Acta Applicandae Mathematica

, Volume 93, Issue 1–3, pp 75–118 | Cite as

Efficient Hardware Implementation of Finite Fields with Applications to Cryptography

  • Jorge Guajardo
  • Tim Güneysu
  • Sandeep S. Kumar
  • Christof Paar
  • Jan Pelzl


The paper presents a survey of most common hardware architectures for finite field arithmetic especially suitable for cryptographic applications. We discuss architectures for three types of finite fields and their special versions popularly used in cryptography: binary fields, prime fields and extension fields. We summarize algorithms and hardware architectures for finite field multiplication, squaring, addition/subtraction, and inversion for each of these fields. Since implementations in hardware can either focus on high-speed or on area-time efficiency, a careful choice of the appropriate set of architectures has to be made depending on the performance requirements and available area.

Key words

Field arithmetic cryptography efficient implementation  binary field arithmetic prime field arithmetic extension field arithmetic Optimal extension fields 

Mathematics Subject Classifications (2000)

12-02 12E30 12E10 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Actel Corporation: Actel’s ProASIC family, the only ASIC design flow FPGA. (2001)Google Scholar
  2. 2.
    Altera Corporation: APEX 20KC programmable logic device data sheet. (2001)Google Scholar
  3. 3.
    Amanor, D.N., Paar, C., Pelzl, J., Bunimov, V., Schimmler, M.: Efficient hardware architectures for modular multiplication on FPGAs. In: 2005 International Conference on Field Programmable Logic and Applications (FPL), Tampere, Finland, pp. 539–542. IEEE Circuits and Systems Society, Piscataway, New Jersey, August 2005CrossRefGoogle Scholar
  4. 4.
    Barrett, P.: Implementing the Rivest, Shamir and Adleman public-key encryption algorithm on standard digital signal processor. In: Odlyzko, A.M. (ed.) Advances in Cryptology – CRYPTO’86. LNCS, vol. 263, pp. 311–323. Springer, Berlin Heidelberg New York (1987)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) Advances in Cryptology – CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Berlin Heidelberg New York (2001)Google Scholar
  6. 6.
    Bertoni, G., Guajardo, J., Kumar, S.S., Orlando, G., Paar, C., Wollinger, T.J.: Efficient GF(p m) arithmetic architectures for cryptographic applications. In: Joye, M. (ed.) Topics in Cryptology – CT-RSA 2003. LNCS, vol. 2612, pp. 158–175. Springer, Berlin Heidelberg New York (2003)Google Scholar
  7. 7.
    Blake, I.F., Gao, S., Lambert, R.J.: Constructive problems for irreducible polynomials over finite fields. In: Gulliver, T.A., Secord, N.P. (eds.) Information Theory and Applications LNCS, vol 793, pp. 1–23. Springer, Berlin Heidelberg New York (1993)Google Scholar
  8. 8.
    Bertoni, G., Guajardo, J., Orlando, G.: Systolic and scalable architectures for digit-serial multiplication in fields GF(p m). In: Johansson, T., Maitra, S. (eds.) Progress in Cryptology – INDOCRYPT 2003. LNCS, vol. 2904, pp. 349–362. Springer, Berlin Heidelberg New York (2003)Google Scholar
  9. 9.
    Bajard, J.-C., Imbert, L., Nègre, C., Plantard, T.: Efficient multiplication in GF(p k) for elliptic curve cryptography. In: Bajard, J.-C., Schulte, M. (eds.) Proceedings of the 16th IEEE Symposium on Computer Arithmetic (ARITH-16), pp. 181–187. Santiago de Compostela, Spain, 15–18 June 2003CrossRefGoogle Scholar
  10. 10.
    Bucek, J., Lorencz, R.: Comparing subtraction-free and traditional AMI. In: Proceedings of the 9th IEEE Workshop on Design & Diagnostics of Electronic Circuits & Systems (DDECS 2006), Prague, Czech Republic, 18–21 April 2006. pp. 97–99. IEEE Computer Society, Los Alamitos, CA, USA (2006)Google Scholar
  11. 11.
    Blakley, G.R.: A computer algorithm for calculating the product A · B modulo M. IEEE Trans. Comput. C-32(5), 497–500 (1983)Google Scholar
  12. 12.
    Batina, L., Ors, S.B., Preneel, B., Vandewalle, J.: Hardware architectures for public key cryptography. Integration, VLSI J. 34(6), 1–64 (2003)CrossRefGoogle Scholar
  13. 13.
    Bailey, D.V., Paar, C.: Optimal extension fields for fast arithmetic in public-key algorithms. In: Krawczyk, H. (ed.) Advances in Cryptology – CRYPTO ’98. LNCS, vol. 1462, pp. 472–485. Springer, Berlin Heidelberg New York (1998)Google Scholar
  14. 14.
    Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. J. Cryptology 14(3), 153–176 (2001)zbMATHMathSciNetGoogle Scholar
  15. 15.
    Bunimov, V., Schimmler, M.: Area and time efficient modular multiplication of large integers. In: IEEE 14th International Conference on Application-specific Systems, Architectures and Processors, The Hague, The Netherlands June 2003Google Scholar
  16. 16.
    Bunimov, V., Schimmler, M., Tolg, B.: A complexity-effective version of montgomery’s algorithm. In: Workshop on Complexity Effective Designs, ISCA’02, Anchorage, Alaska, May 2002Google Scholar
  17. 17.
    Di Claudio, E.D., Piazza, F., Orlandi, G.: Fast combinatorial RNS processors for DSP applications. IEEE Trans. Comput. 44(5), 624–633 (1995)zbMATHCrossRefGoogle Scholar
  18. 18.
    Chung, J.W., Sim, S.G., Lee, P.J.: Fast implementation of elliptic curve defined over GF(p m) on CalmRISC with MAC2424 coprocessor. In: Koç, Ç.K., Paar, C. (eds.) Workshop on Cryptographic Hardware and Embedded Systems – CHES, 17–18 August 2000. LNCS, vol. 1965, pp. 57–70. Springer, Berlin Heidelberg New York (2000)Google Scholar
  19. 19.
    De Win, E., Bosselaers, A., Vandenberghe, S., De Gersem, P., Vandewalle, J.: A fast software implementation for arithmetic operations in GF(2n). In: Kim,K., Matsumoto, T. (eds.)Advances in Cryptology – ASIACRYPT ’96. Lecture Notes in Computer Science, vol. 1163, pp. 65–76. Springer, Berlin Heidelberg New York (November 1996)Google Scholar
  20. 20.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inform. Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Diffie, W.: Subject: Authenticity of non-secret encryption documents. Available at . October 6, 1999 (Email message sent to John Young)
  22. 22.
    Daly, A., Marnane, L., Popovici, E.: Fast modular inversion in the montgomery domain on reconfigurable logic. Technical report, University College Cork, Ireland (2003)Google Scholar
  23. 23.
    Ellis, J.H.: The story of non-secret encryption. Available at (December 16, 1997)
  24. 24.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D. (eds.) AlgorithmicNumber Theory –ANTS-V, LNCS, vol. 2369, pp. 324–337. Springer, Berlin Heidelberg New York (2002)Google Scholar
  25. 25.
    Golomb, S.W.: Shift Register Sequences. Holden-Day, San Francisco, USA (1967)zbMATHGoogle Scholar
  26. 26.
    Guajardo, J., Paar, C.: Efficient algorithms for elliptic curve cryptosystems. In: Kaliski Jr., B. (ed.) Advances in Cryptology – CRYPTO ’97, Lecture Notes in Computer Science, vol. 1294, pp. 342–356. Springer, Berlin Heidelberg New York (August 1997)Google Scholar
