Quaternary Reed-Muller Expansions of Mixed Radix Arguments in Cryptographic Circuits by Rafiev A et al.
Quaternary Reed-Muller Expansions of Mixed Radix Arguments
in Cryptographic Circuits
Ashur Rafiev, Julian P. Murphy, Alex Yakovlev
School of Electrical, Electronic & Computer Engineering, Newcastle University
{ashur.rafiev, j.p.murphy, alex.yakovlev}@ncl.ac.uk
Abstract
Circuits built using multi-valued fixed polarity Reed-
Muller expansions based on Galois field arithmetic, in par-
ticular quaternary expansions over GF(4), normally dis-
play high efficiency in terms of power consumption, area,
etc. However, security application specific gate level map-
ping shows inefficient results for uniform radix expansions.
The idea of the research here is to consolidate binary and
quaternary Galois field arithmetic within a single circuit in
such a way that the mathematical representations can ben-
efit down to the gate level model. A direct method to com-
pute quaternary fixed polarity Reed-Muller expansions of
mixed radix arguments is proposed and implemented in a
synthesis tool. The results for the various types of power-
balanced signal encoding catered for the security applica-
tion are compared and analysed.
1. Introduction
The research presented in this article attempts at finding
optimisation techniques for cryptographic logic synthesis
where the key qualities are power, area and security met-
rics. Security is considered in the scope of side-channel
attacks, e.g. differential power analysis [1]. Data indepen-
dent (balanced) switching of wires improves the protection
against differential power analysis attacks [2, 3] and can be
achieved using switching-balanced data encoding, e.g. m-
of-n.
M-of-n codes are an encoding scheme in which data is
represented using n wires and where m of them are set to
an active level (usually high). A protocol separating data
using dummy symbols (spacers) is called a spacer protocol.
Circuits based on m-of-n codes, typically 1-of-4 or 1-of-
2 (dual-rail), over the years have been used in a number
of areas of electronics, in particular clockless circuits and
networks-on-chip [4].
M-of-n codes other than dual-rail imply multi-valued
logic (MVL) synthesis. Unfortunately the conventional
EDA flow considers neither MVL synthesis nor encoding
of data signals, hence it is not directly applicable for the
security aware design. From this point of view the use of
enhanced synthesis techniques is definitely more desirable,
in particular the use of logic synthesis based on Galois field
arithmetic which is natural for cryptography.
Computation of the quaternary Reed-Muller expansions
over Galois fields of radix 4 has a long research history
[5, 6, 7, 8, 9, 10]. These expansions are popular due to
the efficiency of their hardware implementations and testa-
bility. These expansions have a form of the sum of products
in Galois field arithmetic. A computation algorithm gives
the expansion in a form of mathematical equation. The next
task is to efficiently decompose it into the hardware compo-
nents.
The efficient mapping from mathematical equations into
a gate level netlist becomes a significant problem since con-
crete gate level implementations of Galois field arithmetic
components in different radices, encodings and trade-offs
between balancing and power costs have different merits
and demerits as discussed in Section 5. For example, ef-
ficient for data transfer multi-valued signals may introduce
considerable overhead in the corresponding logic imple-
mentation. Hence it appears impossible to find a globally
optimal choice for the radix with respect to security con-
text.
The known solution to the problem is to combine arith-
metic over GF(2) and GF(4) within a scope of one expan-
sion to uncover an area for further optimisations. Thus
the advantages of different components may be consoli-
dated within a single circuit, and the optimisation can be
based on considering the real power and area costs of the
components. Previous research in Reed-Muller expansions
tends to optimise the computation time while the area of
mixed radix Galois field arithmetic has been barely ex-
plored [11, 12]. Most of mixed radix related works were
dedicated to the radix reconversion approach. The main
goal of the research presented in this article is a deeper
investigation of mixing radices in Reed-Muller expansions
39th International Symposium on Multiple-Valued Logic
0195-623X/09 $25.00 © 2009 IEEE
DOI 10.1109/ISMVL.2009.21
370
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
+ 0 1 A B
0 0 1 A B
1 1 0 B A
A A B 0 1
B B A 1 0
× 0 1 A B
0 0 0 0 0
1 0 1 A B
A 0 A B 1
B 0 B 1 A
Figure 1. Addition and multiplication over
GF(4)
and analysis of possible benefits in terms of security appli-
cation.
