Chen Su,Haining Fan

DOI: https://doi.org/10.1016/j.ipl.2012.03.012

IF: 0.851

2012-01-01

Information Processing Letters

Abstract:PCLMULQDQ, a new instruction that supports GF(2)[x] multiplication, was introduced by Intel in 2010. This instruction brings dramatic change to software implementation of multiplication in GF(2^m) fields. In this paper, we present improved Karatsuba formulae for multiplying two small binary polynomials, compare different strategies for PCLMULQDQ-based multiplication in the five GF(2^m) fields recommended by NIST and conclude the best design approaches to software implementation of GF(2)[x] multiplication.

Haibin Shen,Yier Jin

DOI: https://doi.org/10.1016/j.ipl.2008.01.012

IF: 0.851

2008-01-01

Information Processing Letters

Abstract:Based on the shifted polynomial basis (SPB), a high efficient bit-parallel multiplier for the field GF(2m) defined by an equally-spaced trinomial (EST) is proposed. The use of SPB significantly reduces time delay of the proposed multiplier and at the same time Karatsuba method is combined with SPB to decrease space complexity. As a result, with the same time complexity, approximately 3/4 gates of previous multipliers are used in the proposed multiplier.

Yi’er Jin,Haibin Shen,Huafeng Chen,Xiaolang Yan

DOI: https://doi.org/10.1007/s11767-006-0257-4

2008-01-01

Abstract:A new structure of bit-parallel Polynomial Basis (PB) multiplier is proposed, which is based on a fast modular reduction method. The method was recommended by the National Institute of Standards and Technology (NIST). It takes advantage of the characteristics of irreducible polynomial, i.e., the degree of the second item of irreducible polynomial is far less than the degree of the polynomial in the finite fields GF(2 m ). Deductions are made for a class of finite field in which trinomials are chosen as irreducible polynomials. Let the trinomial be x m + x h +1, where 1 ≤ k ≤ [m/1]. The proposed structure has shorter critical path than the best known one up to date, while the space requirement keeps the same. The structure is practical, especially in real time cryptographic applications.

Hua-feng CHEN,Hai-bin SHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2007.11.002

2007-01-01

Abstract:A parallel fast computation method was proposed for elliptic curve cryptography (ECC) point multiplication over characteristic 2 finite field. The method made use of hardware dynamic instruction schedule technique which applied instruction level parallelism in combination with thread level parallelism to improve the parallel computation performance. The structure designed by this method monitors the operation of arithmetic component and generates point multiplication instruction sequences dynamically before the decode stage. The dynamic schedule cuts the performance loss caused by the data hazards stall which cannot be solved by the data bypass or forwarding. The results achieved by the field programmable gate array (FPGA) implementation show that the proposed design can complete the elliptic curve point multiplication operation in Galois Fields GF (2193) in 22.7μs.

Long-mei Nan,Xiao-yang Zeng,Wei Li,Chen Lin,Yi-ran Du,Zi-bin Dai

DOI: https://doi.org/10.1109/icsict.2018.8565649

2018-01-01

Abstract:In order to enhance the performance of composite field multiplications (CFM) realized by RISC processors and VLIW processors, high-performance and flexible composite field multiplications special instructions targeted at cryptographic algorithms processing are designed in this paper. Through analyzing the processing characteristics of CFM operations in different cryptographic algorithms, the proposed CFM instructions can support CFM operations in different composite field GF(2 8 ) m , under different basic and extended field generating polynomials (g(x), m(x)). The values of m can be 1, 2, 3, and 4; generating polynomials can support PAGE0, PAGE1, PAGE2, PAGE3. Furthermore, expanded CFM instructions are also exploited to support the execution of each instruction forcefully too, which are very strong to finish CFM operations in GF(2 k ) when k=8×m (GF(2 8 ), GF(2 16 ), GF(2 24 ), GF(2 32 )). So the CFM special instructions designed can be used as ameliorative instructions for RISC and VLIW universal processors to advance the performance of cryptographic algorithms, keeping high flexibility of RISC and VLIW universal processors.

