo Li

DOI: https://doi.org/10.1109/tcsii.2018.2840108

2019-01-01

Abstract:This brief proposes a novel hardware structure for large integer multiplication in fully homomorphic encryption. We propose a method based on negative wrapped convolution to avoid zero padding in Strassen's algorithm, which can cut down half of the Fourier transform length. In addition, we also optimize the ping-pong fast Fourier transform algorithm by doubling the transform throughput and generating the round constant on the fly. Based on our proposed method and optimized algorithm, we design and implement a 768 k-bit integer multiplier on Altera Stratix V field-programmable gate array (FPGA). Implementation results on FPGA show that our structure outperforms the current competitors in area efficiency.

Haining Fan

DOI: https://doi.org/10.1109/TC.2015.2428704

2016-01-01

Abstract:We show that the step “modulo the degree-$n$ field generating irreducible polynomial” in the classical definition of the $GF(2^{n})$ multiplication operation can be avoided. This leads to an alternative representation of the finite field multiplication operation. Combining this representation and the Chinese Remainder Theorem, we design bit-parallel $GF(2^{n})$ multipliers for irreducible trinomials $u^n+u^k+1$ on $GF(2)$ where $1 < k \\le n/2$ . For some values of $n$ , our architectures have the same time complexity as the fastest bit-parallel multipliers—the quadratic multipliers, but their space complexities are reduced. Take the special irreducible trinomial $u^{2k}+u^k+1$ for example, the space complexity of the proposed design is reduced by about $1/8$ , while the time complexity matches the best result. Our experimental results show that among the 539 values of $n$ such that $4< n < 1{,}000$ and $x^n+x^k+1$ is irreducible over $GF(2)$ for some $k$ in the range $1 < k \\le n/2$ , the proposed multipliers beat the current fastest parallel multipliers for 290 values of $n$ when $(n-1)/3 \\le k \\le n/2$ : they have the same time complexity, but the space complexities are reduced by $8.4$ percent on average.

Chaohui Du,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1145/2902961.2902969

2016-01-01

Abstract:Many lattice-based cryptosystems are based on the security of the Ring learning with errors (Ring-LWE) problem. The most critical and computationally intensive operation of these Ring-LWE based cryptosystems is polynomial multiplication. In this paper, we exploit the number theoretic transform to build a high-speed polynomial multiplier for the Ring-LWE based public key cryptosystems. We present a versatile pipelined polynomial multiplication architecture to calculate the product of two $n$-degree polynomials in about (( n lg n )/4 + n /2) clock cycles. In addition, we introduce several optimization techniques to reduce the required ROM storage. The experimental results on a Spartan-6 FPGA show that the proposed hardware architecture can achieve a speedup of on average 2.25 than the state of the art of high-speed design. Meanwhile, our design is able to save up to 47.06% memory blocks.

Jiajun Zhang,Haining Fan

DOI: https://doi.org/10.1016/j.vlsi.2017.02.008

2017-01-01

Abstract:This paper presents new space complexity records for the fastest parallel GF(2n) multipliers for about 22% values of n such that a degree-n irreducible trinomial f=un+uk+1 exists over GF(2). By selecting the largest possible value of k∈(n/2,2n/3], we further reduce the space complexities of the Chinese remainder theorem (CRT)-based hybrid polynomial basis multipliers. Our experimental results show that among the 539 values of n∈[5,999] such that f is irreducible for some k∈[2,n−2], there are 317 values of n such that k∈(n/2,2n/3]. For these irreducible trinomials, the space complexities of the CRT-based hybrid multipliers are reduced by 14.3% on average. As a comparison, the previous CRT-based multipliers considered the case k∈[2,n/2], and the improvement rate is 8.4% on average for only 290 values of n among these 539 values of n.

Guangyan Li,Zewen Ye,Donglong Chen,Wangchen Dai,Gaoyu Mao,Kejie Huang,Ray C. C. Cheung

DOI: https://doi.org/10.1145/3689437

IF: 2.837

2024-08-27

ACM Transactions on Reconfigurable Technology and Systems

Abstract:Lattice-based cryptography (LBC) has been established as a prominent research field, with particular attention on post-quantum cryptography (PQC) and fully homomorphic encryption (FHE). As the implementing bottleneck of PQC and FHE, number theoretic transform (NTT) has been extensively studied. However, current works struggled with scalability, hindering their adaptation to various parameters, such as bit-width and polynomial length. In this paper, we proposed a novel Discrete Galois Transformation (DGT) algorithm utilizing the radix-4 variant to achieve a higher level of parallelism to the existing NTT. Furthermore, to implement the efficient radix-4 DGT adapting more LBCs, we proposed a set of scalable building blocks, including a modified Barrett modular multiplier accepting arbitrary modulus with only one integer multiplier, a radix-4 DGT butterfly unit, and a stream permutation network. The proposed modules are implemented on the Xilinx Virtex-7 and U250 FPGA to evaluate resource utilization and performance. Lastly, a design space exploration framework is proposed to generate optimized radix-4 DGT hardware constrained by polynomial and platform parameters. The sensitivity analysis showcases the generated hardware's performance and scalability. The implementation results on the Xilinx Virtex-7 and U250 FPGA show significant performance improvements over the state-of-the-art works, which reached at least 35%, 192%, and 68% area-time product improvements in terms of LUTs, BRAMs, and DSPs, respectively.

