DOCSLIB.ORG

Study of Extended Euclidean and Itoh-Tsujii Algorithms in GF(2 M)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Study of Extended Euclidean and Itoh-Tsujii Algorithms in GF (2m) using polynomial bases by Fan Zhou B.Eng., Zhejiang University, 2013 A Report Submitted in Partial Fulfillment of the Requirements for the Degree of MASTER OF ENGINEERING in the Department of Electrical and Computer Engineering c Fan Zhou, 2018 University of Victoria All rights reserved. This report may not be reproduced in whole or in part, by photocopying or other means, without the permission of the author. ii Study of Extended Euclidean and Itoh-Tsujii Algorithms in GF (2m) using polynomial bases by Fan Zhou B.Eng., Zhejiang University, 2013 Supervisory Committee Dr. Fayez Gebali, Supervisor (Department of Electrical and Computer Engineering) Dr. Watheq El-Kharashi, Departmental Member (Department of Electrical and Computer Engineering) iii ABSTRACT Finite field arithmetic is important for the field of information security. The inversion operation consumes most of the time and resources among all finite field arithmetic operations. In this report, two main classes of algorithms for inversion are studied. The first class of inverters is Extended Euclidean based inverters. Extended Euclidean Algorithm is an extension of Euclidean algorithm that computes the greatest common divisor. The other class of inverters is based on Fermat's little theorem. This class of inverters is also called multiplicative based inverters, because, in these algorithms, the inversion is performed by a sequence of multiplication and squaring. This report represents a literature review of inversion algorithm and implements a multiplicative based inverter and an Extended Euclidean based inverter in MATLAB. The experi- mental results show that inverters based on Extended Euclidean Algorithm are more efficient than inverters based on Fermat's little theorem. iv Contents Supervisory Committee ii Abstract iii Table of Contents iv List of Tables vi List of Figures vii List of Acronyms viii Acknowledgements ix Dedication x 1 Introduction 1 1.1 Background . 1 1.2 Preliminaries: Binary Finite Field Arithmetic . 2 1.3 Related Work . 4 1.4 Project Contributions . 5 1.5 Report Organization . 5 2 Extended Euclidean algorithm 6 2.1 Extended Euclidean algorithm . 6 2.2 An example of Extended Euclidean algorithm . 9 3 Itoh-Tsujii algorithm 11 3.1 Inversion based on Fermat's little theorem . 11 3.2 Itoh-Tsujii algorithm . 12 3.3 An example of Itoh-Tsujii algorithm . 15 v 4 MATLAB Implementation 17 4.1 MATLAB results . 17 4.2 Analysis and comparison . 18 5 Conclusion 20 Appendix A 22 Bibliography 26 vi List of Tables Table 2.1 An example of binary polynomial division . 8 Table 2.2 An example of EEA . 10 Table 3.1 Inverse of a 2 GF (2233) using an addition chain [1] . 15 Table 4.1 Execution time of EEA and Itoh-Tsujii Algorithms on a quad- core processor . 18 Table 4.2 Execution time of EEA and Itoh-Tsujii Algorithms on a dual-core processor . 18 vii List of Figures Figure 1.1 ECC Arithmetic Architecture . 2 Figure 3.1 Flowchart of Itoh-Tsujii Algorithm . 14 viii List of Acronyms EEA Extended Euclidean Algorithm ECC Elliptic Curve Cryptography FLT Fermat's Little Theorem GCD Greatest Common Divisor SM scalar multiplication VLSI Very Large Scale Integration ix ACKNOWLEDGEMENTS I would like to thank my supervisor Dr. Gebali, who provided my valuable gudance and advice throughout my graduate study. Besides my supervisor, I would like to thank Ibrahim Hazmi for helping me improve my project. My gratitude also goes to my parents and my roommate who constantly support me when I am in need. x DEDICATION To my parents Chapter 1 Introduction 1.1 Background Elliptic Curve Cryptography (ECC) is a public-key cryptosystem based on the alge- braic structure of elliptic curves over finite fields, which can be used to create faster and more efficient cryptographic schemes. The hierarchy of the computations involved in the implementation of ECC cryptosys- tems is in a pyramid of four levels of operations. Finite field or modular arithmetic is the foundation of the pyramid, as it is the basic building block of elliptic curve point addition and point doubling. Whereas the scalar multiplication (SM) is per- formed by repeating point addition and point doubling operations and is used by all ECC cryptographic protocols. Figure 1.1 illustrates the arithmetic architecture of SM computational processes. An elliptic curve E(K) over a field K is defined by an equation [2]: 2 3 2 y + a1xy + a3y = x + a2 x + a4x + a6 (1.1) where a1; a2; a3; a4; a6 2 K, and the discriminant of E is 4 6= 0. In the binary field, E(K) could be simplified as: 2 y3 + xy = x3 + ax2 + b (1.2) where a; b 2 K. Figure 1.1: ECC Arithmetic Architecture [3] 1.2 Preliminaries: Binary Finite Field Arithmetic The finite field GF (2m) of order 2m is called binary finite field. The element a(x) 2 GF (2m) can be expressed as a binary polynomial of degree m − 1 [2]: m−1 m−2 2 1 a(x) = am−1x + am−2x + ··· + a2x + a1x + a0 (1.3) where ai = 0 or 1. A polynomial f(x) of degree m is said to be irreducible in GF (2m) if there does not exist two polynomials g(x) and h(x) of lesser degree in GF (2m) such that f(x) = g(x)h(x). In polynomial arithmetic, as the coefficients ai of the polynomial can be either 0 or 1, an irreducible polynomial f(x) is used to reduce the result of any operation if its degree is greater than m − 1. For instance, the operations defined in field GF (25) are on an irreducible polynomial f(x) = x5 + x2 + 1. 