Skip to main content
SpringerLink
Log in

Reducing the Complexity of Normal Basis Multiplication

  • Conference paper
  • First Online:
Arithmetic of Finite Fields (WAIFI 2014)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9061))

Included in the following conference series:

Abstract

In this paper we introduce a new transformation method and a multiplication algorithm for multiplying the elements of the field GF\((2^k)\) expressed in a normal basis. The number of XOR gates for the proposed multiplication algorithm is fewer than that of the optimal normal basis multiplication, not taking into account the cost of forward and backward transformations. The algorithm is more suitable for applications in which tens or hundreds of field multiplications are performed before needing to transform the results back.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agnew, G.B., Beth, T., Mullin, R.C., Vanstone, S.A.: Arithmetic operations in \({GF}(2^m)\). J. Cryptol. 6(1), 3–13 (1993)

    Article  MATH  MathSciNet  Google Scholar 

  2. Agnew, G.B., Mullin, R.C., Onyszchuk, I., Vanstone, S.A.: An implementation for a fast public-key cryptosystem. J. Cryptol. 3(2), 63–79 (1991)

    Article  MATH  MathSciNet  Google Scholar 

  3. Agnew, G.B., Mullin, R.C., Vanstone, S.A.: An implementation of elliptic curve cryptosystems over \(F_{2^{155}}\). IEEE J. Sel. Areas Commun. 11(5), 804–813 (1993)

    Article  Google Scholar 

  4. Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)

    Book  MATH  Google Scholar 

  5. Erdem, S.S., Yanık, T., Koç, Ç.K.: Polynomial basis multiplication in GF\((2^m)\). Acta Applicandae Mathematicae 93(1–3), 33–55 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  6. Gao, S.: Normal bases over finite fields. Ph.D. thesis, University of Waterloo (1993)

    Google Scholar 

  7. Gao, S., Lenstra Jr., H.W.: Optimal normal bases. Des. Codes Cryptgr. 2(4), 315–323 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  8. von zur Gathen, J., Shokrollahi, M.A., Shokrollahi, J.: Efficient multiplication using type 2 optimal normal bases. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 55–68. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Halbutoǧulları, A., Koç, Ç.K.: Mastrovito multiplier for general irreducible polynomials. IEEE Trans. Comput. 49(5), 503–518 (2000)

    Article  MathSciNet  Google Scholar 

  10. Hasan, M.A., Wang, M.Z., Bhargava, V.K.: Modular construction of low complexity parallel multipliers for a class of finite fields \({GF}(2^m)\). IEEE Trans. Comput. 41(8), 962–971 (1992)

    Article  MathSciNet  Google Scholar 

  11. Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \({GF}(2^m)\) using normal bases. Inf. Comput. 78(3), 171–177 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  12. Itoh, T., Tsujii, S.: Structure of parallel multipliers for a class of finite fields \({GF}(2^m)\). Inf. Comput. 83, 21–40 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  13. Koç, Ç.K., Acar, T.: Montgomery multiplication in GF\((2^k)\). Des. Codes Cryptgr. 14(1), 57–69 (1998)

    Article  MATH  Google Scholar 

  14. Koç, Ç.K., Acar, T., Kaliski Jr., B.S.: Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro 16(3), 26–33 (1996)

    Article  Google Scholar 

  15. Mastrovito, E.D.: VLSI architectures for multiplication over finite field GF\((2^m)\). In: Mora, T. (ed.) AAECC-6. LNCS, vol. 357, pp. 297–309. Springer, Heidelberg (1988)

    Chapter  Google Scholar 

  16. Mastrovito, E.D.: VLSI architectures for computation in Galois fields. Ph.D. thesis, Linköping University, Department of Electrical Engineering, Linköping, Sweden (1991)

    Google Scholar 

  17. Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)

    Article  MATH  Google Scholar 

  18. Mullin, R., Onyszchuk, I., Vanstone, S., Wilson, R.: Optimal normal bases in \({GF}(p^n)\). Discrete Appl. Math. 22, 149–161 (1988)

    Article  MathSciNet  Google Scholar 

  19. Omura, J., Massey, J.: Computational method and apparatus for finite field arithmetic (May 1986). U.S. Patent Number 4,587,627