computer science, hardware & architecture

Wen-Ding Li,Ming-Shing Chen,Po-Chun Kuo,Chen-Mou Cheng,Bo-Yin Yang

DOI: https://doi.org/10.48550/arXiv.1802.03932

2018-02-12

Abstract:In ISSAC 2017, van der Hoeven and Larrieu showed that evaluating a polynomial P in GF(q)[x] of degree <n at all n-th roots of unity in GF($q^d$) can essentially be computed d-time faster than evaluating Q in GF($q^d$)[x] at all these roots, assuming GF($q^d$) contains a primitive n-th root of unity. Termed the Frobenius FFT, this discovery has a profound impact on polynomial multiplication, especially for multiplying binary polynomials, which finds ample application in coding theory and cryptography. In this paper, we show that the theory of Frobenius FFT beautifully generalizes to a class of additive FFT developed by Cantor and Gao-Mateer. Furthermore, we demonstrate the power of Frobenius additive FFT for q=2: to multiply two binary polynomials whose product is of degree <256, the new technique requires only 29,005 bit operations, while the best result previously reported was 33,397. To the best of our knowledge, this is the first time that FFT-based multiplication outperforms Karatsuba and the like at such a low degree in terms of bit-operation count.

Symbolic Computation,Computational Complexity

Honglin Kuang,Yifan Zhao,Yi Sun,Jun Han

DOI: https://doi.org/10.1109/ASICON58565.2023.10396597

2023-01-01

Abstract:We present a general vector instruction extension applicable for both ARM NEON and RISC-V Vector Extension. The extension targets efficient bit-manipulation and can provide considerable speedup for applications in GF(2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</sup> ) such as code-based post-quantum cryptography schemes. The effectiveness of the extension is evaluated by using the custom instructions to optimize the kernel operations in BIKE key-encapsulation schemes. We first innovate vectorized versions of bit-polynomial multiplication and inversion algorithms in GF(2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</sup> ) and propose vector instruction extension. Furthermore, a configurable hardware unit has been proposed to support custom operations of different bandwidths at little cost and constant latency. Both experiments on Xilinx UltraScale+ ZCU104 for ARM and simulations on gem5 for RISC-V have been carried out. Compared to portable C implementation, the result shows a speedup for bit-polynomial multiplication and inversion of up to 13x and 16x in ARM, 13x and 22x in RISC-V respectively.

Bin Li,Yunfei Yan,Yuanxin Wei,Heru Han

DOI: https://doi.org/10.1109/tvlsi.2023.3312423

2023-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:In lattice-based postquantum cryptography (PQC), polynomial multiplication is complex and time-consuming, which affects the overall computational efficiency. In addition, the parameters of different lattice-based algorithms require different number theoretic transform (NTT) structures, which limits the versatility of hardware design. To this end, this article proposes scalable and parallel optimization of the NTT based on a field-programmable gate array (FPGA). By analyzing the algorithm flow of the NTT, inverse NTT (INTT), and pointwise multiplication (PWM), an FPGA loosely coupled structure is designed, which can be used to place butterfly units of multiple pipelines in parallel and supports various modulo operations of a polynomial. In addition, to improve computing efficiency and scalability, key algorithm modules such as multipliers and modular reduction are deeply optimized. Moreover, the storage optimization of multiple RAM channels is carried out, and the alternate access control of data and the multiplexing of RAM resources reduce resource consumption and improve data access efficiency. For the SHA-3 algorithm, the scalable Keccak algorithm is implemented in a serial–parallel hybrid manner and supports multiple hash modes. Finally, taking the Dilithium algorithm as an example, through the parallelization of SHA-3 and NTT, the calculation cycle of key generation, signature, and verification is shortened. The experimental results and analysis show that the scheme in this article shortens the NTT calculation period while ensuring a high frequency, and the calculation time is significantly better than that of other schemes. Furthermore, it can support the optimized parallelization of multiple moduli and give full play to the computing advantages of an FPGA.

engineering, electrical & electronic,computer science, hardware & architecture

Kun Wang,Li,Hongbing Pan,Fan Feng,Xiao Yu

DOI: https://doi.org/10.1109/asicon.2015.7517169

2015-01-01

Abstract:This paper proposes a high performance matrix inversion hardware implementation which is divided into three steps, namely, LU decomposition, triangular matrix inversion, matrix multiplication. Our proposed design improve the performance of matrix inversion by parallel computing, and ensure the accuracy and stability through pivoting operation in LU decomposition. Experimental results show the speed- up ratio is almost 3 when the matrix order is 144, and the RMS is less than 10(-4). The design can reach a maximum delay of 0.6ns under the TSMC 40nm craft.