3 Computing point multiplication requires point doubling and point addition, which can be implemented using four basic operations, namely, addition, subtraction, mul- tiplication and division. Addition and subtraction in binary fields can be achieved by adding or subtracting two of these polynomials together, and reducing the result modulo 2. For instance, m−1 1 m−1 1 let a(x) = am−1x + ··· + a1x + a0, b(x) = bm−1x + ··· + b1x + b0 and m−1 1 c(x) = a(x) + b(x) = cm−1x + ··· + c1x + c0. If ak, bk and ck are the coefficients of a(x), b(x) and c(x) respectively, then: ck = (ak + bk) mod 2 (1.4) The computational complexity of addition and subtraction in binary field is usually neglected. Multiplication in a finite field is multiplication modulo an irreducible polynomial. Let a(x) and b(x) be the elements of GF (2m) and let modular multiplication c(x) also be an element of the field. c(x) might be accomplished in two steps, by performing first a polynomial product of the two operands a(x) and b(x), followed by a modular reduction step using the irreducible polynomial f(x). Then, we have: c(x) = a(x) · b(x) mod f(x) (1.5) A great deal of work has been done in studying aspects of inversion in a finite field since inversion is the most time-consuming of the four basic operations. The inverse of a polynomial a(x) in GF (2m) is defined as the computation process to find a polynomial a−1(x) in GF (2m), such that: a(x) · a−1(x) mod f(x) = 1 (1.6) Inversion algorithms can be classified into two main categories, the Extended Eu- clidean Algorithm, and the Fermat's Little Theorem based algorithm. These two algorithms will be discussed in chapters 2 and 3. 4 1.3 Related Work Several algorithms for computing the Extended Euclidean based algorithms have been proposed in the literature [3-5]. In [4], a class of bit serial unidirectional systolic ar- chitectures for inversion and division in polynomial basis has been proposed. They also presented a variant of Extended Euclidean Algorithm (EEA) optimized for uni- directional systolization with no carry propagation structure. Also, in this design, a simpler distributed counter structure which is suitable for applications where the field dimension may be large or variable is introduced. Yan [5] presents two-dimensional systolic architectures for inversion based on a modified extended Euclidean algorithm. The new architecture uses a distributed control mechanism for a variety of field sizes and is suitable for Very Large Scale Integration (VLSI) implementation. In compari- son to similar architectures, their architectures have smaller critical path delays and use considerably fewer hardware costs. An optimized inversion algorithm that can be applied very well in hardware was proposed in [6]. A two-dimensional multipli- cation/inversion systolic architecture and a one-dimensional multiplication/inversion systolic architecture was implemented and can apply very well to an Elliptic Curve arithmetic unit required in elliptic curve cryptography. In terms of the Itoh-Tsujii inverse algorithm in GF (2m), Rebeiro [7] proposed a mod- ification of the Itoh-Tsujii algorithm called quad-Itoh-Tsujii algorithm which was implemented on field-programmable gate-array platforms. That adapted algorithm requires shorter addition chains and reduces the clock cycles significantly by using a parallel architecture. A modified Itoh-Tsujii algorithm algorithm for inversion with polynomial basis was proposed in [8]. An optimal addition chain was used for inver- sion to reduce the operation time by the parallel computation between part of mul- tiplications and squarings. Their inversion architecture with a digit serial multiplier experimentally obtained 61% timing improvement and 69% less resources on average than previous designs with normal basis. Another parallel version of the Itoh-Tsujii algorithm was proposed in [9]. It used a special class of irreducible trinomials, namely, P (x) = xm + xk + 1 to achieve its best performance. This special class of irreducible trinomials reduces the computation complexity and yields a 30% timing improvement on average compared to the standard version of it.
Recommended publications
  • Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography

    Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography

    Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography by Sel»cukBakt³r A Dissertation Submitted to the Faculty of the Worcester Polytechnic Institute in partial ful¯llment of the requirements for the Degree of Doctor of Philosophy in Electrical and Computer Engineering by April, 2008 Approved: Dr. Berk Sunar Dr. Stanley Selkow Dissertation Advisor Dissertation Committee ECE Department Computer Science Department Dr. Kaveh Pahlavan Dr. Fred J. Looft Dissertation Committee Department Head ECE Department ECE Department °c Copyright by Sel»cukBakt³r All rights reserved. April, 2008 i To my family; to my parents Ay»seand Mehmet Bakt³r, to my sisters Elif and Zeynep, and to my brothers Selim and O¸guz ii Abstract E±cient implementation of the number theoretic transform (NTT), also known as the discrete Fourier transform (DFT) over a ¯nite ¯eld, has been studied actively for decades and found many applications in digital signal processing. In 1971 SchÄonhageand Strassen proposed an NTT based asymptotically fast multiplication method with the asymptotic complexity O(m log m log log m) for multiplication of m-bit integers or (m ¡ 1)st degree polynomials. SchÄonhageand Strassen's algorithm was known to be the asymptotically fastest multipli- cation algorithm until FÄurerimproved upon it in 2007. However, unfortunately, both al- gorithms bear signi¯cant overhead due to the conversions between the time and frequency domains which makes them impractical for small operands, e.g. less than 1000 bits in length as used in many applications. With this work we investigate for the ¯rst time the practical application of the NTT, which found applications in digital signal processing, to ¯nite ¯eld multiplication with an emphasis on elliptic curve cryptography (ECC).
  • Fast Integer Division – a Differentiated Offering from C2000 Product Family

    Fast Integer Division – a Differentiated Offering from C2000 Product Family

    Application Report SPRACN6–July 2019 Fast Integer Division – A Differentiated Offering From C2000™ Product Family Prasanth Viswanathan Pillai, Himanshu Chaudhary, Aravindhan Karuppiah, Alex Tessarolo ABSTRACT This application report provides an overview of the different division and modulo (remainder) functions and its associated properties. Later, the document describes how the different division functions can be implemented using the C28x ISA and intrinsics supported by the compiler. Contents 1 Introduction ................................................................................................................... 2 2 Different Division Functions ................................................................................................ 2 3 Intrinsic Support Through TI C2000 Compiler ........................................................................... 4 4 Cycle Count................................................................................................................... 6 5 Summary...................................................................................................................... 6 6 References ................................................................................................................... 6 List of Figures 1 Truncated Division Function................................................................................................ 2 2 Floored Division Function................................................................................................... 3 3 Euclidean
  • Anthyphairesis, the ``Originary'' Core of the Concept of Fraction

