Efficient Bit-parallel Multiplication with Subquadratic Space Complexity in Binary Extension Field

Bit-parallel multiplication in GF(2^n) with subquadratic space complexity has been explored in recent years due to its lower area cost compared with traditional parallel multiplications. Based on \u27divide and conquer\u27 technique, several algorithms have been proposed to build subquadratic space complexity multipliers. Among them, Karatsuba algorithm and its generalizations are most often used to construct multiplication architectures with significantly improved efficiency. However, recursively using one type of Karatsuba formula may not result in an optimal structure for many finite fields. It has been shown that improvements on multiplier complexity can be achieved by using a combination of several methods. After completion of a detailed study of existing subquadratic multipliers, this thesis has proposed a new algorithm to find the best combination of selected methods through comprehensive search for constructing polynomial multiplication over GF(2^n). Using this algorithm, ameliorated architectures with shortened critical path or reduced gates cost will be obtained for the given value of n, where n is in the range of [126, 600] reflecting the key size for current cryptographic applications. With different input constraints the proposed algorithm can also yield subquadratic space multiplier architectures optimized for trade-offs between space and time. Optimized multiplication architectures over NIST recommended fields generated from the proposed algorithm are presented and analyzed in detail. Compared with existing works with subquadratic space complexity, the proposed architectures are highly modular and have improved efficiency on space or time complexity. Finally generalization of the proposed algorithm to be suitable for much larger size of fields discussed

Trade-Off Approach for GHASH Computation Based on a Block-Merging Strategy

In the Galois counter mode (GCM) of encryption an authentication tag is computed with a sequence of multiplications and additions in F 2 m. In this paper we focus on multiply-and-add architecture with a suquadratic space complexity multiplier in F 2 m. We propose a recom-bination of the architecture of P. Patel (Master Thesis, U. Waterloo, ON. Canada, 2008) which is based on a subquadratic space complexity Toeplitz matrix vector product. We merge some blocks of the recombined architecture in order to reduce the critical path delay. We obtain an architecture with a subquadratic space complexity of O(log 2 (m)m log 2 (m)) and a reduced delay of (1.59 log 2 (m) + log 2 (δ))D X + D A where δ is a small constant. To the best of our knowledge, this is the first multiply-and-add architecture with subquadratic space complexity and delay smaller than 2 log 2 (m)D X

Multiplication in Finite Fields and Elliptic Curves

La cryptographie à clef publique permet de s'échanger des clefs de façon distante, d'effectuer des signatures électroniques, de s'authentifier à distance, etc. Dans cette thèse d'HDR nous allons présenter quelques contributions concernant l'implantation sûre et efficace de protocoles cryptographiques basés sur les courbes elliptiques. L'opération de base effectuée dans ces protocoles est la multiplication scalaire d'un point de la courbe. Chaque multiplication scalaire nécessite plusieurs milliers d'opérations dans un corps fini.Dans la première partie du manuscrit nous nous intéressons à la multiplication dans les corps finis car c'est l'opération la plus coûteuse et la plus utilisée. Nous présentons d'abord des contributions sur les multiplieurs parallèles dans les corps binaires. Un premier résultat concerne l'approche sous-quadratique dans une base normale optimale de type 2. Plus précisément, nous améliorons un multiplieur basé sur un produit de matrice de Toeplitz avec un vecteur en utilisant une recombinaison des blocs qui supprime certains calculs redondants. Nous présentons aussi un multiplieur pous les corps binaires basé sur une extension d'une optimisation de la multiplication polynomiale de Karatsuba.Ensuite nous présentons des résultats concernant la multiplication dans un corps premier. Nous présentons en particulier une approche de type Montgomery pour la multiplication dans une base adaptée à l'arithmétique modulaire. Cette approche cible la multiplication modulo un premier aléatoire. Nous présentons alors une méthode pour la multiplication dans des corps utilisés dans la cryptographie sur les couplages : les extensions de petits degrés d'un corps premier aléatoire. Cette méthode utilise une base adaptée engendrée par une racine de l'unité facilitant la multiplication polynomiale basée sur la FFT. Dans la dernière partie de cette thèse d'HDR nous nous intéressons à des résultats qui concernent la multiplication scalaire sur les courbes elliptiques. Nous présentons une parallélisation de l'échelle binaire de Montgomery dans le cas de E(GF(2^n)). Nous survolons aussi quelques contributions sur des formules de division par 3 dans E(GF(3^n)) et une parallélisation de type (third,triple)-and-add. Dans le dernier chapitre nous développons quelques directions de recherches futures. Nous discutons d'abord de possibles extensions des travaux faits sur les corps binaires. Nous présentons aussi des axes de recherche liés à la randomisation de l'arithmétique qui permet une protection contre les attaques matérielles