  27. 27.
    Guajardo, J., Paar, C.: Itoh–Tsujii inversion in standard basis and its application in cryptography and codes. Des. Codes Cryptogr. 25(2), 207–216 (2002)zbMATHMathSciNetCrossRefGoogle Scholar
  28. 28.
    Geiselmann, W., Steinwandt, R.: A redundant representation of GF(q n) for designing arithmetic circuits. IEEE Trans. Comput. 52(7), 848–853 (2003)CrossRefGoogle Scholar
  29. 29.
    Gutub, A.A., Tenca, A.F., Koc, C.K.: Scalable VLSI architecture for GF(p) Montgomery modular inverse computation. In: Naccache, D. (ed.) IEEE Computer Society Annual Symposium on VLSI, pp. 53–58. IEEE Computer Society Press, Los Alamitos, California (2002)Google Scholar
  30. 30.
    Guajardo Merchan, J.: Arithmetic architectures for finite fields GF(p m) with cryptographic applications. PhD thesis, Ruhr-Universität Bochum, Germany (Available at (July 2004)
  31. 31.
    Guajardo, J., Wollinger, T., Paar, C.: Area efficient GF(p) architectures for GF(p m) multipliers. In: Proceedings of the 45th IEEE International Midwest Symposium on Circuits and Systems – MWSCAS 2002, Tulsa, Oklahoma, August 2002Google Scholar
  32. 32.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases. Comput. Inf. 78, 171–177 (1988)zbMATHMathSciNetCrossRefGoogle Scholar
  33. 33.
    Jullien, G.A.: Residue number scaling and other operations using ROM arrays. IEEE Trans. Comput. C-27, 325–337 (1978)MathSciNetGoogle Scholar
  34. 34.
    Kaliski, B.S.: The montgomery inverse and its applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)zbMATHCrossRefGoogle Scholar
  35. 35.
    Koç, Ç.K., Hung, C.Y.: Bit-level systolic arrays for modular multiplication. J. VLSI Signal Process. 3(3), 215–223 (1991)CrossRefGoogle Scholar
  36. 36.
    Knuth, D.E.: The Art of Computer Programming, Seminumerical Algorithms, vol. 2. Addison-Wesley, Reading, Massachusetts (November 1971)(2nd printing)Google Scholar
  37. 37.
    Knuth, D.E.: The Art of Computer Programming: Seminumerical Algorithms, vol, 2nd edn. Addison-Wesley, Massachussetts, USA (1973)Google Scholar
  38. 38.
    Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Sov. Phys. Dokl. 7, 595–596 (1963) (English translation)Google Scholar
  39. 39.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)zbMATHMathSciNetCrossRefGoogle Scholar
  40. 40.
    Koblitz, N.: Hyperelliptic cryptosystems. J. Cryptology 1(3), 129–150 (1989)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Koblitz, N.: An elliptic curve implementation of the finite field digital signature algorithm. In: Krawczyk, H. (ed.) Advances in Cryptology – CRYPTO 98. LNCS, vol. 1462, pp. 327–337. Springer, Berlin Heidelberg New York (1998)Google Scholar
  42. 42.
    Koren, I.: Computer Arithmetic Architectures. Prentice-Hall, New Jersey (1993)Google Scholar
  43. 43.
    Lidl, R., Niederreiter, H.: Finite fields. In: Encyclopedia of Mathematics and its Applications, vol 20, 2nd edn. Cambridge University Press, Great Britain (1997)Google Scholar
  44. 44.
    Loidreau, P.: On the factorization of trinomials over F 3. Rapport de recherche no. 3918, INRIA (April 2000)Google Scholar
  45. 45.
    Lenstra, A., Verheul, E.: The XTR public-key cryptosystem. In: Bellare, M. (ed.) Advances in Cryptology – CRYPTO 2000. LNCS, vol. 1423, pp. 1–19. Springer, Berlin Heidelberg New York (2000)Google Scholar
  46. 46.
    Mihăilescu, P.: Optimal Galois Field Bases which are not Normal. Recent Results Session — FSE ’97 (1997)Google Scholar
  47. 47.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Advances in cryptology – CRYPTO ’85. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Berlin Heidelberg New York (August 1986)Google Scholar
  48. 48.
    Morii, M., Kasahara, M., Whiting, D.L.: Efficient bit-serial multiplication and discrete-time Wiener–Hoph equation over finite fields. IEEE Trans. Inform. Theory, IT-35, 1177–1184 (1989)MathSciNetCrossRefGoogle Scholar
  49. 49.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)zbMATHCrossRefGoogle Scholar
  50. 50.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)zbMATHCrossRefGoogle Scholar
  51. 51.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. The CRC Press Series on Discrete Mathematics and Its Applications. CRC, Florida, USA (1997)Google Scholar
  52. 52.
    National Institute for Standards and Technology: FIPS 186-2: Digital Signature Standard (DSS)186-2. Gaithersburg, Maryland, USA (Available for download at ( February 2000)
  53. 53.
    Norris, M.J., Simmons, G.J.: Algorithms for high-speed modular arithmetic. Congressus Numeratium 31, 153–163 (1981)zbMATHMathSciNetGoogle Scholar
  54. 54.
    Oo, J.Y., Kim, Y.-G., Park, D.-Y., Kim, H.-S.: Efficient multiplier architecture using optimized irreducible polynomial over GF((3n)3). In: Proceedings of the IEEE Region 10 Conference – TENCON 99. Multimedia Technology for Asia-Pacific Information Infrastructure, vol. 1, pp. 383–386, Cheju, Korea (1999)Google Scholar
  55. 55.
    Parhami, B.: Computer Arithemtic – Algorithms and Hardware Designs. Oxford University Press, New York, USA (1999)Google Scholar
  56. 56.
    Parker, M.G., Benaissa, M.: GF(p m) multiplication using polynomial residue number systems. IEEE Trans. Circuits Syst., 2 Analog Digit. Signal Process. 42(11), 718–721 (1995)CrossRefGoogle Scholar
  57. 57.
    Paliouras, V., Karagianni, K., Stouraitis, T.: A low-complexity combinatorial RNS multiplier. IEEE Trans. Circuits Systems I. Fund., 2 Analog Digit. Signal Process. 48(7), 675–683 (2001)zbMATHCrossRefGoogle Scholar
  58. 58.
    Smith, P., Skinner, C.: A public-key cryptosystem and a digital signature system based on the lucas function analogue to discrete logarithms. In: Pieprzyk, J., Safavi-Naini, R. (eds.) Advances in Cryptology – ASIACRYPT’94. LNCS, vol. 917, pp. 357–364. Springer, Berlin Heidelberg New York(1995)Google Scholar
  59. 59.
    Page, D., Smart, N.P.: Hardware implementation of finite fields of characteristic three. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Workshop on Cryptographic Hardware and Embedded Systems – CHES 2002. LNCS, vol. 2523, pp. 529–539. Springer, Berlin Heidelberg New York (2002)Google Scholar
  60. 60.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)zbMATHMathSciNetCrossRefGoogle Scholar
  61. 61.
    Radhakrishnan, D., Yuan, Y.: Novel approaches to the design of VLSI RNS multipliers. IEEE Trans. Circuits Syst., 2 Analog Digit. Signal Process 39(1), 52–57 (1992)zbMATHCrossRefGoogle Scholar
  62. 62.
    Schneier, B.: Crypto-Gram newsletter. (available at May 15, 1998
  63. 63.
    Sloan, K.R.: Comments on a computer algorithm for calculating the product A · B modulo M. IEEE Trans. Comput. C-34(3), 290–292 (1985)MathSciNetGoogle Scholar
  64. 64.
    Smart, N.: Elliptic curve cryptosystems over small fields of odd characteristic. J. Cryptology. 12(2), 141–151 (1999)zbMATHMathSciNetCrossRefGoogle Scholar
  65. 65.
    Song, L., Parhi, K.K.: Low energy digit-serial/parallel finite field multipliers. J. VLSI Signal Process. 19(2), 149–166 (1998)CrossRefGoogle Scholar
  66. 66.
    Soudris, D.J., Paliouras, V., Stouraitis, T., Goutis, C.E.: A VLSI design methodology for RNS full adder-based inner product architectures. IEEE Trans. Circuits Syst., 2 Analog Digit. Signal Process. 44(4), 315–318 (1997)CrossRefGoogle Scholar
  67. 67.
    Szabó, N., Tanaka, R.: Residue Arithmetic and its Applications to Computer Technology, McGraw-Hill, New York (1967)zbMATHGoogle Scholar
  68. 68.
    Skavantzos, A., Taylor, F.J.: On the polynomial residue number system. IEEE Trans. Signal Process. 39, 376–382 (1991)CrossRefGoogle Scholar
  69. 69.
    Takagi, N.: A VLSI algorithm for modular division based on the binary GCD algorithm. In: IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, vol. E81-A, pp. 724–728 (1998)Google Scholar
  70. 70.
    Tenca, A.F., Koç, Ç.K.: A scalable architecture for montgomery multiplication. In: Koç, Ç.K., Paar, C. (eds.) Workshop on Cryptographic Hardware and Embedded Systems – CHES’99. LNCS, vol. 1717 pp. 94–108. Springer, Berlin Heidelberg New York 12–13 August 1999Google Scholar
  71. 71.
    Tawalbeh, L.A., Tenca, A.F., Park, S., Koc, C.K.: A dual-field modular division algorithm and architecture for application specific hardware. In: Thirty-Eighth Asilomar Conference on Signals, Systems, and Computers, vol. 1, pp. 483–487. Pacific Grove, California (2004)CrossRefGoogle Scholar
  72. 72.
    von zur Gathen, J.: Irreducible trinomials over finite fields. In: Mourrain, B. (ed.) Proceedings of the 2001 International Symposium on Symbolic and Algebraic Computation – ISSAC2001, pp. 332–336. ACM, New York (2001)CrossRefGoogle Scholar
  73. 73.
    von zur Gathen, J., Nöcker, M.: Exponentiation in finite fields: theory and practice. In: Mora, T., Mattson, H. (eds.) Applied Algebra, Agebraic Algorithms and Error Correcting Codes – AAECC-12. LNCS, vol. 1255, pp. 88–113. Springer, Berlin Heidelberg New York (2000)Google Scholar
  74. 74.
    Walter, C.D.: Logarithmic speed modular multiplication. Electron. Lett. 30(17), 1397–1398 (1994)CrossRefGoogle Scholar
  75. 75.
    Wang, M., Blake, I.F.: Bit serial multiplication in finite fields. SIAM J. Discrete Math. 3(1), 140–148 (1990)zbMATHMathSciNetCrossRefGoogle Scholar
  76. 76.
    Wu, H., Hasan, M.A., Blake, I.F.: Low complexity parallel multiplier in \(F_{q^n}\) over F q. IEEE Trans. Circuits Systems 1, Fund. Theory Appl. 49(7), 1009–1013 (2002)CrossRefGoogle Scholar
  77. 77.
    Xilinx, Inc.: The Programmable Logic Data Book (2000)Google Scholar
  78. 78.
    Zierler, N., Brillhart, J.: On primitive trinomials \((\bmod 2)\). Inf. Control 13, 541–554 (1968)zbMATHMathSciNetCrossRefGoogle Scholar
  79. 79.
    Zierler, N., Brillhart, J.: On primitive trinomials \((\bmod 2)\), II. Inf. Control 14, 566–569 (1969)zbMATHMathSciNetCrossRefGoogle Scholar
  80. 80.
    Zierler, N.: On x n + x + 1 over GF(2). Inf. Control 16, 67–69 (1970)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Science + Business Media B.V. 2006

Authors and Affiliations

  • Jorge Guajardo
    • 1
  • Tim Güneysu
    • 2
  • Sandeep S. Kumar
    • 2
  • Christof Paar
    • 2
  • Jan Pelzl
    • 2
  1. 1.Information and System Security DepartmentPhilips ResearchEindhovenThe Netherlands
  2. 2.Horst-Görtz Institute for IT-SecurityRuhr-UniversityBochumGermany

Personalised recommendations