    Anthyphairesis, the ``Originary'' Core of the Concept of Fraction

    Anthyphairesis, the “originary” core of the concept of fraction Paolo Longoni, Gianstefano Riva, Ernesto Rottoli To cite this version: Paolo Longoni, Gianstefano Riva, Ernesto Rottoli. Anthyphairesis, the “originary” core of the concept of fraction. History and Pedagogy of Mathematics, Jul 2016, Montpellier, France. hal-01349271 HAL Id: hal-01349271 https://hal.archives-ouvertes.fr/hal-01349271 Submitted on 27 Jul 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. ANTHYPHAIRESIS, THE “ORIGINARY” CORE OF THE CONCEPT OF FRACTION Paolo LONGONI, Gianstefano RIVA, Ernesto ROTTOLI Laboratorio didattico di matematica e filosofia. Presezzo, Bergamo, Italy [email protected] ABSTRACT In spite of efforts over decades, the results of teaching and learning fractions are not satisfactory. In response to this trouble, we have proposed a radical rethinking of the didactics of fractions, that begins with the third grade of primary school. In this presentation, we propose some historical reflections that underline the “originary” meaning of the concept of fraction. Our starting point is to retrace the anthyphairesis, in order to feel, at least partially, the “originary sensibility” that characterized the Pythagorean search. The walking step by step the concrete actions of this procedure of comparison of two homogeneous quantities, results in proposing that a process of mathematisation is the core of didactics of fractions.
  • Introduction to Abstract Algebra “Rings First”

    Introduction to Abstract Algebra “Rings First”

    Introduction to Abstract Algebra \Rings First" Bruno Benedetti University of Miami January 2020 Abstract The main purpose of these notes is to understand what Z; Q; R; C are, as well as their polynomial rings. Contents 0 Preliminaries 4 0.1 Injective and Surjective Functions..........................4 0.2 Natural numbers, induction, and Euclid's theorem.................6 0.3 The Euclidean Algorithm and Diophantine Equations............... 12 0.4 From Z and Q to R: The need for geometry..................... 18 0.5 Modular Arithmetics and Divisibility Criteria.................... 23 0.6 *Fermat's little theorem and decimal representation................ 28 0.7 Exercises........................................ 31 1 C-Rings, Fields and Domains 33 1.1 Invertible elements and Fields............................. 34 1.2 Zerodivisors and Domains............................... 36 1.3 Nilpotent elements and reduced C-rings....................... 39 1.4 *Gaussian Integers................................... 39 1.5 Exercises........................................ 41 2 Polynomials 43 2.1 Degree of a polynomial................................. 44 2.2 Euclidean division................................... 46 2.3 Complex conjugation.................................. 50 2.4 Symmetric Polynomials................................ 52 2.5 Exercises........................................ 56 3 Subrings, Homomorphisms, Ideals 57 3.1 Subrings......................................... 57 3.2 Homomorphisms.................................... 58 3.3 Ideals.........................................
  • A Binary Recursive Gcd Algorithm

    A Binary Recursive Gcd Algorithm

    A Binary Recursive Gcd Algorithm Damien Stehle´ and Paul Zimmermann LORIA/INRIA Lorraine, 615 rue du jardin botanique, BP 101, F-54602 Villers-l`es-Nancy, France, fstehle,[email protected] Abstract. The binary algorithm is a variant of the Euclidean algorithm that performs well in practice. We present a quasi-linear time recursive algorithm that computes the greatest common divisor of two integers by simulating a slightly modified version of the binary algorithm. The structure of our algorithm is very close to the one of the well-known Knuth-Sch¨onhage fast gcd algorithm; although it does not improve on its O(M(n) log n) complexity, the description and the proof of correctness are significantly simpler in our case. This leads to a simplification of the implementation and to better running times. 1 Introduction Gcd computation is a central task in computer algebra, in particular when com- puting over rational numbers or over modular integers. The well-known Eu- clidean algorithm solves this problem in time quadratic in the size n of the inputs. This algorithm has been extensively studied and analyzed over the past decades. We refer to the very complete average complexity analysis of Vall´ee for a large family of gcd algorithms, see [10]. The first quasi-linear algorithm for the integer gcd was proposed by Knuth in 1970, see [4]: he showed how to calculate the gcd of two n-bit integers in time O(n log5 n log log n). The complexity of this algorithm was improved by Sch¨onhage [6] to O(n log2 n log log n).
  • Acceleration of Finite Field Arithmetic with an Application to Reverse Engineering Genetic Networks