The main aspects of the article can be listed as follows:
1. Mixed radix optimisations within one expansion. One
of the key benefits of the proposed mixed radix ap-
proach is that uniform mathematical representation of
values allows avoiding the use of additional signal con-
version logic between radices thus optimising the num-
ber of operations performed.
2. Gate mapping optimisations in various balanced en-
codings for security purposes. The idea is to use the
flexibility of mixed radix approach to optimise across
a number of the key parameters, hence the resultant cir-
cuits will derive less switching activity from the qua-
ternary components and less area from the binary ones.
This paper is organised as follows: Section 2 defines ba-
sic notions for fixed polarity Reed-Muller expansions and
shortly describes Green’s direct method to compute the qua-
ternary expansions. Section 3 starts with the definition of
quaternary expansions of binary arguments and then intro-
duces a general case of mixed radix Reed-Muller expan-
sions. Sections 4 and 5 are related with the gate level map-
ping of expansions. Section 6 presents synthesis results and
compares the applied methods. The last section concludes
the work and suggests areas for future work.
2. Basic notions
Galois field denoted as GF(p) is an algebraic structure
consisting of a set of p elements and operations of addi-
tion and multiplication. This article covers binary and qua-
ternary Galois fields, namely GF(2) and GF(4). In GF(2)
the operation of addition refers to the binary XOR opera-
tion, and the operation of multiplication refers to the binary
AND. Denoting elements of GF(4) as 0, 1, A, and B, addi-
tion and multiplication over GF(4) can be defined as shown
in Figure 1. Extended description and properties of Galois
fields can be found in [13].
Binary and multi-valued functions can be represented us-
ing XOR sum of products, in particular case Reed-Muller
(RM) expansions.
Definition 1 Literal x˜ of the p-valued variable x is the one
of p possible polarity forms (x+ c); c is an element of
GF(p) denoting the literal. For binary case the literal forms
of the variable x are x+ 0 = x, x+ 1 = x over GF(2). In
quaternary case the literals of x are x+ 0 = x, x+ 1 = x˙,
x+A = x¨, x+B = x over GF(4).
In a fixed polarity RM expansion each variable must be
represented by the same literal throughout the expansion.
Definition 2 For an n-variable p-valued function
f (x1, . . . , xn) polarity number k is defined as the
decimal equivalent 〈k〉10 of the p-nary number 〈kn . . . k1〉p
where single digit ki denotes the literal x˜i. Thus for
a single fixed polarity RM expansion k is a constant,
and there exist pn fixed polarity RM expansions for any
n-variable p-valued function.
Definition 3 General canonical RM expansion for an
n-variable p-valued function is defined as follows:
f (x1, . . . , xn) =
pn−1∑
i=0
ai
 n∏
j=1
x˜
ij
j
 over GF(p) (1)
where i is a decimal equivalent of a p-nary number
〈in . . . i1〉p. Vector a =
[
a0 . . . apn−1
]t
is a coef-
ficient vector.
For example, the Reed-Muller expansion of zero po-
larity for a quaternary function of one argument takes the
form (2).
f (x) = a0 + a1x+ a2x2 + a3x3 over GF(4) (2)
According to Green’s direct method [7] of computation
of quaternary fixed polarity RM expansions the coefficient
vector can be calculated using the following equation:
a =Wn〈k〉 · d (3)
Wn〈k〉 =Wkn ⊗Wkn−1 ⊗ . . .⊗Wk1
where d is the truth vector of the function f (x1, . . . xn),
⊗ is a Kronecker matrix product. Matrices W0, W1, W2,
W3 are defined. The computation of quaternary RM ex-
pansions of n-variable function corresponds directly to the
computation of the matrices Wn〈k〉 for all polarity numbers
k = {0, . . . , 4n − 1}. More efficient RM computation al-
gorithms than direct method exist [5, 6, 8, 9, 10]. However
this article is based on the direct method as it is clear for
understanding the basics of fixed polarity RM expansions.
371
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
+ 0 1 A B
0 0 1 A B
1 1 0 B A
× 0 1 A B
0 0 0 0 0
1 0 1 A B
Figure 2. Addition andmultiplication of mixed
radix operands
3. Mixed radix Reed-Muller expansions
3.1. Quaternary expansions of binary arguments
Any 4-valued variable xj can be represented in an iso-
morphic way with a pair of 2-valued variables [y2j−1, y2j ].
