This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Fast Arithmetic for Public-Key Algorithms in Galois Fields with Composite Exponents
October 1999 (vol. 48 no. 10)
pp. 1025-1034

Abstract—This contribution describes a new class of arithmetic architectures for Galois fields $GF(2^k)$. The main applications of the architecture are public-key systems which are based on the discrete logarithm problem for elliptic curves. The architectures use a representation of the field $GF(2^k)$ as $GF((2^n)^m)$, where $k=n\cdot m$. The approach explores bit parallel arithmetic in the subfield $GF(2^n)$ and serial processing for the extension field arithmetic. This mixed parallel-serial (hybrid) approach can lead to fast implementations. As the core module, a hybrid multiplier is introduced and several optimizations are discussed. We provide two different approaches to squaring. We develop exact expressions for the complexity of parallel squarers in composite fields, which can have a surprisingly low complexity. The hybrid architectures are capable of exploring the time-space trade-off paradigm in a flexible manner. In particular, the number of clock cycles for one field multiplication, which is the atomic operation in most public-key schemes, can be reduced by a factor of $n$ compared to other known realizations. The acceleration is achieved at the cost of an increased computational complexity. We describe a proof-of-concept implementation of an ASIC for multiplication and squaring in $GF((2^n)^m)$, $m$ variable.

