This Article 
 Bibliographic References 
 Add to: 
Optimum Digit Serial GF(2^m) Multipliers for Curve-Based Cryptography
October 2006 (vol. 55 no. 10)
pp. 1306-1311
Digit Serial Multipliers are used extensively in hardware implementations of elliptic and hyperelliptic curve cryptography. This contribution shows different architectural enhancements in Least Significant Digit (LSD) multiplier for binary fields GF(2^m). We propose two different architectures, the Double Accumulator Multiplier (DAM) and N-Accumulator Multiplier (NAM), which are both faster compared to traditional LSD multipliers. Our evaluation of the multipliers for different digit sizes gives optimum choices and shows that currently used digit sizes are the worst possible choices. Hence, one of the most important results of this contribution is that digit sizes of the form 2^l-1, where l is an integer, are preferable for the digit multipliers. Furthermore, one should always use the NAM architecture to get the best timings. Considering the time area product DAM or NAM gives the best performance depending on the digit size.

[1] N. Gura, S. Chang, H. Eberle, G. Sumit, V. Gupta, D. Finchelstein, E. Goupy, and D. Stebila, “An End-to-End Systems Approach to Elliptic Curve Cryptography,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2001), ÇK. Koç and C. Paar, eds., pp. 351-366, 2001.
[2] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Computation, vol. 48, pp. 203-209, 1987.
[3] N. Koblitz, “A Family of Jacobians Suitable for Discrete Log Cryptosystems,” Advances in Cryptology, Proc. Crypto '88, S. Goldwasser, ed., pp. 94-99, 1988.
[4] V. Miller, “Uses of Elliptic Curves in Cryptography,” Advances in Cryptology, Proc. CRYPTO '85, H.C. Williams, ed., pp. 417-426, 1986.
[5] G. Orlando and C. Paar, “A High-Performance Reconfigurable Elliptic Curve Processor for $GF(2^m)$ ,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2000), ÇK. Koç and C. Paar, eds., 2000.
[6] G. Orlando and C. Paar, “A Scalable $GF(p)$ Elliptic Curve Processor Architecture for Programmable Hardware,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2001), ÇK. Koç, D. Naccache, and C. Paar, eds., pp. 348-363, May 2001.
[7] R.L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Comm. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
[8] L. Song and K.K. Parhi, “Low Energy Digit-Serial/Parallel Finite Field Multipliers,” J. VLSI Signal Processing, vol. 19, no. 2, pp. 149-166, June 1998.
[9] VLSI Computer Architecture, Arithmetic, and CAD Research Group, Dept. of Electrical Eng., Illinois Inst. of Technology, Chicago, IIT Standard Cells for AMI 0.5µm and TSMC 0.25µm/0.18µm (Version 1.6.0), 2003, .

Index Terms:
Bit serial multiplier, digit serial multiplier, least significant digit multiplier, elliptic/hyperelliptic curve cryptography, public key cryptography.
Sandeep Kumar, Thomas Wollinger, Christof Paar, "Optimum Digit Serial GF(2^m) Multipliers for Curve-Based Cryptography," IEEE Transactions on Computers, vol. 55, no. 10, pp. 1306-1311, Oct. 2006, doi:10.1109/TC.2006.165
Usage of this product signifies your acceptance of the Terms of Use.