An intuitive solution to accommodate different radices
within one circuit is to use signal conversion. In other
words, the circuit can be split into parts employing different
radix logic connected using the components adapting sig-
nals from one radix to another. In Galois field arithmetic
this conversion can be expressed in a convenient mathemat-
ical representation. For example, GF
(
N2
) → GF (N)
correspondence is typically implemented as GF2 (N) →
GF (N) [12].
However, GF (N) → GF (N2) correspondence is
trivial since N -valued variables can always be assigned
to M -valued variables if N ≤ M . In our case all binary
variables can be considered as quaternary constrained to
the values 0 and 1. For example, let’s assume that the
function g (x) is similar to f (x) in (2) but its argument
can be assigned only 0 or 1. Then x = x2 = x3 and the
expansion takes the form:
g (x) = c0 + c1x over GF(4)
where c0 = a0, c1 = a1 + a2 + a3; c0, c1 ∈ GF(4).
Consequently, considering x as a binary variable, the oper-
ations of mixed radix operands can be defined as shown in
Figure 2. Regardless of the binary radix of the argument
the multiplication by quaternary constants will produce a
quaternary result for the function g (x) thus defining the no-
tion of quaternary function of binary arguments or binary-
to-quaternary (b→ q) function for simplicity.
Replacing the argument x in (2) with two 2-valued
arguments y1, y2 the function f (x) takes the form:
fb→q ([y1, y2]) = b0 + b1y1 + b2y2 + b3y1y2
Term y1y2 can be calculated over GF(2) since the argu-
ments are binary.
Similarly to (3) the coefficient vector b =[
b0 b1 b2 b3
]t
can be calculated as follows:
b = Q2〈0〉 · d
Q2〈0〉 =

1 0 0 0
1 1 0 0
1 0 1 0
1 1 1 1

=
[
1 0
1 1
]
⊗
[
1 0
1 1
]
= Q0 ⊗Q0
Consequently in general case (1) for the binary-to-
quaternary function fb→q (y1, . . . , y2n) takes the form:
fb→q ([y1, y2] , . . . , [y2n−1, y2n]) =
22n−1∑
i=0
bi
 2n∏
j=1
y˜
ij
j

where i is a decimal equivalent of a binary number
〈i2n . . . i1〉2. The product part of the expression can be cal-
culated over GF(2), and the rest of the expression can be
calculated over GF(4).
A direct method to compute the coefficient vector
b =
[
b0 . . . b22n−1
]t
is similar to Green’s:
b = Q2n〈k〉 · d
Q2n〈k〉 = Qk2n ⊗Qk2n−1 ⊗ . . .⊗Qk1
Q0 =
[
1 0
1 1
]
, Q1 =
[
0 1
1 1
]
where polarity number k refers to binary literals, i.e.
〈k〉10 = 〈k2n, k2n−1, . . . , k1〉2.
One can see that these equations are similar to the bi-
nary Reed-Muller expansions with the only exception that
the truth vector d is quaternary producing quaternary coeffi-
cient vector b. The computational cost of the direct method
is 9n−4n additions over GF(4) and no multiplications (mul-
tiplications over GF(2) are simple choice operations) ver-
sus 11n− 4n additions and 2 (11n − 5n) /3 multiplications
over GF(4) for the quaternary RM expansions. Moreover,
the optimisation techniques can be derived from the binary
Reed-Muller expansion methodology, e.g. [14, 15].
Example 1 For an arbitrary function F defined by
its truth vector d = [0B111BABAABA100A]t
pure quaternary expansions show the best polarity is
〈10〉10 = 〈AA〉4. The coefficient vector in this case is
a = [B0010BB0BAB0000A]t, and the quaternary RM
expansion takes the form:
Fq→q (x1, x2) = B + x¨31 +Bx¨1x¨2 +Bx¨
2
1x¨2 +Bx¨
2
2
+Ax¨1x¨22 +Bx¨
2
1x¨
2
2 +Ax¨
3
1x¨
3
2
where x¨1 = x1 + A and x¨2 = x2 + A are A-polarity
forms of the arguments x1, x2.
