Binary polynomial multiplier

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is related to the following co-pending applications, each of which is being filed concurrently with this application and is incorporated by reference: (1) U.S. patent application Ser. No. 09/788,683, titled “Partial Bitwise Permutations”; (2) U.S. patent application Ser. No. 09/788,682, titled “Configurable Instruction Sequence Generation”; (3) U.S. patent application Ser. No. 09/788,684, titled “Polynomial Arithmetic Operations”; and (4) U.S. patent application Ser. No. 09/788,685, titled “Extended Precision Accumulator”.

TECHNICAL FIELD

This invention relates to a microprocessor multiplier, and more particularly to a microcomputer multiplier supporting binary polynomial multiplication.

BACKGROUND

Reduced instruction set computer (RISC) architectures were developed as industry trends tended towards larger, more complex instruction sets. By simplifying instruction set designs, RISC architectures make it easier to use techniques such as pipelining and caching, thus increasing system performance.

RISC architectures usually have fixed-length instructions (e.g., 16-bit, 32-bit, or 64-bit), with few variations in instruction format. Each instruction in an instruction set architecture (ISA) may have the source registers always in the same location. For example, a 32-bit ISA may always have source registers specified by bits 16-20 and 21-25. This allows the specified registers to be fetched for every instruction without requiring any complex instruction decoding.

SUMMARY

Cyrptographic systems (“cryptosystems”) are increasingly used to secure transactions, to encrypt communications, to authenticate users, and to protect information. Many private-key cryptosystems, such as the Digital Encryption Standard (DES), are relatively simple computationally and frequently reducible to hardware solutions performing sequences of XORs, rotations, and permutations on blocks of data. Public-key cryptosystems, on the other hand, may be mathematically more subtle and computationally more difficult than private-key systems.

While different public-key cryptography schemes have different bases in mathematics, they tend to have a common need for integer computation across very large ranges of values, on the order of 1024 bits. This extended precision arithmetic is often modular (i.e., operations are performed modulo a value range), and in some cases polynomial instead of twos-complement. For example, RSA public-key cryptosystems use extended-precision modular exponentiation to encrypt and decrypt information and elliptic curve cryptosystems use extended-precision modular polynomial multiplication.

Public-key cryptosystems have been used extensively for user authentication and secure key exchange, while private-key cryptography has been used extensively to encrypt communication channels. As the use of public-key cryptosystems increases, it becomes desirable to increase the performance of extended-precision modular arithmetic calculations.

In one general aspect, a multiply/divide unit is provided. The multiply/divide unit includes at least one input register for storing one or more input operands, an arithmetic multiplier, a binary polynomial multiplier, and at least one result register.

Some implementations may provide an arithmetic multiplier including a multiplier array, such as, for example, a Wallace tree multiplier array. The multiplier array may include carry-save adders arranged in a tree structure and also may include carry-propagate adders.

Implementations may include Booth recoding logic to simplify computation. The multiplier/divide unit may perform 32-bit by 16-bit multiplications in two clock cycles and 32-bit by 32-bit multiplications in three clock cycles. Additional implementations may include a binary polynomial multiplier array.

The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features and advantages will be apparent from the description and drawings, and from the claims.

DESCRIPTION OF DRAWINGS

FIG. 1 is a block diagram of an exemplary five-stage pipeline that may be used in a RISC architecture.

FIG. 2 is a block diagram of a processor core including an execution unit and a multiply/divide unit.

FIG. 3 is a diagram of data paths in an implementation of a multiply/divide unit supporting binary polynomial arithmetic.

FIG. 4 is a block diagram of multiplier arrays supporting arithmetic and binary polynomial multiplication in one implementation.

FIG. 5 is a block diagram of an integer multiplier array that may be used in the implementation shown in FIG. 4.

FIG. 6 is a block diagram of a binary polynomial multiplier array that may be used in the implementation shown in FIG. 4.

FIG. 7A is a timing diagram showing the operation of 32-bit by 16-bit multiplies in one implementation.

FIG. 7B is a timing diagram showing the operation of 32-bit by 32-bit multiplies in one implementation.

FIG. 7C is a timing diagram showing the operation of divisions in one implementation.

FIG. 8 is finite state machine implementing steps for performing multiply instructions.

FIG. 9 is a finite state machine implementing steps for performing division instructions.