    Acceleration of Finite Field Arithmetic with an Application to Reverse Engineering Genetic Networks

    ACCELERATION OF FINITE FIELD ARITHMETIC WITH AN APPLICATION TO REVERSE ENGINEERING GENETIC NETWORKS by Edgar Ferrer Moreno A thesis submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY in COMPUTING AND INFORMATION SCIENCES AND ENGINEERING UNIVERSITY OF PUERTO RICO MAYAGÜEZ CAMPUS 2008 Approved by: ________________________________ __________________ Omar Colón, PhD Date Member, Graduate Committee ________________________________ __________________ Oscar Moreno, PhD Date Member, Graduate Committee ________________________________ __________________ Nayda Santiago, PhD Date Member, Graduate Committee ________________________________ __________________ Dorothy Bollman, PhD Date President, Graduate Committee ________________________________ __________________ Edusmildo Orozco, PhD Date Representative of Graduate Studies ________________________________ __________________ Néstor Rodríguez, PhD Date Chairperson of the Department Abstract Finite field arithmetic plays an important role in a wide range of applications. This research is originally motivated by an application of computational biology where genetic networks are modeled by means of finite fields. Nonetheless, this work has application in various research fields including digital signal processing, error correct- ing codes, Reed-Solomon encoders/decoders, elliptic curve cryptosystems, or compu- tational and algorithmic aspects of commutative algebra. We present a set of efficient algorithms for finite field arithmetic over GF (2m), which are implemented
  • A Casual Primer on Finite Fields

    A Casual Primer on Finite Fields

    A very brief introduction to finite fields Olivia Di Matteo December 10, 2015 1 What are they and how do I make one? Definition 1 (Finite fields). Let p be a prime number, and n ≥ 1 an integer. A finite field n n n of order p , denoted by Fpn or GF(p ), is a collection of p objects and two binary operations, addition and multiplication, such that the following properties hold: 1. The elements are closed under addition modulo p, 2. The elements are closed under multiplication modulo p, 3. For all non-zero elements, there exists a multiplicative inverse. 1.1 Prime dimensions Nothing much to see here. In prime dimension p, the finite field Fp is very simple: Fp = Zp = f0; 1; : : : ; p − 1g: (1) 1.2 Power of prime dimensions and field extensions Fields of prime-power dimension are constructed by extending a field of smaller order using a primitive polynomial. See section 2.1.2 in [1]. 1.2.1 Primitive polynomials Definition 2. Consider a polynomial n q(x) = a0 + a1x + ··· + anx ; (2) having degree n and coefficients ai 2 Fq. Such a polynomial is called monic if an = 1. Definition 3. A polynomial n q(x) = a0 + a1x + ··· + anx ; ai 2 Fq (3) is called irreducible if q(x) has positive degree, and q(x) = u(x)v(x); (4) 1 and either u(x) or v(x) a constant polynomial. In other words, the equation n q(x) = a0 + a1x + ··· + anx = 0 (5) has no solutions in the field Fq. Example 1 (Irreducible polynomial).
  • Numerical Stability of Euclidean Algorithm Over Ultrametric Fields