372
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
For the case of the quaternary function of binary
arguments the best polarity is 〈5〉10 = 〈0101〉2 producing
b = [0BAA00010A0A01A0]t, and the mixed radix RM
expansion takes the form:
Fb→q (y1, . . . , y4) = B +Ay1 +Ay1y2 + y1y3 +Ay2y3
+By4 +By1y4 +Ay2y4 +Ay3y4
+Ay1y2y3y4
3.2. Expansions of mixed radix arguments
Pure quaternary expansions and quaternary expansions
of binary arguments are the extremes of more general qua-
ternary expansions of mixed radix arguments (b, q → q) al-
lowing both binary and quaternary arguments within a sin-
gle circuit. Formally mixed radix arguments form a vector
Z =
[
z1 . . . zn
]t
where zi can be either the quater-
nary argument xi of the original function or a binary pair
[yi0, yi1] representing xi.
Definition 4 Argument radix number r of a mixed radix
RM expansion of n-variable quaternary function is a dec-
imal representation of a binary tuple 〈r〉10 = 〈rn . . . r1〉2
where ri is 0 if zi = xi, or 1 if zi = [yi0, yi1]. For pure
quaternary expansions r = 0; for quaternary expansions of
all binary arguments r = 2n − 1.
Defining equivalences between quaternary literals and
pairs of binary literals as xi ≡ [yi0, yi1], x˙i ≡ [yi0, yi1],
x¨i ≡ [yi0, yi1], xi ≡ [yi0, yi1] we can transform the
quaternary canonical form (1), p = 4, to the following:
fb,q→q (Z) =
4n−1∑
i=0
ei
 n∏
j=1
z˜
ij
j

where z˜ijj = x˜
ij
j for rj = 0; z˜
0
j = 1, z˜
1
j = y˜j0, z˜
2
j = y˜j1,
z˜3j = y˜j0y˜j1 for rj = 1.
The direct method to compute the coefficient vector
e =
[
e0 . . . e2n−1
]t
is applicable here in the form:
e = Sn〈k〉 · d
Sn〈k〉 = Skn ⊗ Skn−1 ⊗ . . .⊗ Sk1
Ski =
{
Wki , ri = 0
Q2〈ki〉, ri = 1
Exhaustive search through 2n argument radix numbers
and computing for each of them 4n fixed polarity expan-
sions is a task of a very high complexity. An efficient com-
putation for mixed radix argument RM expansions is a sub-
ject for future research. This article considers RM expan-
sions of fixed argument radices, either binary or quaternary.
4. Decomposition
For mapping the RM expansions to the gate level the tar-
get is to decompose the expressions into the operations of
multiplication (x · y), addition (x + y), multiplication by
a constant (cx), and addition to of a constant (x + c) over
GF(2) or GF(4), where x, y are 2-valued or 4-valued vari-
ables; c is a constant value. This section describes a number
of presented optimisation techniques related to the decom-
position.
Minimisation of terms The optimisation applied to the
decomposition process is a minimisation of RM expansion.
For the quaternary case a number of methods are proposed,
e.g. [16, 17]. The minimisation problem may also refer to
the factorisation. However, the factorisation is not applica-
ble to the described mixed radix circuits since it changes the
order of additions and multiplications overriding operation
radices. In our tool we used a first-order minimisation algo-
rithm which extracts repeating subterms and treats them as
temporary variables.
As can be observed from the example in Section 3, bi-
nary arguments produce larger number of terms, but the
same terms tend to appear more frequently than in the case
of pure quaternary thus having a greater potential for min-
imisation.
Propagation of binary radix Since GF(4) arithmetic op-
erations of binary arguments also produce binary results,
the target is to choose such a polarity and group terms in
such a way that GF(2) propagates as far as possible. Ac-
cording to the properties of GF(4), x3 = 1 for any non-
zero x thus clamping the result of this operation to the bi-
nary range. Consequently all cubic forms of the arguments
in quaternary RM expansions can use multiplications over
GF(2) instead of GF(4). Similarly if a binary term in binary-
to-quaternary sum of products is not multiplied by A or B it
can be used as a binary argument to the following addition.
This optimisation approach does not affect the circuit
structure, and it reduces area but not the energy consump-
tion because it attempts to remove unused paths from the
circuit, i.e. paths which never switch due to the properties
of the original function.
Search for the best expansion Typically the expansion
with the least number of non-zero terms is chosen as the
best one [7, 10]. This approach minimises the number of
additions in the resultant circuit but does not consider the
total number of additions and multiplications. The exact
number of operations is known only after the decomposi-
tion. Taking into account the proper values for switching
energy and area for these operations the synthesis tool can
search for the optimal solution with respect to the gate level
characteristics.