DETAILED DESCRIPTION

Many public-key cryptosystems use extended-precision modular arithmetic to encrypt and decrypt data. For example, many elliptic curve (EC) cryptosystems extensively use polynomial multiplication and addition to encrypt and decrypt data. Performance of elliptic curve cryptosystems may be enhanced by modifying a programmable CPU multiplier to be responsive to newly defined instructions dedicated to polynomial operations.

When using elliptic curves defined over GF(2¹⁶³) (as recommended by the IEEE 1363-2000 standard), the main operation needed is multiplication over the field GF(2¹⁶³). Each of the 2¹⁶³elements can be represented as a polynomial of degree at most 163 with coefficients equal to 0 or 1. In this representation, two elements may be added using a simple bitwise XOR, and two polynomials, a(X) and b(X), may be multiplied by computing a(X)b(X) mod P(X), where the product a(X)b(X) is a 326-degree polynomial, and P(X) is an irreducible polynomial as specified by the IEEE 1363-2000 standard.

Polynomial multiplication has the same form as modular multiplication, ab mod p, over the integers, except that: (1) regular addition is replaced by an XOR; and (2) regular 32-bit multiplication is replaced by a 32-bit carry-free multiplication. Therefore, polynomial modular multiplication may be performed using shifts and XORs instead of shifts and adds.

It is desirable to provide a multiply/divide unit that supports fast polynomial multiplication and various other operations to increase the performance of cryptographic and other systems.

Referring to FIG. 1, an exemplary microprocessor architecture that may be used to implement polynomial multiplication includes a five-stage pipeline in which each instruction is executed in, for example, five clock cycles. The execution of each instruction is divided into five stages: instruction fetch (IF) stage 1001, register read (RD) stage 1002, arithmetic/logic unit (ALU) stage 1003, memory (MEM) stage 1004, and write back (WB) stage 1005. In the IF stage 1001, a specified instruction is fetched from an instruction storage. A portion of the fetched instruction is used to specify source registers that may be used in executing the instruction. In the read registers (RD) stage 1002, the system fetches the contents of the specified source registers. These fetched values may be used to perform arithmetic or logical operations in the ALU stage 1003. In the MEM stage 1004, an executing instruction may read/write memory in a data storage. Finally, in the WB stage 1005, values obtained by the execution of the instruction may be written back to a register.

Because the results of some operations, such as floating point calculations and integer multiply/divide, may be not be available in a single clock cycle, instructions to perform these operations merely initiate execution. After sufficient clock cycles have passed, another instruction may be used to retrieve a result. For example, when an integer multiply instruction takes five clock cycles, one instruction may initiate the multiplication calculation, and another instruction may load the results of the multiplication into a register after the multiplication has completed. If a multiplication has not completed by the time a result is requested, the pipeline may stall until the result is available.

Referring to FIG. 2, an exemplary RISC architecture is provided by way of example. The processor core 2000 includes: an execution unit 2010, a multiply/divide unit (MDU) 2020, a system control coprocessor (CP0) 2030, a memory management unit 2040, a cache controller 2050, and a bus interface unit (BIU) 2060. MDU 2020 is a combined multiply/divide unit in one implementation. Other implementations may provide separate multiply and divide units.

Execution unit 2010 is the primary mechanism for executing instructions within processor core 2000. Execution unit 2010 includes a register file 2011 and an arithmetic logic unit (ALU) 2012. In one implementation, the register file 2011 includes 32 32-bit general-purpose registers that may be used, for example, in scalar integer operations and address calculations. The register file 2011, which includes two read ports and one write port, may be fully bypassed to minimize operation latency in the pipeline. ALU 2012 supports both logical and arithmetic operations, such as addition, subtraction, and shifting.

The MDU 2020 includes three registers (ACX 2021, HI 2022, and LO 2023) that may be used for various operations. In accordance with one implementation, these three registers may be used together to hold up to a 72-bit value. In one implementation, LO register 2023 and HI register 2022 are each 32 bits wide and function as dedicated output registers of MDU 2020. In one implementation, ACX register 2021 provides 8 bits of additional integer precision beyond those provided by the HI/LO register pair. The precise number of bits is implementation dependent, with the preferred minimum size being 2 bits. For processors with 32 bit data paths, the preferred maximum size of the ACX register is 32 bits. In contrast, for processors with 64 bit data paths, the preferred maximum size of the ACX register is 64 bits. Hence, in a processor with 32-bit wide HI and LO registers, the combination of ACX/HI/LO can hold a concatenated value having more than 64 bits.