    Numerical Stability of Euclidean Algorithm Over Ultrametric Fields

    Xavier CARUSO Numerical stability of Euclidean algorithm over ultrametric fields Tome 29, no 2 (2017), p. 503-534. <http://jtnb.cedram.org/item?id=JTNB_2017__29_2_503_0> © Société Arithmétique de Bordeaux, 2017, tous droits réservés. L’accès aux articles de la revue « Journal de Théorie des Nom- bres de Bordeaux » (http://jtnb.cedram.org/), implique l’accord avec les conditions générales d’utilisation (http://jtnb.cedram. org/legal/). Toute reproduction en tout ou partie de cet article sous quelque forme que ce soit pour tout usage autre que l’utilisation à fin strictement personnelle du copiste est constitutive d’une infrac- tion pénale. Toute copie ou impression de ce fichier doit contenir la présente mention de copyright. cedram Article mis en ligne dans le cadre du Centre de diffusion des revues académiques de mathématiques http://www.cedram.org/ Journal de Théorie des Nombres de Bordeaux 29 (2017), 503–534 Numerical stability of Euclidean algorithm over ultrametric fields par Xavier CARUSO Résumé. Nous étudions le problème de la stabilité du calcul des résultants et sous-résultants des polynômes définis sur des an- neaux de valuation discrète complets (e.g. Zp ou k[[t]] où k est un corps). Nous démontrons que les algorithmes de type Euclide sont très instables en moyenne et, dans de nombreux cas, nous ex- pliquons comment les rendre stables sans dégrader la complexité. Chemin faisant, nous déterminons la loi de la valuation des sous- résultants de deux polynômes p-adiques aléatoires unitaires de même degré. Abstract. We address the problem of the stability of the com- putations of resultants and subresultants of polynomials defined over complete discrete valuation rings (e.g.
  • Type-II Optimal Polynomial Bases

    Type-II Optimal Polynomial Bases

    Type-II Optimal Polynomial Bases Daniel J. Bernstein1 and Tanja Lange2 1 Department of Computer Science (MC 152) University of Illinois at Chicago, Chicago, IL 60607{7053, USA [email protected] 2 Department of Mathematics and Computer Science Technische Universiteit Eindhoven, P.O. Box 513, 5600 MB Eindhoven, Netherlands [email protected] Abstract. In the 1990s and early 2000s several papers investigated the relative merits of polynomial-basis and normal-basis computations for F2n . Even for particularly squaring-friendly applications, such as implementations of Koblitz curves, normal bases fell behind in performance unless a type-I normal basis existed for F2n . In 2007 Shokrollahi proposed a new method of multiplying in a type-II normal basis. Shokrol- lahi's method efficiently transforms the normal-basis multiplication into a single multiplication of two size-(n + 1) polynomials. This paper speeds up Shokrollahi's method in several ways. It first presents a simpler algorithm that uses only size-n polynomials. It then explains how to reduce the transformation cost by dynamically switching to a `type-II optimal polynomial basis' and by using a new reduction strategy for multiplications that produce output in type-II polynomial basis. As an illustration of its improvements, this paper explains in detail how the multiplication over- head in Shokrollahi's original method has been reduced by a factor of 1:4 in a major cryptanalytic computation, the ongoing attack on the ECC2K-130 Certicom challenge. The resulting overhead is also considerably smaller than the overhead in a traditional low-weight-polynomial-basis ap- proach. This is the first state-of-the-art binary-elliptic-curve computation in which type-II bases have been shown to outperform traditional low-weight polynomial bases.
  • Time Complexity Analysis of Cloud Data Security: Elliptical Curve and Polynomial Cryptography

    Time Complexity Analysis of Cloud Data Security: Elliptical Curve and Polynomial Cryptography

