Minimal weight digit set conversions

Copyright © 2004 IEEEWe consider the problem of recoding a number to minimize the number of nonzero digits in its representation, that is, to minimize the weight of the representation. A general sliding window scheme is described that extends minimal binary sliding window conversion to arbitrary radix and to encompass signed digit sets. This new conversion expresses a number of known recoding techniques as special cases. Proof that this scheme achieves minimal weight for a given digit set is provided and results concerning the theoretical average and worst-case weight are derived.Braden Phillips and Neil Burges

An Efficient Montgomery Exponentiation Algorithm for Cryptographic Applications

n/

The set theory of arithmetic decomposition

Journal ArticleThe Set Theory of Arithmetic Decomposition is a method for designing complex addition/ subtraction circuits at any radix using strictly positional, sign-local number systems. The specification of an addition circuit is simply an equation that describes the inputs and the outputs as weighted digit sets. Design is done by applying a set of rewrite rules known as decomposition operators to the equation. The order in which and weight at which each operator is applied maps directly to a physical implementation, including both multiple-level logic and connectivity. The method is readily automated and has been used to design some higher radix arithmetic circuits. It is possible to compute the cost of a given adder before the detailed design is complete

New minimal weight representations for left-to-right window methods

Abstract. For an integer w ≥ 2, a radix 2 representation is called a width-w nonadjacent form (w-NAF, for short) if each nonzero digit is an odd integer with absolute value less than 2 w−1, and of any w consecutive digits, at most one is nonzero. In elliptic curve cryptography, the w-NAF window method is used to efficiently compute nP where n is an integer and P is an elliptic curve point. We introduce a new family of radix 2 representations which use the same digits as the w-NAF but have the advantage that they result in a window method which uses less memory. This memory savings results from the fact that these new representations can be deduced using a very simple left-to-right algorithm. Further, we show that like the w-NAF, these new representations have a minimal number of nonzero digits. 1 Window Methods An operation fundamental to elliptic curve cryptography is scalar multiplication; that is, computing nP for an integer, n, and an elliptic curve point, P. A number of different algorithms have been proposed to perform this operation efficiently (see Ch. 3 of [4] for a recent survey). A variety of these algorithms, known as window methods, use the approach described in Algorithm 1.1. For example, suppose D = {0, 1, 3, 5, 7}. Using this digit set, Algorithm 1.1 first computes and stores P, 3P, 5P and 7P. After a D-radix 2 representation of n is computed its digits are read from left to right by the “for ” loop and nP is computed using doubling and addition operations (and no subtractions). One way to compute a D-radix 2 representation of n is to slide a 3-digit window from right to left across the {0, 1}-radix 2 representation of n (see Section 4). Using negative digits takes advantage of the fact that subtracting an elliptic curve point can be done just as efficiently as adding it. Suppose now that D

Radix-2r Arithmetic for Multiplication by a Constant.

International audienceIn this paper, radix-2r arithmetic is explored to minimize the number of additions in the multiplication by a constant. We provide the formal proof that for an N-bit constant, the maximum number of additions using radix-2r is lower than Dimitrov's estimated upper-bound (2.N/log(N)) using double base number system (DBNS). In comparison to canonical signed digit (CSD) and DBNS, the new radix-2r recoding requires an average of 23.12% and 3.07% less additions for 64-bit constant, respectively

Design and implementation of high-radix arithmetic systems based on the SDNR/RNS data representation

This project involved the design and implementation of high-radix arithmetic systems based on the hybrid SDNRIRNS data representation. Some real-time applications require a real-time arithmetic system. An SDNR/RNS arithmetic system provides parallel, real-time processing. The advantages and disadvantages of high-radix SDNR/RNS arithmetic, and the feasibility of implementing SDNR/RNS arithmetic systems in CMOS VLSI technology, were investigated in this project. A common methodological model, which included the stages of analysis, design, implementation, testing, and simulation, was followed. The combination of the SDNR and RNS transforms potential complex logic networks into simpler logic blocks. It was found that when constructing a SDNRIRNS adder, factors such as the radix, digit set, and moduli must be taken into account. There are many avenues still to explore. For example, implementing other arithmetic systems in the same CMOS VLSI technology used in this project and comparing them to equivalent SDNR/RNS systems would provide a set of benchmarks. These benchmarks would be useful in addressing issues relating to relative performance

Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA Signature Verification

We consider the task of computing power products $\prod_{1 \leq i \leq k} g_i^{e_i}$ ( multi-exponentiation ) where base elements $g_2, ..., g_k$ are fixed while $g_1$ is variable between multi-exponentiations but may repeat, and where the exponents are bounded (e.g., in a finite group). We present a new technique that entails two different ways of computing such a result. The first way applies to the first occurrence of any $g_1$ where, besides obtaining the actual result, we create a cache entry based on $g_1$, investing very little memory or time overhead. The second way applies to any multi-exponentiation once such a cache entry exists for the $g_1$ in question: the cache entry provides for a significant speed-up. Our technique is useful for ECDSA or DSA signature verification with common domain parameters and recurring signers

New Representation Method For Integers And Its Application On Elliptic Curve Cryptography

Public-key cryptosystems are broadly used in security protocols such as key agreement, authentication, encryption and others. The two main operations in many public-key algorithms are multiplication and exponentiation of large numbers. The performance and efficiency of these cryptographic primitives are highly reliant on the efficiency of these operations. Improving the efficiency of multiplication and exponentiation by applying a recoding method or using a specific number system which can reduction the Hamming Weight of numbers is very common. This study proposes a new Radix-r representation for integers which is known as Modified Generalized Non-Adjacent Form (MGNAF)

Multiplierless CSD techniques for high performance FPGA implementation of digital filters.