The MDU 2020 may be used to perform various operations including some or all of the following instructions, which are described below: DIV, DIVU, MADD, MADDU, MFHI, MFLO, MSUB, MSUBU, MTHI, MTLO, MUL, MULT, MULTU, MFLHXU, MTLHX, MADDP, MULTP, and PPERM.

The instructions MUL, MULT, and MULTU may be used to multiply two 32-bit numbers together. The result is stored in a specified register for MUL, and in the HI/LO registers for MULT and MULTU. For example, “MUL $7, $6, $5” multiplies the contents of registers $6 and $5 together and stores the result in register $7. The instruction “MULT $6, $5” multiplies the contents of registers $6 and $5 together and stores the result in the HI/LO registers. The MULTU instruction performs the same operation as MULT; however, MULTU applies to unsigned operands and MULT applies to signed operands. Additionally, the MULTU instruction clears the ACX register to all zeros.

The instructions DIV and DIVU perform division operations and store the results in the accumulator registers. For example, “DIV $6, $5” divides the contents of register $6 by the contents of register $5 and stores the quotient in the LO register and the remainder in the HI register. The DIVU instruction performs the analogous operation on unsigned operands.

The instructions MSUB, MSUBU, MADD, and MADDU may be used to multiply the contents of two registers and then add or subtract the contents of the ACX/HI/LO registers. For example, “MSUB $6, $5” multiplies the contents of registers $6 and $5 together, subtracts the result from the contents of the ACX/HI/LO registers, and then stores the result in the ACX/HI/LO registers. The MADD instruction similarly multiplies the contents of two registers, adds the result to the ACX/HI/LO registers, and stores the result in the ACX/HI/LO registers. The MSUBU and MADDU perform the analogous operations to unsigned operands. In some implementations, the value written to the ACX register is only defined in a subset of these operations.

The following instructions are used to move data between the ACX/HI/LO registers and general purpose registers: MFHI, MFLO, MTHI, MTLO, MFLHXU, and MTLHX. The first instruction, MFHI, loads the contents of the HI register into a general purpose register. For example, “MFHI $5” loads the contents of the HI register into register $5. Similarly, MFLO loads the contents of the LO register into a general purpose register. Conversely, the instructions MTHI and MTLO are used to load the contents of a general purpose register into the HI or LO registers. For example, “MTHI $5” loads the contents of register $5 into the HI register.

In one implementation, the content of the ACX register is not directly accessible. To indirectly access the ACX register, the values stored in the ACX/HI/LO registers may be shifted to the left or right. For example, “MFLHXU $5” shifts contents of the ACX, HI, and LO registers to the right by one register position and loads the contents of the LO register into register $5. Thus, after performing the operation, the ACX register is zero, the HI register contains the previous contents of the ACX register, the LO register contains the previous contents of the HI register, and the $5 register contains the previous contents of the LO register. If the ACX register is narrower than the HI register, the contents of the ACX register may be zero-extended appropriately before loading the HI register. The MTLHX performs the inverse operation. For example, “MTLHX $5” loads the ACX register with the low-order 8 bits of the previous contents of the HI register, loads the HI register with the previous contents of the LO register, and loads the LO register with the contents of the $5 register.

The PPERM operation performs permutations as specified in a register, storing the result in the ACX/HI/LO registers. For example, “PPERM $5, $6” causes the ACX/HI/LO registers to be shifted 6-bits to the left. Then, low-order six bits are selected from register $5 as specified by register $6. In particular, the 32-bit contents of register $6 are used to select which bits of register $5 will be used to fill the low-order bits of the ACX/HI/LO registers. Since there are 32 bits in register $5, 5 bits are needed to specify a specific one of the 32 bits. For example, “01101” is binary for the number 13. Thus, these five bits may specify bit 13. Similarly, “00000” is binary for 0 and “11111” is binary for 31. Thus, any one of the 32 bits may be specified using a 5-bit specifier, and 6 bits may be specified using 30 bits (i.e., 6 5-bit specifiers).