Yang Su,Bai-Long Yang,Chen Yang,Jing-Yuan He

DOI: https://doi.org/10.1007/s12652-020-02497-8

IF: 3.662

2020-09-02

Journal of Ambient Intelligence and Humanized Computing

Abstract:Composite Galois field multiplication is one of the most important and complex nonlinear arithmetic unit in symmetric cipher algorithms. However, current hardware implementations are hard to maintain high performance and flexibility. Based on reconfigurable technology, we propose a flexible architecture of composite Galois field multiplication (RCGFM) and dedicated instructions of composite Galois filed multiplication (ICGFM) over <span class="mathjax-tex">\(GF((2^{n} )^{m} )\)</span>, where <span class="mathjax-tex">\(n = 8,m = 1,2,3,4\)</span>. The RCGFM adopts a serial–parallel mixed structure, which can achieve different Galois field multiplications with good parallelism and scalability. By extending the <span class="mathjax-tex">\(x^{k} B\)</span> multiplications of serial chain, where <span class="mathjax-tex">\(k = 1,2,3\)</span>, the RCGFM can concurrently support the composite Galois filed multiplications with higher orders, such as <span class="mathjax-tex">\(GF((2^{8} )^{m} )\)</span>, where <span class="mathjax-tex">\(m \ge 5,m \in {\mathbb{Z}}^{ + }\)</span>. Moreover, in order to reduce the instruction overhead of target symmetric crypto processor, the ICGFM is specially designed, which is composed of operation and configuration instructions for <span class="mathjax-tex">\(x^{k} B\)</span> and <span class="mathjax-tex">\(A \times B\)</span> over <span class="mathjax-tex">\(GF((2^{n} )^{m} )\)</span>. The ICGFM can be applied to RCGFM structure efficiently and flexibly by configuring the corresponding parameters. The experimental results show that under 0.18 µm CMOS technology, the maximum clock frequency is 625 MHz, while the area of circuit is 11.2 kilo gates. Compared with current researches, the RCGFM structure can improve the throughput rate more than a factor of 1.36x–9.19x, when normalized to the same technology and per kilo gates, the technology-scaled throughput rate increases more than a factor of 1.25x–4.4x, while the area overhead does not increase significantly. In addition, the ICGFM can reduce 1–2 orders of magnitude the number of instructions compared with other works. At last, the reconfigurable architecture we proposed supports different composite Galois field multiplications over <span class="mathjax-tex">\(GF((2^{n} )^{m} )\)</span> with more flexibility and efficiency.

computer science, information systems,telecommunications, artificial intelligence

Martin Albrecht,Gregory Bard,William Hart

DOI: https://doi.org/10.48550/arXiv.0811.1714

2008-11-11

Mathematical Software

Abstract:We describe an efficient implementation of a hierarchy of algorithms for multiplication of dense matrices over the field with two elements (GF(2)). In particular we present our implementation -- in the M4RI library -- of Strassen-Winograd matrix multiplication and the "Method of the Four Russians" multiplication (M4RM) and compare it against other available implementations. Good performance is demonstrated on on AMD's Opteron and particulary good performance on Intel's Core 2 Duo. The open-source M4RI library is available stand-alone as well as part of the Sage mathematics software. In machine terms, addition in GF(2) is logical-XOR, and multiplication is logical-AND, thus a machine word of 64-bits allows one to operate on 64 elements of GF(2) in parallel: at most one CPU cycle for 64 parallel additions or multiplications. As such, element-wise operations over GF(2) are relatively cheap. In fact, in this paper, we conclude that the actual bottlenecks are memory reads and writes and issues of data locality. We present our empirical findings in relation to minimizing these and give an analysis thereof.

