Trade-Off Approach for GHASH Computation Based on a Block-Merging Strategy

In the Galois counter mode (GCM) of encryption an authentication tag is computed with a sequence of multiplications and additions in F 2 m. In this paper we focus on multiply-and-add architecture with a suquadratic space complexity multiplier in F 2 m. We propose a recom-bination of the architecture of P. Patel (Master Thesis, U. Waterloo, ON. Canada, 2008) which is based on a subquadratic space complexity Toeplitz matrix vector product. We merge some blocks of the recombined architecture in order to reduce the critical path delay. We obtain an architecture with a subquadratic space complexity of O(log 2 (m)m log 2 (m)) and a reduced delay of (1.59 log 2 (m) + log 2 (δ))D X + D A where δ is a small constant. To the best of our knowledge, this is the first multiply-and-add architecture with subquadratic space complexity and delay smaller than 2 log 2 (m)D X