Register $6 may specify the bits of register $5 used to fill the low-order bits of −20 ACX/HI/LO as follows: bits 0-4 are used to specify the source of bit 0, bits 5-9 are used to specify bit 1, bits 10-14 are used to specify bit 2, bits 15-19 are used to specify bit 3, bits 20-24 are used to specify bit 4, and bits 25-29 are used to specify bit 5. The remaining bits, 30-31, may be unused. Thus, the instruction is performed using the specifiers as described to fill the lowest 6 bits of the LO register with the specified bits from register $5.

Finally, MULTP may be used to perform binary polynomial multiplication and MADDP may be used to perform binary polynomial multiplication with the result added to the ACX/HI/LO registers. These operations are analogous to MULT and MADD, but operate on binary polynomial operands.

The polynomial operands of MULTP and MADDP are encoded in 32-bit registers with each bit representing a polynomial coefficient. For example, the polynomial “x⁴+x+1” would be encoded as “110011” because the coefficients of x³and x²are “0” and the remaining coefficients are “1”. The MULTP instruction performs binary polynomial multiplication on two operands. For example,

(x⁴+x+1)(x+1)=x⁵+x⁴+x²+2x+1.

Reducing the polynomial modulo two, yields x⁵+x⁴+x²+1. If the polynomials are encoded in the binary representation above, the same multiplication may be expressed as (10011)(11)=110101.

The MADDP instruction performs multiplication just as MULTP, and then adds the result to the ACX/HI/LO registers. Polynomial addition may be performed using a bitwise XOR. For example, the binary polynomial addition (x⁴+x+1)+(x+1) yields x⁴+2x+2. Reducing the coefficients modulo 2 yields x⁴which may be expressed as “10000”.

Referring to FIG. 3, MDU 2020 receives two 32-bit operands, RS and RT. Using these operands, MDU 2020 performs a requested operation and stores a result in registers ACX 2021, HI 2022, and LO 2022. Major data paths that may be used to perform these operations are shown in FIG. 3. The RShold register 3010 and the RThold register 3012 are used to hold the RS and RT operands. Multiplexers 3020, 3022, and 3024 are used to select whether to use the RS and RT operands directly or to use the values stored in RShold 3010 and RThold 3012. Additionally, multiplexer 3022 may be used to select between the low-order and high-order bits of RT.

The RThold register 3012 is connected to multiplexer 3022. Multiplexer 3022 produces a 16-bit result by selecting the high-order bits of RThold 3012, the low-order bits of RThold 3012, the high-order bits of the RT operand, or the low-order bits of the RT operand. The output from multiplexer 3022 is processed by Booth recoder 3040 and stored in register RTB 3042. The output of register RTB 3042 becomes the input SEL 3034 to array unit 3030.

Array unit 3030 is used to perform arithmetic and binary polynomial multiplication as described below with reference to FIG. 4. Array unit 3030 takes as inputs ACC13031, ACC23032, M 3033, SEL 3034, and RThold 3012. Inputs ACC13031 and ACC23032 are accumulated results used for operations that perform a multiplication and add or subtract the resulting value from an accumulated result. The inputs SEL 3034 (determined by register RTB 3042) and M 3033 (determined by register RShold 3011) form the operands for arithmetic operations. The inputs RThold 3012 (or the high-order or low-order bits of RThold 3012) and M 3033 (determined by RShold 3011) form operands for polynomial operations and permutations. Combinations of these inputs are used to perform various calculations as described in detail below.

Array unit 3030 also includes two outputs, ResultC 3035 and ResultS 3036. In performing arithmetic operations, carry-save adders (CSAs) may be used to build a multiplication array. Carry-save adders calculate sums and carries separately to produce two outputs. Thus, ResultC 3035 and ResultS 3036 represent the carry and the sum outputs of a CSA multiplier array. In one implementation, ACC13031, ACC23032, ResultC 3035, and ResultS 3036 are each 72 bits long (to support a 72-bit extended-precision accumulator with an 8-bit ACX register, a 32-bit HI register, and a 32-bit LO register) and the remaining inputs are at most 32 bits long. Inputs ACC13031 and ACC23032 may be selected using multiplexers 3037 and 3038.

Multiplexers 3050 and 3052 are used to select values as inputs to registers CPAA 3054 and CPAB 3056. For example, multiplexer 3050 may be used to select ResultC 3035, the output of CPA 3058, operand RS, or RShold 3010, and multiplexer 3052 may be used to select ResultS 3036, the value 0, operand RT, or RThold 3012. These registers store the inputs to carry-propagate adder (CPA) 3058. CPA 3058 may be used to complete multiplication operations (multiplies) and to perform iterative division operations (divides) as discussed below.