    Google Scholar 

  20. Paar, C.: A new architecture for a parallel finite field multiplier with low complexity based on composite fields. IEEE Trans. Comput. 45(7), 856–861 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  21. Reyhani-Masoleh, A., Hasan, M.A.: A new construction of Massey-Omura parallel multiplier over GF\((2^m)\). IEEE Trans. Comput. 51(5), 511–520 (2001)

    Article  MathSciNet  Google Scholar 

  22. Saldamlı, G.: Spectral modular arithmetic. Ph.D. thesis, Oregon State University (2005)

    Google Scholar 

  23. Saldamlı, G., Baek, Y.J., Koç, Ç.K.: Spectral modular arithmetic for binary extension fields. In: The 2011 International Conference on Information and Computer Networks (ICICN), pp. 323–328 (2011)

    Google Scholar 

  24. Seroussi, G.: Table of low-weight binary irreducible polynomials (August 1998). Hewlett-Packard, HPL-98-135

    Google Scholar 

  25. Silverman, J.H.: Fast multiplication in finite fields GF\((2^n)\). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 122–134. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  26. Sunar, B., Koç, Ç.K.: Mastrovito multiplier for all trinomials. IEEE Trans. Comput. 48(5), 522–527 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  27. Wu, H., Hasan, M.A.: Low complexity bit-parallel multipliers for a class of finite fields. IEEE Trans. Comput. 47(8), 883–887 (1998)

    Article  MathSciNet  Google Scholar 

  28. Zhang, T., Parhi, K.K.: Systematic design of original and modified Mastrovito multipliers for general irreducible polynomials. IEEE Trans. Comput. 50(7), 734–749 (2001)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California Santa Barbara, Santa Barbara, USA

    Ömer Eǧecioǧlu & Çetin Kaya Koç

Authors
  1. Ömer Eǧecioǧlu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Çetin Kaya Koç
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Çetin Kaya Koç .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Univ of California, Santa Barbara, Santa Barbara, California, USA

    Çetin Kaya Koç

  2. University of Paris VIII, Paris, France

    Sihem Mesnager

  3. Sabancı University, Istanbul, Turkey

    Erkay Savaş

Appendix A: The Type 1 \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) Matrices

Appendix A: The Type 1 \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) Matrices

The \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) Matrices for GF \((2^2)\)

The irreducible polynomial is \(x^2+x+1\). The optimal normal element is \(\beta =x\). The total count of 1 s in \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) matrices are \(k(2k-1)=6\) and \(k(2k-1)-(k-1)=5\), respectively.

$$ {\varvec{\lambda }}= \begin{bmatrix} \beta _1&\beta _0 \\ \beta _0&\beta _1 \end{bmatrix} ~,~~ \beta _0{\varvec{\lambda }}= \begin{bmatrix} \mathbf{{1}}&\beta _0 \\ \beta _0&\beta _1 \end{bmatrix} ~,~~ \beta _1{\varvec{\lambda }}= \begin{bmatrix} \beta _0&\beta _1 \\ \beta _1&\mathbf{{1}} \end{bmatrix} $$

The \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) Matrices for GF \((2^4)\)

The irreducible polynomial is \(x^4+x^3+1\). The optimal normal element is \(\beta = x+1\). The total count of 1 s in \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) matrices are \(k(2k-1)=28\) and \(k(2k-1)-(k-1)=25\), respectively.

$$ {\varvec{\lambda }}= \begin{bmatrix} \beta _1&\beta _3&{\varvec{1}}&\beta _2 \\ \beta _3&\beta _2&\beta _0&\mathbf{{1}} \\ \mathbf{{1}}&\beta _0&\beta _3&\beta _1 \\ \beta _2&\mathbf{{1}}&\beta _1&\beta _0 \end{bmatrix} ~,~~ \beta _0{\varvec{\lambda }}= \begin{bmatrix} \beta _3&\beta _2&\beta _0&\mathbf{{1}} \\ \beta _2&\mathbf{{1}}&\beta _1&\beta _0\\ \beta _0&\beta _1&\beta _2&\beta _3\\ \mathbf{{1}}&\beta _0&\beta _3&\beta _1 \end{bmatrix} ~,~~ \beta _1{\varvec{\lambda }}= \begin{bmatrix} \beta _2&\mathbf{{1}}&\beta _1&\beta _0 \\ \mathbf{{1}}&\beta _0&\beta _3&\beta _1 \\ \beta _1&\beta _3&\mathbf{{1}}&\beta _2 \\ \beta _0&\beta _1&\beta _2&\beta _3 \end{bmatrix} $$
$$ \beta _2{\varvec{\lambda }}= \begin{bmatrix} \beta _0&\beta _1&\beta _2&\beta _3 \\ \beta _1&\beta _3&\mathbf{{1}}&\beta _2 \\ \beta _2&\mathbf{{1}}&\beta _1&\beta _0 \\ \beta _3&\beta _2&\beta _0&\mathbf{{1}} \end{bmatrix} ~,~~ \beta _3{\varvec{\lambda }}= \begin{bmatrix} \mathbf{{1}}&\beta _0&\beta _3&\beta _1 \\ \beta _0&\beta _1&\beta _2&\beta _3 \\ \beta _3&\beta _2&\beta _0&\mathbf{{1}} \\ \beta _1&\beta _3&\mathbf{{1}}&\beta _2 \end{bmatrix} $$