Parallel Multiplier Designs for the Galois/Counter Mode of Operation

The Galois/Counter Mode of Operation (GCM), recently standardized by NIST, simultaneously authenticates and encrypts data at speeds not previously possible for both software and hardware implementations. In GCM, data integrity is achieved by chaining Galois field multiplication operations while a symmetric key block cipher such as the Advanced Encryption Standard (AES), is used to meet goals of confidentiality. Area optimization in a number of proposed high throughput GCM designs have been approached through implementing efficient composite Sboxes for AES. Not as much work has been done in reducing area requirements of the Galois multiplication operation in the GCM which consists of up to 30% of the overall area using a bruteforce approach. Current pipelined implementations of GCM also have large key change latencies which potentially reduce the average throughput expected under traditional internet traffic conditions. This thesis aims to address these issues by presenting area efficient parallel multiplier designs for the GCM and provide an approach for achieving low latency key changes. The widely known Karatsuba parallel multiplier (KA) and the recently proposed Fan-Hasan multiplier (FH) were designed for the GCM and implemented on ASIC and FPGA architectures. This is the first time these multipliers have been compared with a practical implementation, and the FH multiplier showed note worthy improvements over the KA multiplier in terms of delay with similar area requirements. Using the composite Sbox, ASIC designs of GCM implemented with subquadratic multipliers are shown to have an area savings of up to 18%, without affecting the throughput, against designs using the brute force Mastrovito multiplier. For low delay LUT Sbox designs in GCM, although the subquadratic multipliers are a part of the critical path, implementations with the FH multiplier showed the highest efficiency in terms of area resources and throughput over all other designs. FPGA results similarly showed a significant reduction in the number of slices using subquadratic multipliers, and the highest throughput to date for FPGA implementations of GCM was also achieved. The proposed reduced latency key change design, which supports all key types of AES, showed a 20% improvement in average throughput over other GCM designs that do not use the same techniques. The GCM implementations provided in this thesis provide some of the most area efficient, yet high throughput designs to date

GF(2^n) redundant representation using matrix embedding

By embedding a Toeplitz matrix-vector product (MVP) of dimension $n$ into a circulant MVP of dimension $N=2n+\delta -1$, where $\delta$ can be any nonnegative integer, we present a $GF(2^n)$ multiplication algorithm. This algorithm leads to a new redundant representation, and it has two merits: 1. The flexible choices of $\delta$ make it possible to select a proper $N$ such that the multiplication operation in ring $GF(2)[x]/(x^N+1$) can be performed using some asymptotically faster algorithms, e.g. the Fast Fourier Transformation (FFT)-based multiplication algorithm; 2. The redundant degrees, which are defined as $N/n$, are smaller than those of most previous $GF(2^n)$ redundant representations, and in fact they are approximately equal to 2 for all applicable cases