Longmei Nan,Xiaoyang Zeng,Qi Ding,Wei Li,Yiran Du,Lin Chen

DOI: https://doi.org/10.1109/iaeac.2018.8577824

2018-01-01

Abstract:High-performance and flexible finite field X multiplications special instructions targeted at cryptographic algorithms processing are proposed in this paper, in order to dispel the performance bottleneck of X multiplications realized by RISC and VLIW universal processors. Through analyzing the processing characteristics of X multiplications in different cryptographic algorithms, the proposed X-k multiplication instructions can support different processing data widths (8 bits, 16 bits, 32 bits, 64 bits, 128 bits), different k values (1 similar to 8), and instruction parallelism based on VLIW and operating several small data width at the same time are also designed with parallelism of 4, 2, 1 respectively. Furthermore, expanded X multiplication instructions are exploited to support the execution of each instruction forcefully too. The X multiplications special instructions designed can be used as ameliorative instructions for RISC and VLIW universal processors to advance the performance of cryptographic algorithms.

M. Anwar Hasan

DOI: https://doi.org/10.1109/tcsi.2006.883855

2006-01-01

IEEE Transactions on Circuits and Systems I Fundamental Theory and Applications

Abstract:A new nonpipelined bit-parallel-shifted polynomial basis multiplier for GF(2(n)) is presented. For some irreducible trinomials, the space complexity of the multiplier matches the best results avaliable in the literature, and its gate delay is equal to T-A + [log(2) n]T-X, where T-A and T-X are the delay of one two-input AND and XOR gates, respectively. To the best of our knowledge, this is the first time that the gate delay bound T-A + [log(2) n] T-X is reached. For some irreducible pentanomials, its gate delay is equal to T-A + (1 + [log(2) n])T-X. NIST has recommended five binary fields for the elliptic curve digital signature algorithm applications: GF(2(163)), GF((233)), GF((283)), GF(2(409)), and GF(2(571)), but no irreducible trinomials exist for three degrees, viz., 163, 283 and 571. For the three corresponding binary fields, we show that the gate delay of the proposed multiplier is T-A + (1 + [log(2) n])T-X. This result outperforms the previously known results.

Huafeng Chen,Yanbing Jiang,Buping Jin

DOI: https://doi.org/10.1007/978-1-4471-4802-9_11

2013-01-01

Abstract:A scalable architecture for efficient multiplication in finite fields GF (2 m ) was proposed. The proposed design had symmetric form with 64 × 64-bit inputs, supporting with any finite fields GF (2m ), where m < 320, and almost all irreducible polynomials. Due to the introduced fast unbalanced modular reduction method and Karatsuba like algorithm, fast operation was obtained. Unlike the most proposed bit-serial or digit-serial multiplier, data access of the symmetric multiplier was in accordance with the memory access pattern. And it also can be developed to meet the requirement of any GF (2 m ), where m > 320, through tiny change of control logic and register file. The analysis result showed it may improve the operation performance by 50 % over the NIST recommended curve of GF (2283) comparing with another original method. © 2013 Springer-Verlag.

Haining Fan

DOI: https://doi.org/10.1109/TC.2015.2428704

2016-01-01

Abstract:We show that the step “modulo the degree-$n$ field generating irreducible polynomial” in the classical definition of the $GF(2^{n})$ multiplication operation can be avoided. This leads to an alternative representation of the finite field multiplication operation. Combining this representation and the Chinese Remainder Theorem, we design bit-parallel $GF(2^{n})$ multipliers for irreducible trinomials $u^n+u^k+1$ on $GF(2)$ where $1 < k \\le n/2$ . For some values of $n$ , our architectures have the same time complexity as the fastest bit-parallel multipliers—the quadratic multipliers, but their space complexities are reduced. Take the special irreducible trinomial $u^{2k}+u^k+1$ for example, the space complexity of the proposed design is reduced by about $1/8$ , while the time complexity matches the best result. Our experimental results show that among the 539 values of $n$ such that $4< n < 1{,}000$ and $x^n+x^k+1$ is irreducible over $GF(2)$ for some $k$ in the range $1 < k \\le n/2$ , the proposed multipliers beat the current fastest parallel multipliers for 290 values of $n$ when $(n-1)/3 \\le k \\le n/2$ : they have the same time complexity, but the space complexities are reduced by $8.4$ percent on average.

Qiucheng Deng,Xuefei Bai,Li Guo,Yao Wang

DOI: https://doi.org/10.1109/primeasia.2009.5397344

2009-01-01

Abstract:In this paper, a fast hardware implementation of multiplicative inversion in GF(2m) using the optimal normal basis of type II is presented. The approach followed is based on the Sunar-Koc multiplier and the Itoh-Tsujii algorithm. Our design is able to compute multiplicative inversion in GF(2233) using only 26 clock cycles.