    International Journal of Computer Sciences and Engineering Open Access Research Paper Vol.-7, Issue-2, Feb 2019 E-ISSN: 2347-2693 Time Complexity Analysis of Cloud Data Security: Elliptical Curve and Polynomial Cryptography D.Pharkkavi1*, D. Maruthanayagam2 1Sri Vijay Vidyalaya College of Arts & Science, Dharmapuri, Tamilnadu, India 2PG and Research Department of Computer Science, Sri Vijay Vidyalaya College of Arts & Science, Dharmapuri, Tamilnadu, India *Corresponding Author: [email protected] DOI: https://doi.org/10.26438/ijcse/v7i2.321331 | Available online at: www.ijcseonline.org Accepted: 10/Feb/2019, Published: 28/Feb/2019 Abstract- Encryption becomes a solution and different encryption techniques which roles a significant part of data security on cloud. Encryption algorithms is to ensure the security of data in cloud computing. Because of a few limitations of pre-existing algorithms, it requires for implementing more efficient techniques for public key cryptosystems. ECC (Elliptic Curve Cryptography) depends upon elliptic curves defined over a finite field. ECC has several features which distinguish it from other cryptosystems, one of that it is relatively generated a new cryptosystem. Several developments in performance have been found out during the last few years for Galois Field operations both in Normal Basis and in Polynomial Basis. On the other hand, there is still some confusion to the relative performance of these new algorithms and very little examples of practical implementations of these new algorithms. Efficient implementations of the basic arithmetic operations in finite fields GF(2m) are need for the applications of coding theory and cryptography. The elements in GF(2m) know how to be characterized in a choice of bases.
  • Intra-Basis Multiplication of Polynomials Given in Various Polynomial Bases

    Intra-Basis Multiplication of Polynomials Given in Various Polynomial Bases

    Intra-Basis Multiplication of Polynomials Given in Various Polynomial Bases S. Karamia, M. Ahmadnasabb, M. Hadizadehd, A. Amiraslanic,d aDepartment of Mathematics, Institute for Advanced Studies in Basic Sciences (IASBS), Zanjan, Iran bDepartment of Mathematics, University of Kurdistan, Sanandaj, Iran cSchool of STEM, Department of Mathematics, Capilano University, North Vancouver, BC, Canada dFaculty of Mathematics, K. N. Toosi University of Technology, Tehran, Iran Abstract Multiplication of polynomials is among key operations in computer algebra which plays important roles in developing techniques for other commonly used polynomial operations such as division, evaluation/interpolation, and factorization. In this work, we present formulas and techniques for polynomial multiplications expressed in a variety of well-known polynomial bases without any change of basis. In particular, we take into consideration degree-graded polynomial bases including, but not limited to orthogonal polynomial bases and non-degree-graded polynomial bases including the Bernstein and Lagrange bases. All of the described polynomial multiplication formulas and tech- niques in this work, which are mostly presented in matrix-vector forms, preserve the basis in which the polynomials are given. Furthermore, using the results of direct multiplication of polynomials, we devise techniques for intra-basis polynomial division in the polynomial bases. A generalization of the well-known \long division" algorithm to any degree-graded polynomial basis is also given. The proposed framework deals with matrix-vector computations which often leads to well-structured matrices. Finally, an application of the presented techniques in constructing the Galerkin repre- sentation of polynomial multiplication operators is illustrated for discretization of a linear elliptic problem with stochastic coefficients.
  • Hardware and Software Normal Basis Arithmetic for Pairing Based

    Hardware and Software Normal Basis Arithmetic for Pairing Based

    Hardware and Software Normal Basis Arithmetic for Pairing Based Cryptography in ? Characteristic Three R. Granger, D. Page and M. Stam Department of Computer Science, University of Bristol, MerchantVenturers Building, Wo o dland Road, Bristol, BS8 1UB, United Kingdom. fgranger, page, [email protected] Abstract. Although identity based cryptography o ers a number of functional advantages over conventional public key metho ds, the compu- tational costs are signi cantly greater. The dominant part of this cost is the Tate pairing which, in characteristic three, is b est computed using the algorithm of Duursma and Lee. However, in hardware and constrained environments this algorithm is unattractive since it requires online com- putation of cub e ro ots or enough storage space to pre-compute required results. We examine the use of normal basis arithmetic in characteristic three in an attempt to get the b est of b oth worlds: an ecient metho d for computing the Tate pairing that requires no pre-computation and that may also be implemented in hardware to accelerate devices such as smart-cards. Since normal basis arithmetic in characteristic three has not received much attention b efore, we also discuss the construction of suitable bases and asso ciated curve parameterisations. 1 Intro duction Since it was rst suggested in 1984 by Shamir [29], the concept of identity based cryptography has b een an attractive target for researchers b ecause of the p oten- tial for simplifying conventional approaches to public key based systems. The central idea is that the public key for a user is simply their identity and is hence implicitly known to all other users.