[1] C. Paar and P. Soria-Rodriguez, “Fast Arithmetic Architectures for Public-Key Algorithms over Galois Fields$GF((2^n)^m)$,” Advances in Cryptography—EUROCRYPT '97, W. Fumy, ed., pp. 363-378, 1997.
[2] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, Fla., 1996, pp. 543-590.
[3] V.S. Miller, "Use of Elliptic Curves in Cryptography," Advances in Cryptology—Crypto 85, Lecture Notes in Computer Science, H.C. Williams, ed., Vol. 218, Springer-Verlag, New York, 1986, pp. 417-426.
[4] N. Koblitz, "Hyperelliptic Cryptosystems," J. Cryptology, vol. 1, no. 3, pp. 129-150, 1989.
[5] E. Mastrovito, “VLSI Architectures for Computation in Galois Fields,” PhD thesis, Dept. of Electrical Eng., Linköping Univ., Sweden, 1991.
[6] A. Schönhage and V. Strassen, “Schnelle Multiplikation großer Zahlen,” Computing, vol. 7, pp. 281-292, 1971.
[7] D. Cantor and E. Kaltofen, “On Fast Multiplication of Polynomials over Arbitrary Algebras,” Acta Informatica, vol. 28, pp. 693-701, 1991.
[8] G. Harper, A. Menezes, and S. Vanstone, “Public-Key Cryptosystems with Very Small Key Lengths,” Advances in Cryptology—EUROCRYPT '92, R. Rueppel, ed., pp. 163-173, May 1992.
[9] E. De Win, A. Bosselaers, S. Vanderberghe, P. De Gersem, and J. Vandewalle, “A Fast Software Implementation for Arithmetic Operations in$\big. {\rm GF(2^n)}\bigr.$,” Advances in Cryptology, Proc. Asiacrypt '96, K. Kim and T. Matsumoto, eds., pp. 65-76, 1996.
[10] J. Guajardo and C. Paar, “Efficient Algorithms for Elliptic Curve Cryptosystems,” Advances in Cryptology—CRYPTO 97, B.S. Kaliski, ed., pp. 342-356, 1997.
[11] E.D. Mastrovito,"VLSI Design for Multiplication over Finite Fields," LNCS-357, Proc. AAECC-6, pp. 297-309,Rome, July 1988, Springer-Verlag.
[12] M.A. Hasan, M. Wang, and V.K. Bhargava, Modular Construction of Low Complexity Parallel Multipliers for a Class of Finite Fields$GF(2^m)$ IEEE Trans. Computers, vol. 41, no. 8, pp. 962-971, Aug. 1992.
[13] S.T.J. Fenn, M. Benaissa, and D. Taylor, $GF(2^m)$Multiplication and Division over the Dual Basis IEEE Trans. Computers, vol. 45, no. 3, pp. 319-327, Mar. 1996.
[14] G-L. Feng,"A VLSI Architecture for Fast Iinversion inGF(2m)," IEEE Trans. Computers, vol. 38, no. 10, pp. 1,383-1,386, Oct. 1989.
[15] M. Morii and M. Kasahara, “Efficient Construction of Gate Circuit for Computing Multiplicative Inverses over$GF(2^m)$,” Trans. IEICE, vol. E72, pp. 37-42, Jan. 1989.
[16] S.T.J. Fenn, M. Benaissa, and D. Taylor, Finite Field Inversion over the Dual Basis IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 4, no. 1, pp. 134-136, Mar. 1996.
[17] W. Geiselmann and D. Gollmann, “VLSI Design for Exponentiation in$\big. {\rm GF}(2^m)\bigr.$,” Proc. AUSCRYPT '90, pp. 398-405, 1990.
[18] C.C. Wang and D. Pei, "A VLSI Design for Computing Exponentiation in GF(2m) and Its Application to Generate Pseudorandom Number Sequences," IEEE Trans. Computers, vol. 39, no. 2, pp. 258-262, Feb. 1990.
[19] M. Hasan and V. Bhargava, “Low Complexity Architecure for Exponentiation in$GF(2^m)$,” Electronics Letters, vol. 28, pp. 1,984-1,986, Oct. 1992.
[20] L. Song and K.K. Parhi, “Low Energy Digit-Serial/Parallel Finite Field Multipliers,” J. VLSI Signal Processing, vol. 19, pp. 149-166, June 1998.
[21] I.S. Hsu,T.K. Truong,L.J. Deutsch, and I.S. Reed,"A Comparison of VLSI Architectures of Finite Field Multipliers Using Dual, Normal or Standard Bases," IEEE Trans. Computers, vol. 37, no. 6, pp. 735-737, June 1988.
[22] Y. Jeong and W. Burleson, “Choosing VLSI Algorithms for Finite Field Arithmetic,” Proc. IEEE Symp. Circuits and Systems, ISCAS 92, pp. 799-802, 1992.
[23] C. Paar and N. Lange, “A Comparative VLSI Synthesis of Finite Field Multipliers,” Proc. Third Int'l Symp. Comm. Theory and Its Applications, Lake District, U.K., July 1995.
[24] G. Agnew, R. Mullin, I. Onyschuk, and S. Vanstone, “An Implementation for a Fast Public-Key Cryptosystem,” J. Cryptography, vol. 3, 1991.
[25] W. Gollmann, “Algorithmenentwurf in der Kryptographie,” Habilitation, Fakultät für Informatik, Universität Karlsruhe, Germany, Aug. 1990.
[26] K. Yiu and K. Peterson, “A Single-Chip VLSI Implemenation of the Discrete Exponential Public-Key Distribution System,” IBM Systems J., vol. 15, no. 1, pp. 102-116, 1982.
[27] G.B. Agnew, R.C. Mullin, and S.A. Vanstone, An Implementation of Elliptic Curve Cryptosystems over$F_{2^{155}}$ IEEE J. Selected Areas in Comm., vol. 11, no. 5, pp. 804-813, June 1993.
[28] S. Lin and D. J. Costello,Error Control Coding: Fundamentals and Applications. Englewood Cliffs, NJ: Prentice-Hall, 1983.
[29] T. Beth and D. Gollmann, “Algorithm Engineering for Public Key Algorithms,” IEEE J. Selected Areas in Comm., vol. 7, no. 4, pp. 458-466, 1989.
[30] N. Weste and K. Eshraghian, Principles of CMOS VLSI Design, Addison-Wesley, 1994.
[31] R. Lidl and H. Niederreiter, Finite Fields. Reading, Mass.: Addison-Wesley, 1983.
[32] G. Seroussi, “Table of Low-Weight Binary Irreducible Polynomials,” Technical Report HPL-98-135, HP Labs, 1998.
[33] V. Afanasyev, “On the Complexity of Finite Field Arithmetic,” Proc. Fifth Joint Soviet-Swedish Int'l Workshop Information Theory, pp. 9-12, Moscow, Jan. 1991.
[34] C. Paar, “A New Architecture for a Parallel Finite Field Multiplier with Low Complexity Based on Composite Fields,” IEEE Trans. Computers, vol. 45, no. 7, pp. 846-861, July 1996.
[35] W. Geiselmann, “Algebraische Algorithmenentwicklung am Beispiel der Arithmetik in Endlichen Körpern,” PhD thesis, Universität Karlsruhe, Fakultät für Informatik, Institut für Algorithmen und Kognitive Systeme, Karlsruhe, Germany, 1993.
[36] R.C. Mullin,I.M. Onyszchuk,S.A. Vanstone, and R.M. Wilson,"Optimal Normal Bases inGF(pn)," Discrete Applied Maths., pp. 142-169, 1988/89.
[37] D. Knuth, The Art of Computer Programming, Vol. 2, Addison-Wesley, Reading, Mass., 1998.
[38] A. Menezes, Elliptic Curve Public Key Cryptosystems. Kluwer Academic, 1993.
[39] M. Lehky, M. Nappi, and P. Soria-Rodriguez, “Coprocessor Board for Cryptographic Applications,” major qualifying project (senior thesis), Electrical and Computer Eng. Dept., Worcester Polytechnic Inst., Worcester, Mass., May 1996.
[40] M. Rosner, “Elliptic Curve Cryptosystems on Reconfigurable Hardware,” master's thesis, Electrical and Computer Eng. Dept., Worcester Polytechnic Inst., Worcester, Mass., May 1998.
[41] L. Adleman and J. DeMarrais, “A Subexponential Algorithm for Discrete Logarithms over All Finite Fields,” Advances in Cryptography—CRYPTO '93, D. Stinson, ed., pp. 147-158, 1993.

Index Terms:
Galois field, multiplication, squaring, VLSI, implementation, cryptography, elliptic curves.
Citation:
Christof Paar, Peter Fleischmann, Pedro Soria-Rodriguez, "Fast Arithmetic for Public-Key Algorithms in Galois Fields with Composite Exponents," IEEE Transactions on Computers, vol. 48, no. 10, pp. 1025-1034, Oct. 1999, doi:10.1109/12.805153
Usage of this product signifies your acceptance of the Terms of Use.