373
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
Table 1. Encoded quaternary values
value single-rail dual-rail 1-of-4
0 00 01 01 0001
1 01 01 10 0010
A 10 10 01 0100
B 11 10 10 1000
spacer (NULL) – 00 00 0000
However, for the large circuits the execution time can
be infeasible if we decompose expansions for all polari-
ties. Therefore the decomposition should be performed for
a smaller number of the best expansion candidates selected
using a simple criterion, e.g. the number of non-zero terms,
which still might be a rough estimation criterion.
5. Component implementations
Arithmetic components for GF(2) and GF(4) can be im-
plemented in different ways with respect to the selected en-
coding for binary and quaternary signals. Single-rail is a
typical binary representation of signals. However, the fo-
cus of the paper is switching balanced codes, in particular
1-of-2 (dual-rail) and 1-of-4. Dual-rail encodes binary val-
ues using 2 wires: 0 is encoded as 01, 1 as 10. 00 is a
spacer value. Quaternary values can be encoded as shown
in Table 1.
Generic approaches for m-of-n codes over Galois fields
are patented in [11]. Since the primary attribute of m-of-n
codes is a balanced switching, the components should also
display this feature. Ideally the form and size of power sig-
nature of the component should be symmetric with respect
to switching from a spacer to any data and vise versa. Usu-
ally this is made by introducing additional dummy-logic
paths. However for real life examples an ideal symmetry
is impossible, but the components can be “fully balanced”
with respect to the technology capabilities.
For example, consider a GF(2) multiplier. In single-rail
it can be represented with an ordinary AND gate while in
dual-rail it takes the form:
q0 = x0 + y0
q1 = x1y1
(4)
where {q0, q1} are wires of dual-rail encoded out-
put, {x0, x1} and {y0, y1} are wires of dual-rail encoded
operands x and y.
Mapping of the equation (4) into negative logic cells is
shown in Figure 3(a). Switching the input [x, y] from the
spacer value to [0, 0], [0, 1] and [1, 0] causes NOR gate to
fire. Switching from the spacer to [1, 1] fires NAND gate.
NAND and NOR gates have different switching energy val-
ues thus the component balancing is not good in this case.
(a) relaxed balancing (b) fully balanced
Figure 3. Negative logic implementation of
GF(2) multiplication in dual-rail
In order to balance it better we have to put additional logic
paths making the structure of the component symmetric
with respect to gates and input signals switching activity
as shown in Figure 3(b). In the spacer state all inputs are set
to low thus all outputs of 2-input NAND gates in the first
layer are set to high precharging NAND gates in the second
layer. Arrival of any data signal ([0, 0], [0, 1], [1, 0], or [1, 1])
causes exactly one gate from the first layer to fire. This will
produce only one 0 signal to the second layer switching one
of the 3-input NANDs. Addition of constant inputs to cer-
tain gates guarantees that all gates in each layer are equal.
Although there are certain unavoidable aspects of the
technology such as transistor level asymmetry which intro-
duce little disbalance even to this design, an implementa-
tion is acceptable if it fits the requirements of the security
standard [18]. For the same reason the structure shown in
Figure 3(a) might also be sufficient since the difference in
swithing energy is not large. This implies the approach of
“relaxed” balancing when the security is slightly compro-
mised for significant power and area gains.
For the exact implementations of other GF components
the reader may refer to [19]. In our examples we used
AMS C35 (0.35µm) library. Energy and area estimations
of the components are shown in Table 2. These values are
based on the RTL library specification.
6. Benchmark results
Approaches described in Sections 3.1, 4, and 5 are im-
plemented in a tool which allows us to synthesise circuits
using quaternary and binary-to-quaternary RM expansions.
