Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Implementations of Finite Field Primitives

Published byCuthbert Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "Hardware Implementations of Finite Field Primitives"— Presentation transcript:

1 Hardware Implementations of Finite Field Primitives
© Dept. of Computer Sc. and Engg, IIT Kharagpur Hardware Implementations of Finite Field Primitives Debdeep Mukhopadhyay Chester Rebeiro Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA 23-27 May 2011 Anurag Labs, DRDO 23-27 May 2011, Anurag Labs, DRDO

2 Finite Fields For any prime p ,the set GF(p)={1,2,…,p-1} along with 2 operations : addition modulo p and multiplication modulo p forms a finite field This means that You can add, subtract, or multiply any two elements in GF(p). The result would also be in GF(p). You can divide any element in GF(p) by another non-zero element, and the result is in GF(p). Multiplication distributes over addition. Such a finite field is called a Prime Field. 23-27 May 2011 Anurag Labs, DRDO

3 When p=2 P = {0, 1} Addition : EX-OR 0 + 0 mod 2 = 0 0 + 1 mod 2 = 1
Subtraction : EX-OR 0 - 0 mod 2 = 0 0 - 1 mod 2 = 1 1 - 0 mod 2 = 1 1 - 1 mod 2 = 0 Multiplication : AND 0 * 0 mod 2 = 0 0 * 1 mod 2 = 0 1 * 0 mod 2 = 0 1 * 1 mod 2 = 1 Division : 0/1 mod 2 = 0 1/1 mod 2 = 1 23-27 May 2011 Anurag Labs, DRDO

4 Extension Fields This is represented by GF(pm)
Every element in the field is represented by a polynomial with coefficients in GF(p) and degree at most m-1. Example : if p=5 and m=4 3x3 + 1x2 + 4x+ 2 In a computer only the coefficients of the polynomial need to be stored. For p=2, this works well because the coefficients are either 0 or 1. Another Example : if p = 2 and m=8 x8 + x4 + x3 + x + 1 So for the example above the representation is ( )2 When p =2, the extension fields are called binary field 23-27 May 2011 Anurag Labs, DRDO

5 Irreducible Polynomial
© Dept. of Computer Sc. and Engg, IIT Kharagpur Irreducible Polynomial A polynomial P(x) is said to irreducible if it cannot be factored into non-trivial polynomials in the same field. Every extension field has an irreducible polynomial of degree m which has coefficients in GF(p). All operations in the extension field is done modulo P(x) 23-27 May 2011 Anurag Labs, DRDO 23-27 May 2011, Anurag Labs, DRDO

6 Operations in Binary Fields
Consider the binary field GF(2m) with irreducible polynomial x4 + x + 1. The elements in GF(2m) are 23-27 May 2011 Anurag Labs, DRDO

7 Addition in Binary Fields
Addition is polynomial addition modulo 2 this is equivalent to polynomial addition using ex-ors Eg. Binary notation : (1101)2 ^ (0111)2 = (1001)2 Note that the degree of the result is always less than m. Therefore the result is naturally be in the field.w Note that unlike integer addition there are no carries generated. Hardware implementation therefore requires only m ex-or gates. 23-27 May 2011 Anurag Labs, DRDO

8 Subtraction in Binary Fields
Subtraction is exactly same as addition and is done using ex-ors Ex: 23-27 May 2011 Anurag Labs, DRDO

9 Multiplication in Binary Fields
If A(x), B(x) Є GF(2m) and the irreducible polynomial is P(x) then C(x) = A(x) * B(x) mod P(x) Two step process: First do a polynomial multiplication A(x) * B(x) to obtain a polynomial C’(x) of degree 2m-2 Then do a modular reduction C’(x) mod P(x) to obtain C(x). Example: In GF(24) Modular Reduction (x6 + x5 + x3 + x2) mod (x4+x+1) = (x2 + x) x3 + x2 + x x3 + x x4 + x3 + x2 x6 + x5 + x4 x6 + x5 + x3 + x2 23-27 May 2011 Anurag Labs, DRDO

10 Modular Reduction for Trinomials
Let α be a root of the irreducible polynomial P(x) = xm + xn + 1 This means : αm + αn + 1 = 0 αm = αn + 1 αm+1 = αn+1 + α // multiplying by α αm+2 = αn+2 + α // multiplying again by α Thus we can reduce larger powers. 23-27 May 2011 Anurag Labs, DRDO

11 Modular Reduction Algorithm
Example is for m=233 Output of multiplier is 465 bits Step 1: β = α[232:0] + α[464:233] + α[464:233]x74 Step 2: c = β[232:0] + β[306:233] + α[306:233]x74 We stop after 2 steps because the result is less than 233 23-27 May 2011 Anurag Labs, DRDO

12 Modular Reduction as a Matrix
C(x) = c2m-2x2m-2 + c2m-1x2m-1 … + c2x2 + cx + 1 is the output of the polynomial multiplication then the reduced output is This can be put in the form of a matrix called Q 23-27 May 2011 Anurag Labs, DRDO

13 Algorithms for Polynomial Multiplication
Classical Multiplier (aka. School Book Multiplier) Mastrovito Multiplier Montgomery Multiplier Karatsuba Multipliera 23-27 May 2011 Anurag Labs, DRDO