Register RDM 3060 stores the result of CPA 3058. Finally, multiplexer 3070 selects which values form the result to be loaded into registers ACX, HI, and LO. Multiplexer 3070 may be used to select the ACX/HI/LO registers, RDM 3060, or the result of CPA 3058. Multiplexer 3072 may be used to instead load various permutations of the result selected by multipexer 3070. Multiplexer 3072 is used to perform various shifts of the computed result and concatenations with RShold 3010 by selecting from the following values (forming 72-bit values when concatenated): (1) the 72-bit output of multiplexer 3070; (2) the 8 high-order bits of multiplexer 3070, the contents of RShold 3010, and the 32 low-order bits of multiplexer 3070; (3) the 40 high-order bits of multiplexer 3070 and the contents of RShold 3010; (4) the 40 low-order bits of multiplexer 3070 and the contents of RShold 3010; and (5) the 40 high-order bits of multiplexer 3070 (with 32 leading zeros).

Some operations cause the values stored in the result registers ACX, HI, and LO to be modified as part of a read operation. For this reason, a separate result register 3080 may be provided to store the high-order and low-order result without the accumulator ACX.

The data path described below includes six major parts: (1) input registering and selection; (2) Booth recoding; (3) multiplier arrays and permutation logic; (4) a carry-propagate adder; (5) result registering and selection; and (6) a separate 32-bit output register for presenting results.

Input registering and selection is performed using the RShold and RThold registers to hold the RS and RT operands. Multiplexers select whether to use these operands directly or to use the registered versions. Booth recoding is performed on half of the RT operand at a time to provide inputs to the multiplier arrays and permutation logic. Hennessy and Patterson describe Booth recoding in Appendix A of “Computer Architecture: A Quantitative Approach,” Morgan Kaufmann Publishers, Inc. (1996), which is hereby incorporated by reference in its entirety for all purposes.

One array of array unit 3030 performs arithmetic multiplication and one array of array unit 3030 performs binary polynomial multiplication. In one implementation, both arrays are 32 bits by 16 bits (32×16) and are used once or twice depending on the size of the RT operand (i.e., an appropriate array is used once when the value of RT can be held in the low-order 16 bits and twice otherwise). The CPA may be used to complete multiplies and perform iterative divides. Other implementations may include faster mechanisms for performing divides.

The arithmetic multiplication array may be implemented using any of the techniques described by Hennessy and Patterson in “Computer Architecture: A Quantitative Approach,” Morgan Kaufmann Publishers, Inc. (1996), which is incorporated by reference in its entirety for all purposes. For example, Appendix A of Hennessy and Patterson describes several ways to speed up arithmetic multipliers. Any of the described techniques may be used as a basis for the polynomial multiplication extensions described below.

Referring to FIG. 4, array unit 3030 includes two parallel multipliers (Marray 4100 and MParray 4200) and permutation logic 4300. The first array, Marray 4100, performs arithmetic multiplication as described below with reference to FIG. 5. Marray 4100 uses the following inputs as described above: ACC13031, ACC23032, M 3033, and SEL 3034. The outputs include ResultC 3035 and ResultS 3036. The second array, MParray 4200, performs binary polynomial multiplication as described below with reference to FIG. 6. MParray 4200 uses the following inputs as described above: the low-order bits of RThold 3012 or the high-order bits of RThold 3012; RShold 3010; and ACC13031. The output of MParray 4200 is ResultC 3036. Finally, permutation logic 4300 is used to perform various permutations on the low-order bits of RShold 3010 based on the value stored in RThold 3012.

Referring to FIG. 5, Marray 4100 is a 32-bit by 16-bit Wallace tree multiplier array that has been modified to support the addition of two 72-bit wide operands ACC1 and ACC2. The ACC1 and ACC2 operands hold a carry-save representation of a 72-bit value. Because additions are already performed to carry out multiplications (i.e., by the carry-save adders (CSAs)), an additional adder may be included to add ACC1 and ACC2 to intermediate results of multiplications. Marray 4100 generates a 72-bit wide result in a carry-save representation. Since 32×16 bits are processed per cycle, two passes through the array are required for 32×32 bit multiplies.