The \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) Matrices for GF \((2^{10})\)

The irreducible polynomial is \(x^{10}+x^7+1\). The optimal normal element is \(\beta =x^6+x^3+x^2+x\). The total count of 1 s in \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) matrices are \(k(2k-1)=190\) and \(k(2k-1)-(k-1)=181\), respectively. Below we give \({\varvec{\lambda }}\) and only \(\beta _0{\varvec{\lambda }}\) matrix.

$$ {\varvec{\lambda }}= \begin{bmatrix} \beta _1&\beta _8&\beta _4&\beta _6&\beta _9&\mathbf{{1}}&\beta _5&\beta _3&\beta _2&\beta _7 \\ \beta _8&\beta _2&\beta _9&\beta _5&\beta _7&\beta _0&\mathbf{{1}}&\beta _6&\beta _4&\beta _3 \\ \beta _4&\beta _9&\beta _3&\beta _0&\beta _6&\beta _8&\beta _1&\mathbf{{1}}&\beta _7&\beta _5 \\ \beta _6&\beta _5&\beta _0&\beta _4&\beta _1&\beta _7&\beta _9&\beta _2&\mathbf{{1}}&\beta _8 \\ \beta _9&\beta _7&\beta _6&\beta _1&\beta _5&\beta _2&\beta _8&\beta _0&\beta _3&\mathbf{{1}} \\ \mathbf{{1}}&\beta _0&\beta _8&\beta _7&\beta _2&\beta _6&\beta _3&\beta _9&\beta _1&\beta _4 \\ \beta _5&\mathbf{{1}}&\beta _1&\beta _9&\beta _8&\beta _3&\beta _7&\beta _4&\beta _0&\beta _2 \\ \beta _3&\beta _6&\mathbf{{1}}&\beta _2&\beta _0&\beta _9&\beta _4&\beta _8&\beta _5&\beta _1 \\ \beta _2&\beta _4&\beta _7&\mathbf{{1}}&\beta _3&\beta _1&\beta _0&\beta _5&\beta _9&\beta _6 \\ \beta _7&\beta _3&\beta _5&\beta _8&\mathbf{{1}}&\beta _4&\beta _2&\beta _1&\beta _6&\beta _0 \end{bmatrix} ~,~~ \beta _0{\varvec{\lambda }}= \begin{bmatrix} \beta _8&\beta _2&\beta _9&\beta _5&\beta _7&\beta _0&\mathbf{{1}}&\beta _6&\beta _4&\beta _3 \\ \beta _2&\beta _4&\beta _7&\mathbf{{1}}&\beta _3&\beta _1&\beta _0&\beta _5&\beta _9&\beta _6 \\ \beta _9&\beta _7&\beta _6&\beta _1&\beta _5&\beta _2&\beta _8&\beta _0&\beta _3&\mathbf{{1}} \\ \beta _5&\mathbf{{1}}&\beta _1&\beta _9&\beta _8&\beta _3&\beta _7&\beta _4&\beta _0&\beta _2 \\ \beta _7&\beta _3&\beta _5&\beta _8&\mathbf{{1}}&\beta _4&\beta _2&\beta _1&\beta _6&\beta _0 \\ \beta _0&\beta _1&\beta _2&\beta _3&\beta _4&\beta _5&\beta _6&\beta _7&\beta _8&\beta _9 \\ \mathbf{{1}}&\beta _0&\beta _8&\beta _7&\beta _2&\beta _6&\beta _3&\beta _9&\beta _1&\beta _4 \\ \beta _6&\beta _5&\beta _0&\beta _4&\beta _1&\beta _7&\beta _9&\beta _2&\mathbf{{1}}&\beta _8 \\ \beta _4&\beta _9&\beta _3&\beta _0&\beta _6&\beta _8&\beta _1&\mathbf{{1}}&\beta _7&\beta _5\\ \beta _3&\beta _6&\mathbf{{1}}&\beta _2&\beta _0&\beta _9&\beta _4&\beta _8&\beta _5&\beta _1 \end{bmatrix} $$