On Large Polynomial Multiplication in Certain Rings

Multiplication of polynomials with large integer coefficients and very high degree is used in cryptography. Residue number system (RNS) helps distribute a very large integer over a set of smaller integers, which makes the computations faster. In this thesis, multiplication of polynomials in ring Z_p/(x^n + 1) where n is a power of two is analyzed using the Schoolbook method, Karatsuba algorithm, Toeplitz matrix vector product (TMVP) method and Number Theoretic Transform (NTT) method. All coefficients are residues of p which is a 30-bit integer that has been selected from the set of 30-bit moduli for RNS in NFLlib. NTT has a computational complexity of O(n log n) and hence, it has the best performance among all these methods for the multiplication of large polynomials. NTT method limits applications in ring Z_p/(x^n + 1). This restricts size of the polynomials to only powers of two. We consider multiplication in other cyclotomic rings using TMVP method which has a subquadratic complexity of O(n log_2 3). An attempt is made to improve the performance of TMVP method by designing a hybrid method that switches to schoolbook method when n reaches a certain low value. It is first implemented in Zp/(x^n + 1) to improve the performance of TMVP for large polynomials. This method performs almost as good as NTT for polynomials of size 2^(10). TMVP method is then exploited to design multipliers in other rings Z_p/Φ_k where Φ_k is a cyclotomic trinomial. Similar hybrid designs are analyzed to improve performance in the trinomial rings. This allows a wider range of polynomials in terms of size to work with and helps avoid unnecessary use of larger key size that might slow down computations

Efficient and Low-complexity Hardware Architecture of Gaussian Normal Basis Multiplication over GF(2m) for Elliptic Curve Cryptosystems

In this paper an efficient high-speed architecture of Gaussian normal basis multiplier over binary finite field GF(2m) is presented. The structure is constructed by using regular modules for computation of exponentiation by powers of 2 and low-cost blocks for multiplication by normal elements of the binary field. Since the exponents are powers of 2, the modules are implemented by some simple cyclic shifts in the normal basis representation. As a result, the multiplier has a simple structure with a low critical path delay. The efficiency of the proposed structure is studied in terms of area and time complexity by using its implementation on Vertix-4 FPGA family and also its ASIC design in 180nm CMOS technology. Comparison results with other structures of the Gaussian normal basis multiplier verify that the proposed architecture has better performance in terms of speed and hardware utilization

A new approach in building parallel finite field multipliers

A new method for building bit-parallel polynomial basis finite field multipliers is proposed in this thesis. Among the different approaches to build such multipliers, Mastrovito multipliers based on a trinomial, an all-one-polynomial, or an equally-spacedpolynomial have the lowest complexities. The next best in this category is a conventional multiplier based on a pentanomial. Any newly presented method should have complexity results which are at least better than those of a pentanomial based multiplier. By applying our method to certain classes of finite fields we have gained a space complexity as n2 + H - 4 and a time complexity as TA + ([ log2(n-l) ]+3)rx which are better than the lowest space and time complexities of a pentanomial based multiplier found in literature. Therefore this multiplier can serve as an alternative in those finite fields in which no trinomial, all-one-polynomial or equally-spaced-polynomial exists

On Efficient Polynomial Multiplication and Its Impact on Curve based Cryptosystems

Secure communication is critical to many applications. To this end, various security goals can be achieved using elliptic/hyperelliptic curve and pairing based cryptography. Polynomial multiplication is used in the underlying operations of these protocols. Therefore, as part of this thesis different recursive algorithms are studied; these algorithms include Karatsuba, Toom, and Bernstein. In this thesis, we investigate algorithms and implementation techniques to improve the performance of the cryptographic protocols. Common factors present in explicit formulae in elliptic curves operations are utilized such that two multiplications are replaced by a single multiplication in a higher field. Moreover, we utilize the idea based on common factor used in elliptic curves and generate new explicit formulae for hyperelliptic curves and pairing. In the case of hyperelliptic curves, the common factor method is applied to the fastest known even characteristic hyperelliptic curve operations, i.e. divisor addition and divisor doubling. Similarly, in pairing we observe the presence of common factors inside the Miller loop of Eta pairing and the theoretical results show significant improvement when applying the idea based on common factor method. This has a great advantage for applications that require higher speed