Component characteristics from Table 2 were used to find
best polarities and to compute circuit characteristics. The
precise evaluation requires placement and routing to be
374
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
Table 3. Synthesis results
AES S-box Kasumi S7 Misty S7 Misty S9
logic expansion num switch total num switch total num switch total num switch total
balancing radix of energy area of energy area of energy area of energy area
op-s pJ µm2 op-s pJ µm2 op-s pJ µm2 op-s pJ µm2
binary 2229 839.28 553826 169 63.69 41710 167 62.88 41494 177 66.39 45238
relaxed mixed 1528 618.12 1066396 147 58.80 89682 155 61.95 95830 165 66.18 110542
q-ry 1640 661.83 1616841 417 168.00 414266 383 154.68 386018 533 215.55 541449
binary 2229 839.28 779778 169 63.69 59190 167 62.88 58422 177 66.39 61614
full mixed 1528 618.12 1210652 147 58.80 104402 155 61.95 110734 165 66.18 124894
q-ry 1640 1026.99 2386231 417 267.96 627038 367 225.90 540268 533 331.89 789087
DES S-box 1 DES S-box 2 DES S-box 3 DES S-box 4
logic expansion num switch total num switch total num switch total num switch total
balancing radix of energy area of energy area of energy area of energy area
op-s pJ µm2 op-s pJ µm2 op-s pJ µm2 op-s pJ µm2
binary 237 89.37 58230 173 65.07 43326 165 62.34 39946 226 85.14 55932
relaxed mixed 186 75.42 135804 133 53.85 94298 163 65.61 101882 176 71.31 126550
q-ry 174 70.08 167572 161 64.86 154912 168 67.77 163804 181 72.99 175218
binary 237 89.37 83070 173 65.07 60438 165 62.34 57978 226 85.14 79116
full mixed 186 75.42 152364 133 53.85 106626 163 65.61 119362 176 71.31 142558
q-ry 174 109.92 251004 161 100.56 230282 168 104.94 241724 181 112.98 258798
Table 2. Switching energy and area for GF
components
GF(2) GF(4)
parameter dual-rail 1-of-4
+ ×* × + ×* ×
max sw. en., pJ 0.36 0.39 0.39 0.42 0.39 0.81
area, µm2 330 182 366 1244 805 1699
* relaxed balancing
made, however it is a rather complex task. Currently we
intend to use more generic evaluation.
Various S-boxes (DES, AES [20], Kasumi [21] and
MISTY [22]) were chosen as typical examples of security
circuits. They were synthesised in pure quaternary, pure bi-
nary, and binary-to-quaternary radix domains and mapped
into fully balanced and relaxed components. The results
are shown in Table 3. The switching energy parameter is
a sum of switching energies of gates, and it does not con-
sider the switching of wires. Since the encoding scheme
restricts switching to one wire per data signal, the number
of operations can be used to estimate the switching activity
of intercomponent wires.
As can be observed from the examples, operations over
GF(4) show considerable area overhead comparing to their
GF(2) counterparts. The explanation can be as follows. The
decomposition of quaternary operations to binary gates pro-
duces certain overhead while binary operations use the same
radix domain as their gate level implementations. The qua-
ternary domain logic might be used instead, for example
n-valued dynamic logic [23], but this type of technology is
not applicable for security.
In terms of power the results show variable efficiency for
all radices. Kasumi and MISTY S-boxes are efficient in bi-
nary, DES S-Box 1 is good in quaternary. AES S-box shows
the best results for mixed radix approach: the synthesised
mixed radix circuit consume 26% less energy than the bi-
nary and occupy 34% less area than quaternary. This effect
is related with the properties of the implemented function,
and it appears impossible to analyse the efficiency of partic-
ular radix apriori, before the circuit is synthesised.
7. Conclusions
The method of generalising quaternary fixed polarity
Reed-Muller expansions to the quaternary expansions of bi-
nary and mixed radix arguments is proposed. This type of
expansions can be used to synthesise logic optimised with
respect to exact parameter values of gate level components.
Possible gate level mapping optimisation approaches, such
as binary radix propagation, minimisation and implementa-
tion aware search of the best polarity, are also described.
The efficiency of the circuit depends on its function prop-
erties in relation to Galois field arithmetic. Benchmark re-
375
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
sults show improvement of up to 26% in switching energy
and up to 84% in total area for mixed radix circuits over
uniform radix, but in general the results may vary signifi-
cantly. Nevertheless, binary-to-quaternary RM expansions
are good for trade-off between hardware parameter costs
and definitely should be considered as a possible synthesis
technique.
To improve the runtime of the developed tool we need to
apply more efficient algorithms for RM expansion compu-
tations and optimise the decomposition algorithm. An ef-
ficient methodology to compute the general case of mixed
radix argument expansions is also a subject of future work.
Acknowledgement: This work is supported by EPSRC
GR/F016786/1.