The \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) Matrices for GF \((2^{12})\)

The irreducible polynomial is \( x^{12}+x^{10}+x^2+x+1\). The optimal normal element is \(\beta =x^{11}+x^7+x^3+x^2+x\). The total count of 1 s in \({\varvec{\lambda }}\) and \(\alpha {\varvec{\lambda }}\) matrices are \(k(2k-1)=276\) and \(k(2k-1)-(k-1)=265\), respectively. Below we give \({\varvec{\lambda }}\) and only \(\beta _0{\varvec{\lambda }}\) matrix.

$$ {\varvec{\lambda }}= \left[ \begin{array}{cccccccccccc} \beta _1 &{} \beta _4 &{} \beta _9 &{} \beta _8 &{} \beta _2 &{} \beta _{11} &{} \mathbf{{1}} &{} \beta _6 &{} \beta _{10} &{} \beta _5 &{} \beta _7 &{} \beta _3 \\ \beta _4 &{} \beta _2 &{} \beta _5 &{} \beta _{10} &{} \beta _9 &{} \beta _3 &{} \beta _0 &{} \mathbf{{1}} &{} \beta _7 &{} \beta _{11} &{} \beta _6 &{} \beta _8 \\ \beta _9 &{} \beta _5 &{} \beta _3 &{} \beta _6 &{} \beta _{11} &{} \beta _{10} &{} \beta _4 &{} \beta _1 &{} \mathbf{{1}} &{} \beta _8 &{} \beta _0 &{} \beta _7 \\ \beta _8 &{} \beta _{10} &{} \beta _6 &{} \beta _4 &{} \beta _7 &{} \beta _0 &{} \beta _{11} &{} \beta _5 &{} \beta _2 &{} \mathbf{{1}} &{} \beta _9 &{} \beta _1 \\ \beta _2 &{} \beta _9 &{} \beta _{11} &{} \beta _7 &{} \beta _5 &{} \beta _8 &{} \beta _1 &{} \beta _0 &{} \beta _6 &{} \beta _3 &{} \mathbf{{1}} &{} \beta _{10} \\ \beta _{11} &{} \beta _3 &{} \beta _{10} &{} \beta _0 &{} \beta _8 &{} \beta _6 &{} \beta _9 &{} \beta _2 &{} \beta _1 &{} \beta _7 &{} \beta _4 &{} \mathbf{{1}} \\ \mathbf{{1}} &{} \beta _0 &{} \beta _4 &{} \beta _{11} &{} \beta _1 &{} \beta _9 &{} \beta _7 &{} \beta _{10} &{} \beta _3 &{} \beta _2 &{} \beta _8 &{} \beta _5 \\ \beta _6 &{} \mathbf{{1}} &{} \beta _1 &{} \beta _5 &{} \beta _0 &{} \beta _2 &{} \beta _{10} &{} \beta _8 &{} \beta _{11} &{} \beta _4 &{} \beta _3 &{} \beta _9 \\ \beta _{10} &{} \beta _7 &{} \mathbf{{1}} &{} \beta _2 &{} \beta _6 &{} \beta _1 &{} \beta _3 &{} \beta _{11} &{} \beta _9 &{} \beta _0 &{} \beta _5 &{} \beta _4 \\ \beta _5 &{} \beta _{11} &{} \beta _8 &{} \mathbf{{1}} &{} \beta _3 &{} \beta _7 &{} \beta _2 &{} \beta _4 &{} \beta _0 &{} \beta _{10} &{} \beta _1 &{} \beta _6 \\ \beta _7 &{} \beta _6 &{} \beta _0 &{} \beta _9 &{} \mathbf{{1}} &{} \beta _4 &{} \beta _8 &{} \beta _3 &{} \beta _5 &{} \beta _1 &{} \beta _{11} &{} \beta _2 \\ \beta _3 &{} \beta _8 &{} \beta _7 &{} \beta _1 &{} \beta _{10} &{} \mathbf{{1}} &{} \beta _5 &{} \beta _9 &{} \beta _4 &{} \beta _6 &{} \beta _2 &{} \beta _0 \end{array} \right] $$