I leverage FastCSD to develop a new, high performance iterative multiplierless structure based on a novel real-time CSD recoding, so that more zero partial products are introduced. Up to 66.7% zero partial products occur compared to 50% in the traditional modified Booth's recoding. Also, this structure reduces the non-zero partial products to a minimum. As a result, the number of arithmetic operations in the carry-save structure is reduced. Thus, an overall speed-up, as well as low-power consumption can be achieved. Furthermore, because the proposed structure involves real time CSD recoding and does not require a fixed value for the multiplier input to be known a priori, the proposed multiplier can be applied to implement digital filters with non-fixed filter coefficients, such as adaptive filters.My work is based on a dramatic new technique for converting between 2's complement and CSD number systems, and results in high-performance structures that are particularly effective for implementing adaptive systems in reconfigurable logic.My research focus is on two key ideas for improving DSP performance: (1) Develop new high performance, efficient shift-add techniques ("multiplierless") to implement the multiply-add operations without the need for a traditional multiplier structure. (2) There is a growing trend toward design prototyping and even production in FPGAs as opposed to dedicated DSP processors or ASICs; leverage this trend synergistically with the new multiplierless structures to improve performance.Implementation of digital signal processing (DSP) algorithms in hardware, such as field programmable gate arrays (FPGAs), requires a large number of multipliers. Fast, low area multiply-adds have become critical in modern commercial and military DSP applications. In many contemporary real-time DSP and multimedia applications, system performance is severely impacted by the limitations of currently available speed, energy efficiency, and area requirement of an onboard silicon multiplier.I also introduce a new multi-input Canonical Signed Digit (CSD) multiplier unit, which requires fewer shift/add/subtract operations and reduced CSD number conversion overhead compared to existing techniques. This results in reduced power consumption and area requirements in the hardware implementation of DSP algorithms. Furthermore, because all the products are produced simultaneously, the multiplication speed and thus the throughput are improved. The multi-input multiplier unit is applied to implement digital filters with non-fixed filter coefficients, such as adaptive filters. The implementation cost of these digital filters can be further reduced by limiting the wordlength of the input signal with little or no sacrifice to the filter performance, which is confirmed by my simulation results. The proposed multiplier unit can also be applied to other DSP algorithms, such as digital filter banks or matrix and vector multiplications.Finally, the tradeoff between filter order and coefficient length in the design and implementation of high-performance filters in Field Programmable Gate Arrays (FPGAs) is discussed. Non-minimum order FIR filters are designed for implementation using Canonical Signed Digit (CSD) multiplierless implementation techniques. By increasing the filter order, the length of the coefficients can be decreased without reducing the filter performance. Thus, an overall hardware savings can be achieved.Adaptive system implementations require real-time conversion of coefficients to Canonical Signed Digit (CSD) or similar representations to benefit from multiplierless techniques for implementing filters. Multiplierless approaches are used to reduce the hardware and increase the throughput. This dissertation introduces the first non-iterative hardware algorithm to convert 2's complement numbers to their CSD representations (FastCSD) using a fixed number of shift and logic operations. As a result, the power consumption and area requirements required for hardware implementation of DSP algorithms in which the coefficients are not known a priori can be greatly reduced. Because all CSD digits are produced simultaneously, the conversion speed and thus the throughput are improved when compared to overlap-and-scan techniques such as Booth's recoding

Minimal Weight and Colexicographically Minimal Integer Representations

Redundant number systems (e.g. signed binary representations) have been utilized to efficiently implement algebraic operations required by public-key cryptosystems, especially those based on elliptic curves. Several families of integer representations have been proposed that have a minimal number of nonzero digits (so-called \emph{minimal weight} representations). We observe that many of the constructions for minimal weight representations actually work by building representations which are minimal in another sense. For a given set of digits, these constructions build \emph{colexicographically minimal} representations; that is, they build representations where each nonzero digit is positioned as far left (toward the most significant digit) as possible. We utilize this strategy in a new algorithm which constructs a very general family of minimal weight dimension-$d$ \emph{joint} representations for any $d \geq 1$. The digits we use are from the set \{a \in \ZZ: \ell \leq a \leq u\} where $\ell \leq 0$ and $u \geq 1$ are integers. By selecting particular values of $\ell$ and $u$, it is easily seen that our algorithm generalizes many of the minimal weight representations previously described in the literature. From our algorithm, we obtain a syntactical description of a particular family of dimension-$d$ joint representations; any representation which obeys this syntax must be both colexicographically minimal and have minimal weight; moreover, every vector of integers has exactly one representation that satisfies this syntax. We utilize this syntax in a combinatorial analysis of the weight of the representations