References
[1] P. Kocher, J. Jaffe, and B. Jun, “Introduction to differential
power analysis and related attacks,” 1998.
[2] A. Bystrov, D. Sokolov, A. Yakovlev, and A. Koelmans,
“Balancing power signature in secure systems,” in Proc. 14th
UK Asynchronous Forum, 2003.
[3] S. Moore, R. Anderson, P. Cunningham, R. Mullins, and
G. Taylor, “Improving smart card security using self-timed
circuits,” Proc. of Asynchronous Circuits and Systems,
pp. 211–218, 2002.
[4] W. Bainbridge, W. Toms, D. Edwards, and S. Furber, “Delay-
insensitive, point-to-point interconnect using m-of-n codes,”
in Proc. of ASYNC’03, 2003.
[5] B. Falkowski and S. Rahardja, “Efficient computation of
quaternary fixed polarity Reed-Muller expansions,” Comput-
ers and Digital Techniques, IEE Proc., vol. 142, pp. 345–
352, 1995.
[6] B. J. Falkowski and C. C. Lozano, “Quaternary fixed-polarity
Reed-Muller expansion computation through operations on
disjoint cubes and its comparison with other methods,” Com-
puters & Electrical Engineering, vol. 31, pp. 112–131, 2005.
[7] D. Green, “Reed-Muller expansions with fixed and mixed
polarities over GF(4),” in IEE Proc., Part E, vol. 137, 1990.
[8] D. Jankovic and R. S. Stankovic, “Efficient calculation of
fixed-polarity polynomial expressions for multiple-valued
logic functions,” in Proc. of ISMVL ’02, p. 76, IEEE Comp.
Soc., 2002.
[9] D. Jankovic, R. S. Stankovic, and C. Moraga, “Optimization
of GF(4) expressions using the extended dual polarity prop-
erty,” in Proc. of ISMVL ’03, p. 50, IEEE Comp. Soc., 2003.
[10] S. Rahardja and B. Falkowski, “Efficient algorithm to calcu-
late Reed-Muller expansions over GF(4),” Circuits, Devices
and Systems, IEE Proc., vol. 148, pp. 289–295, 2001.
[11] UK Patent No. 0719455.8, “Cryptographic processing and
processors.” Newcastle University.
[12] Z. Zilic and Z. Vranesic, “Current-mode CMOS Galois
field circuits,” in Proc. 23rd International Symp. on MVL,
pp. 245–250, 1993.
[13] T. C. Bartee and D. I. Schneider, Computation with Finite
Fields, vol. 6 of Inform. Contr. June 1963.
[14] S. Purwar, “An efficient method of computing generalized
Reed-Muller expansions from Binary Decision Diagram,”
IEEE Trans. Comput., vol. 40, no. 11, pp. 1298–1301, 1991.
[15] E. C. Tan and H. Yang, “Optimization of fixed-polarity Reed-
Muller circuits using dual-polarity property,” Circuits, sys-
tems, and signal processing, vol. 19, no. 6, pp. 535–548,
2000.
[16] S. Yanushkevich, D. Popel, V. Shmerko, V. Cheushev, and
R. Stankovic, “Information theoretic approach to minimiza-
tion of polynomial expressions over GF(4),” in Proc. of IS-
MVL ’00, p. 265, 2000.
[17] Y. Zhang and P. W. Rayner, “Minimisation of Reed-Muller
polynomials with fixed polarity,” IEE Proc., vol. 131,
pp. 177–186, 1984.
[18] “Federal information processing standards FIPS 140-3
(draft).” National Institute of Standards and Technology.
[19] A. Rafiev, J. Murphy, and A. Yakovlev, “RTL implementa-
tions of GF(2) and GF(4) arithmetic components,” tech. rep.,
Newcastle University, 2008.
[20] Specification for the Advanced Encryption Standard (AES),
Nov 26, 2001. Federal Information Processing Standards
Publication 197.
[21] 3GPP Technical Specification 35.202, 2001. v3.1.1.
[22] M. Matsui, “Block encryption MISTY.” Communications
Science and Techniques, ISEC96-11, 1996.
[23] Intrinsity, Inc., Technology White Papers, ch. 8: N-ary Cir-
cuits: Robust Gate Design. www.intrinsity.com, 2006.
376
Authorized licensed use limited to: Newcastle University. Downloaded on May 24,2010 at 13:01:13 UTC from IEEE Xplore.  Restrictions apply. 