$$ \beta _0{\varvec{\lambda }}= \left[ \begin{array}{cccccccccccc} \beta _4 &{} \beta _2 &{} \beta _5 &{} \beta _{10} &{} \beta _9 &{} \beta _3 &{} \beta _0 &{} \mathbf{{1}} &{} \beta _7 &{} \beta _{11} &{} \beta _6 &{} \beta _8 \\ \beta _2 &{} \beta _9 &{} \beta _{11} &{} \beta _7 &{} \beta _5 &{} \beta _8 &{} \beta _1 &{} \beta _0 &{} \beta _6 &{} \beta _3 &{} \mathbf{{1}} &{} \beta _{10} \\ \beta _5 &{} \beta _{11} &{} \beta _8 &{} \mathbf{{1}} &{} \beta _3 &{} \beta _7 &{} \beta _2 &{} \beta _4 &{} \beta _0 &{} \beta _{10} &{} \beta _1 &{} \beta _6 \\ \beta _{10} &{} \beta _7 &{} \mathbf{{1}} &{} \beta _2 &{} \beta _6 &{} \beta _1 &{} \beta _3 &{} \beta _{11} &{} \beta _9 &{} \beta _0 &{} \beta _5 &{} \beta _4 \\ \beta _9 &{} \beta _5 &{} \beta _3 &{} \beta _6 &{} \beta _{11} &{} \beta _{10} &{} \beta _4 &{} \beta _1 &{} \mathbf{{1}} &{} \beta _8 &{} \beta _0 &{} \beta _7 \\ \beta _3 &{} \beta _8 &{} \beta _7 &{} \beta _1 &{} \beta _{10} &{} \mathbf{{1}} &{} \beta _5 &{} \beta _9 &{} \beta _4 &{} \beta _6 &{} \beta _2 &{} \beta _0 \\ \beta _0 &{} \beta _1 &{} \beta _2 &{} \beta _3 &{} \beta _4 &{} \beta _5 &{} \beta _6 &{} \beta _7 &{} \beta _8 &{} \beta _9 &{} \beta _{10} &{} \beta _{11} \\ \mathbf{{1}} &{} \beta _0 &{} \beta _4 &{} \beta _{11} &{} \beta _1 &{} \beta _9 &{} \beta _7 &{} \beta _{10} &{} \beta _3 &{} \beta _2 &{} \beta _8 &{} \beta _5 \\ \beta _7 &{} \beta _6 &{} \beta _0 &{} \beta _9 &{} \mathbf{{1}} &{} \beta _4 &{} \beta _8 &{} \beta _3 &{} \beta _5 &{} \beta _1 &{} \beta _{11} &{} \beta _2 \\ \beta _{11} &{} \beta _3 &{} \beta _{10} &{} \beta _0 &{} \beta _8 &{} \beta _6 &{} \beta _9 &{} \beta _2 &{} \beta _1 &{} \beta _7 &{} \beta _4 &{} \mathbf{{1}} \\ \beta _6 &{} \mathbf{{1}} &{} \beta _1 &{} \beta _5 &{} \beta _0 &{} \beta _2 &{} \beta _{10} &{} \beta _8 &{} \beta _{11} &{} \beta _4 &{} \beta _3 &{} \beta _9 \\ \beta _8 &{} \beta _{10} &{} \beta _6 &{} \beta _4 &{} \beta _7 &{} \beta _0 &{} \beta _{11} &{} \beta _5 &{} \beta _2 &{} \mathbf{{1}} &{} \beta _9 &{} \beta _1 \end{array} \right] $$

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Eǧecioǧlu, Ö., Koç, Ç.K. (2015). Reducing the Complexity of Normal Basis Multiplication. In: Koç, Ç., Mesnager, S., Savaş, E. (eds) Arithmetic of Finite Fields. WAIFI 2014. Lecture Notes in Computer Science(), vol 9061. Springer, Cham. https://doi.org/10.1007/978-3-319-16277-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16277-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16276-8

  • Online ISBN: 978-3-319-16277-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation