Hardware Implementations of Finite Field Primitives

Slides:

Advertisements

Similar presentations

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.

Advertisements

BCH Codes Hsin-Lung Wu NTPU.

Mathematics of Cryptography Part II: Algebraic Structures

Cryptography and Network Security

CHANNEL CODING REED SOLOMON CODES.

Information and Coding Theory Finite fields. Juris Viksna, 2015.

Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

Chapter 11 Algebraic Coding Theory. Single Error Detection M = (1, 1, …, 1) is the m  1 parity check matrix for single error detection. If c = (0, 1,

Introduction Polynomials

Chapter 2 : Direct Link Networks (Continued). So far... Modulation and Encoding Link layer protocols Error Detection -- Parity Check.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Copyright 2008 Koren ECE666/Koren Part.6a.1 Israel Koren Spring 2008 UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Digital Computer.

Dirichlet’s Theorem for Polynomial Rings Lior Bary-Soroker, School of Mathematical Sciences, Sackler Faculty of Exact Sciences, Tel-Aviv University 1.

Aritmética Computacional Francisco Rodríguez Henríquez An Introduction to Binary Finite Fields GF(2 m ) By Francisco Rodríguez Henríquez.

M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,

Polynomial Division: Dividing one polynomial by another polynomial to find the zeros of the polynomial. Ex 1: Find the zeros of Solution:1 st way: At.

FINITE FIELDS 7/30 陳柏誠.

Cyclic codes 1 CHAPTER 3: Cyclic and convolution codes Cyclic codes are of interest and importance because They posses rich algebraic structure that can.

CPSC 3730 Cryptography and Network Security

Information Security and Management 4. Finite Fields 8

Cryptography and Network Security Introduction to Finite Fields.

Part.7.1 Copyright 2007 Koren & Krishna, Morgan-Kaufman FAULT TOLERANT SYSTEMS Part 7 - Coding.

By: Hector L Contreras SSGT / USMC

Mathematics Review Exponents Logarithms Series Modular arithmetic Proofs.

Monoids, Groups, Rings, Fields

Implementation of Finite Field Inversion

Cyclic Codes for Error Detection W. W. Peterson and D. T. Brown by Maheshwar R Geereddy.

Basic Number Theory Divisibility Let a,b be integers with a≠0. if there exists an integer k such that b=ka, we say a divides b which is denoted by a|b.

CSC 221 Computer Organization and Assembly Language

Chapter 4 – Finite Fields

Karatsuba’s Algorithm for Integer Multiplication

Data Security and Encryption (CSE348) 1. Lecture # 12 2.

MIMO continued and Error Correction Code. 2 by 2 MIMO Now consider we have two transmitting antennas and two receiving antennas. A simple scheme called.

Linear Feedback Shift Register. 2 Linear Feedback Shift Registers (LFSRs) These are n-bit counters exhibiting pseudo-random behavior. Built from simple.

Applied Symbolic Computation1 Applied Symbolic Computation (CS 300) Karatsuba’s Algorithm for Integer Multiplication Jeremy R. Johnson.

The Fast Fourier Transform and Applications to Multiplication

Information Security Lab. Dept. of Computer Engineering 87/121 PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular.

LAB SESSION 1 Design of Elliptic Curve Cryptosystem Debdeep Mukhopadhyay Chester Rebeiro Dept. of Computer Science and Engineering Indian Institute of.

1 Fast Polynomial and Integer Multiplication Jeremy R. Johnson.

Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.

An Introduction to Elliptic Curve Cryptography

Fundamental Concepts of Algebra

Abstract Algebra 2004/9/29Yuh-Ming Huang, CSIE NCNU1 Introduction to Algebra Def 2.0 ( G, ＊ ) G: a set A binary operation ＊ on G : a ＊ b  G  a,b  G.

15-499Page :Algorithms and Applications Cryptography II – Number theory (groups and fields)

Cryptography and Network Security Chapter 4 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography Lecture 14 Arpita Patra © Arpita Patra.

May 9, 2001Applied Symbolic Computation1 Applied Symbolic Computation (CS 680/480) Lecture 6: Multiplication, Interpolation, and the Chinese Remainder.

Multiplicative Group The multiplicative group of Z n includes every a, 0

CHAPTER 8 CHANNEL CODING: PART 3 Sajina Pradhan

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Class Report 林格名 : Reed Solomon Encoder. Reed-Solomom Error Correction When a codeword is decoded, there are three possible outcomes –If 2s + r < 2t (s.