Lijuan Li,Shuguo Li

DOI: https://doi.org/10.1109/iscas.2017.8050627

2017-01-01

Abstract:Inversion over GF(2(m)) is crucial for cryptographic applications such as elliptic curve cryptography. The commonly used Itoh-Tsujii algorithm (ITA) computes the inversion by an entirely sequential process consisting of multiplications and squarings. In this paper, we first propose a modified ITA algorithm (MITA) for inversion with polynomial basis (PB). The MITA reduces the required clock cycles of ITA inversion by enabling the parallel computation between part of multiplications and squarings. Furthermore, we generalize the MITA to inversion with arbitrary addition chains. Several criteria are proposed to find the optimal addition chains (OACs) leading to the fastest inverters with given hardware resources. Implemented on Xilinx Virtex-4 FPGA, the proposed inversion architecture with a digit-serial multiplier achieves averagely 61% faster speed with 69% less resources than previous designs with normal basis. Using a fully combinational multiplier, the OAC inverters outperform existing PB-based designs by at least 60.9%, 35.1%, 94.9% for m = 163, 233, 283 respectively in terms of area-time product.

Honglin Kuang,Yifan Zhao,Yi Sun,Jun Han

DOI: https://doi.org/10.1109/ASICON58565.2023.10396597

2023-01-01

Abstract:We present a general vector instruction extension applicable for both ARM NEON and RISC-V Vector Extension. The extension targets efficient bit-manipulation and can provide considerable speedup for applications in GF(2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</sup> ) such as code-based post-quantum cryptography schemes. The effectiveness of the extension is evaluated by using the custom instructions to optimize the kernel operations in BIKE key-encapsulation schemes. We first innovate vectorized versions of bit-polynomial multiplication and inversion algorithms in GF(2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</sup> ) and propose vector instruction extension. Furthermore, a configurable hardware unit has been proposed to support custom operations of different bandwidths at little cost and constant latency. Both experiments on Xilinx UltraScale+ ZCU104 for ARM and simulations on gem5 for RISC-V have been carried out. Compared to portable C implementation, the result shows a speedup for bit-polynomial multiplication and inversion of up to 13x and 16x in ARM, 13x and 22x in RISC-V respectively.

H. Fan,M. A. Hasan

DOI: https://doi.org/10.1049/iet-ifs.2007.0132

2009-01-01

IET Information Security

Abstract:A new approach to subquadratic space complexity GF(2(n)) multipliers has been proposed recently. The corresponding algorithm for software implementations is developed. While its recursive implementation is as simple as that of the Karatsuba algorithm, it requires much less memory to store the look-up table. Therefore it is quite suitable for memory-constrained applications, for example smart cards.

Changbo Chen,Svyatoslav Covanov,Farnam Mansouri,Marc Moreno Maza,Ning Xie,Yuzhen Xie

DOI: https://doi.org/10.48550/arXiv.1612.05778

2016-12-17

Abstract:We propose a new algorithm for multiplying dense polynomials with integer coefficients in a parallel fashion, targeting multi-core processor architectures. Complexity estimates and experimental comparisons demonstrate the advantages of this new approach.

Symbolic Computation,Mathematical Software

Haining Fan,M. Anwar Hasan

DOI: https://doi.org/10.1016/j.ffa.2014.10.008

IF: 1.655

2015-01-01

Finite Fields and Their Applications

Abstract:This paper surveys bit-parallel multipliers for finite field GF(2n) according to i) quadratic and subquadratic arithmetic complexities of the underlying algorithms, ii) various bases used for representing the field elements, and iii) design approaches that rely on polynomial and matrix operations. Techniques for constructing space- and time-efficient multipliers are reviewed, and complexities of recent quadratic and subquadratic multipliers are summarized. For quadratic multipliers, the emphasis is placed on polynomial bases and their generalization. Low-degree Karatsuba–Toom formulae and their multiplication complexities are considered primarily for the subquadratic multipliers.