14 Classical Multiplier A(x) = am-1xm-1 + am-2xm-1 … + a2x2 + ax + 1
B(x) = bm-1xm-1 + bm-2xm-1 … + b2x2 + bx + 1 Then, 23-27 May 2011 Anurag Labs, DRDO

15 Mastrovito Multiplier
23-27 May 2011 Anurag Labs, DRDO

16 Montogomery Multiplier
Instead of computing C(x) = A(x)B(x)mod P(x), this multiplier computes Where R(x) is chosen to result in fast reduction (eg xm) : 23-27 May 2011 Anurag Labs, DRDO

17 Proof of Correctness implies From Step 2 :
therefore From Step 2 : Step 3 can be written as follows Substituting, 23-27 May 2011 Anurag Labs, DRDO

18 Karatsuba Multiplier 23-27 May 2011 Anurag Labs, DRDO

19 The m-bit Karatsuba Algorithm
Invoke First m/2 bit Karatsuba Algorithm Invoke Second m/2 bit Karatsuba Algorithm Invoke Third m/2 bit Karatsuba Algorithm Combine the partial products 23-27 May 2011 Anurag Labs, DRDO

20 Combining the Partial Products
23-27 May 2011 Anurag Labs, DRDO

21 Recursive Karatsuba Multiplier when m = 2k
23-27 May 2011 Anurag Labs, DRDO

22 Recursive Karatsuba Multiplier when m ≠2k
23-27 May 2011 Anurag Labs, DRDO

23 Generalizing the Karatsuba Multiplier with degree 2
A(x) = a2x2 + a1x + a0 B(x) = b2x2 + b1x + b0 D0 = a0b0 , D1 = a1b1, D2 = a2b2, D0,1=(a0+a1)(b0+b1), D0,2=(a0+a2)(b0+b2), D1,2=(a1+a2)(b1+b2) C(x) = D2x4 + (D1,2x-D1-D2)x3 + (D0,2-D2- D0+D1)x2 + (D0,1-D1-D0x) + D0 23-27 May 2011 Anurag Labs, DRDO

24 Generalizing Karatsuba for Arbitrary Degree (d)
Consider n = d + 1 23-27 May 2011 Anurag Labs, DRDO

25 Efficient Implementation of Karatsuba for FPGAs
23-27 May 2011 Anurag Labs, DRDO

26 LUTs is a costly so has to be utilized efficiently
Logic Block of an FPGA LUTs is a costly so has to be utilized efficiently 23-27 May 2011 Anurag Labs, DRDO

27 LUT Utilization 23-27 May 2011 Anurag Labs, DRDO

28 Karatsuba vs Generalized Karatsuba on FPGAs
23-27 May 2011 Anurag Labs, DRDO

29 Hybrid Karatsuba Algorithm
Invoke General Karatsuba Multiplier Split operands Invoke hybrid karatsuba recursively Combine Partial Products 23-27 May 2011 Anurag Labs, DRDO

30 Hybrid Karatsuba Multiplier for GF(2233)
23-27 May 2011 Anurag Labs, DRDO

31 Performance of the Hybrid Karatsuba Multiplier
23-27 May 2011 Anurag Labs, DRDO

32 Comparison with other multiplication implementations
23-27 May 2011 Anurag Labs, DRDO

Download ppt "Hardware Implementations of Finite Field Primitives"

Similar presentations

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.
BCH Codes Hsin-Lung Wu NTPU.

BCH Codes Hsin-Lung Wu NTPU.
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
Cryptography and Network Security

Cryptography and Network Security
CHANNEL CODING REED SOLOMON CODES.

CHANNEL CODING REED SOLOMON CODES.
Information and Coding Theory Finite fields. Juris Viksna, 2015.

Information and Coding Theory Finite fields. Juris Viksna, 2015.
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
Chapter 11 Algebraic Coding Theory. Single Error Detection M = (1, 1, …, 1) is the m  1 parity check matrix for single error detection. If c = (0, 1,

Chapter 11 Algebraic Coding Theory. Single Error Detection M = (1, 1, …, 1) is the m  1 parity check matrix for single error detection. If c = (0, 1,
Introduction Polynomials

Introduction Polynomials
Chapter 2 : Direct Link Networks (Continued). So far... Modulation and Encoding Link layer protocols Error Detection -- Parity Check.

Chapter 2 : Direct Link Networks (Continued). So far... Modulation and Encoding Link layer protocols Error Detection -- Parity Check.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
Copyright 2008 Koren ECE666/Koren Part.6a.1 Israel Koren Spring 2008 UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Digital Computer.

Copyright 2008 Koren ECE666/Koren Part.6a.1 Israel Koren Spring 2008 UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Digital Computer.
Dirichlet’s Theorem for Polynomial Rings Lior Bary-Soroker, School of Mathematical Sciences, Sackler Faculty of Exact Sciences, Tel-Aviv University 1.

Dirichlet’s Theorem for Polynomial Rings Lior Bary-Soroker, School of Mathematical Sciences, Sackler Faculty of Exact Sciences, Tel-Aviv University 1.
Aritmética Computacional Francisco Rodríguez Henríquez An Introduction to Binary Finite Fields GF(2 m ) By Francisco Rodríguez Henríquez.

Aritmética Computacional Francisco Rodríguez Henríquez An Introduction to Binary Finite Fields GF(2 m ) By Francisco Rodríguez Henríquez.
Quiz 2 key.

Quiz 2 key.
M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,

M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,

Similar presentations

Ads by Google