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:

CS480 Cryptography and Information Security

Lecture 4 The Euclidean Algorithm

Chapter4: Finite Fields

Mathematical Background: Extension Fields

Factoring Polynomials

Cryptography and Network Security

I. Finite Field Algebra.

Cryptology Design Fundamentals

296.3:Algorithms in the Real World

Mathematical Background: Extension Finite Fields

Presentation transcript:

Hardware Implementations of Finite Field Primitives © Dept. of Computer Sc. and Engg, IIT Kharagpur Hardware Implementations of Finite Field Primitives Debdeep Mukhopadhyay Chester Rebeiro Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA 23-27 May 2011 Anurag Labs, DRDO 23-27 May 2011, Anurag Labs, DRDO

Finite Fields For any prime p ,the set GF(p)={1,2,…,p-1} along with 2 operations : addition modulo p and multiplication modulo p forms a finite field This means that You can add, subtract, or multiply any two elements in GF(p). The result would also be in GF(p). You can divide any element in GF(p) by another non-zero element, and the result is in GF(p). Multiplication distributes over addition. Such a finite field is called a Prime Field. 23-27 May 2011 Anurag Labs, DRDO

When p=2 P = {0, 1} Addition : EX-OR 0 + 0 mod 2 = 0 0 + 1 mod 2 = 1 Subtraction : EX-OR 0 - 0 mod 2 = 0 0 - 1 mod 2 = 1 1 - 0 mod 2 = 1 1 - 1 mod 2 = 0 Multiplication : AND 0 * 0 mod 2 = 0 0 * 1 mod 2 = 0 1 * 0 mod 2 = 0 1 * 1 mod 2 = 1 Division : 0/1 mod 2 = 0 1/1 mod 2 = 1 23-27 May 2011 Anurag Labs, DRDO

Extension Fields This is represented by GF(pm) Every element in the field is represented by a polynomial with coefficients in GF(p) and degree at most m-1. Example : if p=5 and m=4 3x3 + 1x2 + 4x+ 2 In a computer only the coefficients of the polynomial need to be stored. For p=2, this works well because the coefficients are either 0 or 1. Another Example : if p = 2 and m=8 x8 + x4 + x3 + x + 1 So for the example above the representation is (1 0001 1011)2 When p =2, the extension fields are called binary field 23-27 May 2011 Anurag Labs, DRDO

Irreducible Polynomial © Dept. of Computer Sc. and Engg, IIT Kharagpur Irreducible Polynomial A polynomial P(x) is said to irreducible if it cannot be factored into non-trivial polynomials in the same field. Every extension field has an irreducible polynomial of degree m which has coefficients in GF(p). All operations in the extension field is done modulo P(x) 23-27 May 2011 Anurag Labs, DRDO 23-27 May 2011, Anurag Labs, DRDO

Operations in Binary Fields Consider the binary field GF(2m) with irreducible polynomial x4 + x + 1. The elements in GF(2m) are 23-27 May 2011 Anurag Labs, DRDO

Addition in Binary Fields Addition is polynomial addition modulo 2 this is equivalent to polynomial addition using ex-ors Eg. Binary notation : (1101)2 ^ (0111)2 = (1001)2 Note that the degree of the result is always less than m. Therefore the result is naturally be in the field.w Note that unlike integer addition there are no carries generated. Hardware implementation therefore requires only m ex-or gates. 23-27 May 2011 Anurag Labs, DRDO

Subtraction in Binary Fields Subtraction is exactly same as addition and is done using ex-ors Ex: 23-27 May 2011 Anurag Labs, DRDO

Multiplication in Binary Fields If A(x), B(x) Є GF(2m) and the irreducible polynomial is P(x) then C(x) = A(x) * B(x) mod P(x) Two step process: First do a polynomial multiplication A(x) * B(x) to obtain a polynomial C’(x) of degree 2m-2 Then do a modular reduction C’(x) mod P(x) to obtain C(x). Example: In GF(24) Modular Reduction (x6 + x5 + x3 + x2) mod (x4+x+1) = (x2 + x) x3 + x2 + x x3 + x x4 + x3 + x2 x6 + x5 + x4 x6 + x5 + x3 + x2 23-27 May 2011 Anurag Labs, DRDO