Guantong Su,Guoqiang Bai

DOI: https://doi.org/10.3390/electronics12051235

IF: 2.9

2023-03-05

Electronics

Abstract:Cryptosystems based on supersingular isogeny are a novel tool in post-quantum cryptography. One compelling characteristic is their concise keys and ciphertexts. However, the performance of supersingular isogeny computation is currently worse than that of other schemes. This is primarily due to the following factors. Firstly, the underlying field is a quadratic extension of the finite field, resulting in higher computational complexity. Secondly, the strategy for large-degree isogeny evaluation is complex and dependent on the elementary arithmetic units employed. Thirdly, adapting the same hardware to different parameters is challenging. Considering the evolution of similar curve-based cryptosystems, we believe proper algorithm optimization and hardware acceleration will reduce its speed overhead. This paper describes a high-performance and flexible hardware architecture that accelerates isogeny computation. Specifically, we optimize the design by creating a dedicated quadratic Montgomery multiplier and an efficient scheduling strategy that are suitable for supersingular isogeny. The multiplier operates on Fp2 under projective coordinate formulas, and the scheduling is tailored to it. By exploiting additional parallelism through replicated multipliers and concurrent isogeny subroutines, our 65 nm SMIC technology cryptographic accelerator can generate ephemeral public keys in 2.40 ms for Alice and 2.79 ms for Bob with a 751-bit prime setting. Sharing the secret key costs another 2.04 ms and 2.35 ms, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/trustcom.2015.399

2015-01-01

Abstract:Lattice based cryptography is considered as an important candidate for post-quantum cryptosystems. Various lattice based cryptosystems are based on the Ring learning with errors (Ring-LWE) problem. As a basic operation of Ring-LWE problem, polynomial multiplication over rings is the most critical and computationally intensive operation of these cryptosystems. In this paper, we exploit the number theoretic transform (NTT) to build a family of scalable polynomial multiplier architectures, which provide designers with a trade-off choice of speed vs. area. Our multiplier architectures reduce the required clock cycles from 8n+1.5n lg n) to (2n+1.5n lg n)/B, where n is the dimension of the polynomials and B is number of butterfly operators. The experimental results on a Spartan-6 FPGA show that our proposed polynomial multiplier (B = 2) achieves a speedup of 2.5 times on average and consumes less slices and block RAMs when compared with the state of art of compact design. On a Stratix FPGA, our polynomial multiplier (B = 4) is able to achieve a speedup of 1.2 times on average and save around 90% Memory ALUTs, 75% block memory bits, and 63% DSPs when compared with the state of art of high speed design. On a Spartan-6 FPGA, our polynomial multiplier (B = 8) is capable to calculate the product of two polynomials of degree 256/512/1024/2048 in 2.88/5.71/11.46/24.89 µs.

Junjie Jiang,Jing Chen,Jian Wang,Duncan S. Wong,Xiaotie Deng

2008-01-01

Abstract:We propose a new architecture for performing Elliptic Curve Scalar Multiplication (ECSM) on elliptic curves over GF (2). This architecture maximizes the parallelism that the proj ective version of the Montgomery ECSM algorithm can achieve. It completes one ECSM operation in about 2(m−1)(dm/De+4)+m cycles, and is at least three times the speed of the best known result currently available. When imp le ented on a Virtex-4 FPGA, it completes one ECSM operation overGF (2) in 12.5μs with the maximum achievable frequency of 222MHz. Two other i mplementation variants for less resource consumption are also proposed. O ur first variant reduces the resource consumption by almost 50% while still maintaining the utilization efficiency, whi ch is measured by a performance to resource consumption ratio. Our second variant achieves the best utilization effi ci ncy and in our actual implementation on an elliptic curve group overGF (2), it gives more than 30% reduction on resource consumption wh ile maintaining almost the same speed of computation as that of our original design. For achi eving this high performance, we also propose a modified finite field inversion algorithm which takes only m cycles to invert an element over GF (2), rather than2m cycles as the traditional Extended Euclid algorithm does, and this new design yields much better utilization of the cycle time.