Modular Reduction for Trinomials Let α be a root of the irreducible polynomial P(x) = xm + xn + 1 This means : αm + αn + 1 = 0 αm = αn + 1 αm+1 = αn+1 + α // multiplying by α αm+2 = αn+2 + α2 // multiplying again by α Thus we can reduce larger powers. 23-27 May 2011 Anurag Labs, DRDO

Modular Reduction Algorithm Example is for m=233 Output of multiplier is 465 bits Step 1: β = α[232:0] + α[464:233] + α[464:233]x74 Step 2: c = β[232:0] + β[306:233] + α[306:233]x74 We stop after 2 steps because the result is less than 233 23-27 May 2011 Anurag Labs, DRDO

Modular Reduction as a Matrix C(x) = c2m-2x2m-2 + c2m-1x2m-1 … + c2x2 + cx + 1 is the output of the polynomial multiplication then the reduced output is This can be put in the form of a matrix called Q 23-27 May 2011 Anurag Labs, DRDO

Algorithms for Polynomial Multiplication Classical Multiplier (aka. School Book Multiplier) Mastrovito Multiplier Montgomery Multiplier Karatsuba Multipliera 23-27 May 2011 Anurag Labs, DRDO

Classical Multiplier A(x) = am-1xm-1 + am-2xm-1 … + a2x2 + ax + 1 B(x) = bm-1xm-1 + bm-2xm-1 … + b2x2 + bx + 1 Then, 23-27 May 2011 Anurag Labs, DRDO

Mastrovito Multiplier 23-27 May 2011 Anurag Labs, DRDO

Montogomery Multiplier Instead of computing C(x) = A(x)B(x)mod P(x), this multiplier computes Where R(x) is chosen to result in fast reduction (eg xm) : 23-27 May 2011 Anurag Labs, DRDO

Proof of Correctness implies From Step 2 : therefore From Step 2 : Step 3 can be written as follows Substituting, 23-27 May 2011 Anurag Labs, DRDO

Karatsuba Multiplier 23-27 May 2011 Anurag Labs, DRDO

The m-bit Karatsuba Algorithm Invoke First m/2 bit Karatsuba Algorithm Invoke Second m/2 bit Karatsuba Algorithm Invoke Third m/2 bit Karatsuba Algorithm Combine the partial products 23-27 May 2011 Anurag Labs, DRDO

Combining the Partial Products 23-27 May 2011 Anurag Labs, DRDO

Recursive Karatsuba Multiplier when m = 2k 23-27 May 2011 Anurag Labs, DRDO

Recursive Karatsuba Multiplier when m ≠2k 23-27 May 2011 Anurag Labs, DRDO

Generalizing the Karatsuba Multiplier with degree 2 A(x) = a2x2 + a1x + a0 B(x) = b2x2 + b1x + b0 D0 = a0b0 , D1 = a1b1, D2 = a2b2, D0,1=(a0+a1)(b0+b1), D0,2=(a0+a2)(b0+b2), D1,2=(a1+a2)(b1+b2) C(x) = D2x4 + (D1,2x-D1-D2)x3 + (D0,2-D2- D0+D1)x2 + (D0,1-D1-D0x) + D0 23-27 May 2011 Anurag Labs, DRDO

Generalizing Karatsuba for Arbitrary Degree (d) Consider n = d + 1 23-27 May 2011 Anurag Labs, DRDO

Efficient Implementation of Karatsuba for FPGAs 23-27 May 2011 Anurag Labs, DRDO

LUTs is a costly so has to be utilized efficiently Logic Block of an FPGA LUTs is a costly so has to be utilized efficiently 23-27 May 2011 Anurag Labs, DRDO

LUT Utilization 23-27 May 2011 Anurag Labs, DRDO

Karatsuba vs Generalized Karatsuba on FPGAs 23-27 May 2011 Anurag Labs, DRDO

Hybrid Karatsuba Algorithm Invoke General Karatsuba Multiplier Split operands Invoke hybrid karatsuba recursively Combine Partial Products 23-27 May 2011 Anurag Labs, DRDO

Hybrid Karatsuba Multiplier for GF(2233) 23-27 May 2011 Anurag Labs, DRDO

Performance of the Hybrid Karatsuba Multiplier 23-27 May 2011 Anurag Labs, DRDO

Comparison with other multiplication implementations 23-27 May 2011 Anurag Labs, DRDO