Array Marray 4100 is implemented as a Wallace tree built from arrays of carry-save adders. The width of these arrays may vary. Because the accumulate value from the previous array pass is input late into the array, the accumulate value does not need to come directly from a register. Booth recoding is performed using the method of overlapping triplets to more efficiently process multiplications. The output of Booth recoding tells whether to add operand M multiplied by −2, −1, 0, 1, or 2 for each power of 4. The multiplexers on the top-level CSA inputs are used to select the corresponding multiple of M.

Array Marray 4100 accumulates eight products from the Booth recoding plus one special partial product. The latter may be used for 32-bit unsigned calculations using the “0” and “1x” choices from the multiplexers. Within the Wallace tree, operands may be sign-extended to properly accumulate 2's complement results.

Referring to FIG. 6, binary polynomial-based multiplication operations are processed similarly to corresponding unsigned arithmetic operations. In one implementation, MParray 4200 is a 32×16 bit array that also performs an addition using exclusive-or (XOR) on an operand, for example, ACC1. As with Marray 4100, 32×16 bits are processed per cycle and two passes through the array may be used for 32×32 multiplies. In the first cycle, ACC1 is zero (for a MULTP operation) or the previous result (for a MADDP operation). In a second cycle, ACC1 is the high order bits of the output from the first cycle.

MParray 4200 multiplies two operands (e.g., OpA and OpB) using an array with each row formed by taking the AND of OpA and a bit of OpB. For example, the first row is the logical AND of OpA and bit 0 of OpB. Row two is the logical AND of OpA and bit 1 of OpB. The result of each successive row is shifted one bit to the left. The final result is formed by taking the exclusive-or (XOR) of each column. Because bitwise XOR may be used to perform addition in binary polynomial arithmetic, an accumulator row may be added to array MParray 4200 to support instructions such as MADDP.

In one implementation, permutation logic 4300 is used to support the PPERM instruction described above. Permutation logic 4300 consists of 6 single bit 32:1 selectors that may be used to select any 6 of the 32 bits of RShold 3010 based on the value of RThold 3012.

For example, permutation logic 4300 may be used to execute the instruction “PPERM $5, $6”. Permutation logic 4300 uses 6 5-bit selectors determined by RThold 3012 to identify which bits to include as output from RShold 3010. For example, if register $5 contains the low-order bits “010101”, then the selector “00010” would choose bit 2 (i.e., the third bit from the right) containing “1”. If RThold 3012 contains the low-order bits “0001000011”, then bit 2 (containing a “1”) and bit 3 (containing a “0”) will be selected yielding “10”. Using this method, permutation logic 4300 may select bits from RShold 3010 to generate 6 bits based on RThold 3012. The resulting 6 bits concatenated to the 66 low-order bits of ACC1 to form the result. This effectively shifts the 66 low-order bits of ACC1 six bits to the left and replaces the 6 low-order bits with the output of the permutation logic 4300.

Three multiplexers shown in FIG. 4 are used to select either zero or the sum output of Marray 4100 to form ResultS 3036; and the output of Marray 4100, MParray 4200, or permutation logic 4300 to form ResultC 3035.

Referring again to FIG. 1, MDU 2020 starts a computation in the first cycle of the ALU stage of the pipeline 1003. If the calculations complete before the instruction has moved past the MEM stage 1004 in the pipeline, then the result is held at that point. If the operation completes when the instruction has been moved past the MEM 1004 in the pipeline, then the instruction has been committed and the results are written directly to the ACX/HI/LO registers.

The MDU 2020 is decoupled from the environment pipeline; it does not stall with the environment. That is to say the MDU 2020 will continue its computation during pipeline stalls. In this way, multi-cycle MDU operations may be partially masked by system stalls and/or other, non-MDU instructions.

Referring to FIG. 7A, for 32×16 bit multiplies, the pipeline flow through MDU 2020 is as follows. The first cycle may be used for Booth recoding. The second cycle is where the array is run and the third cycle is where the CPA 3058 completes the computation. The result of a 32×16 bit multiply is available soon enough for a following MFxx instruction without stalling the pipeline. A 32×16 MUL, which returns the result directly to a general purpose register (GPR) may stall for one cycle.

Referring to FIG. 7B, for 32×32 bit multiplies, the array is used twice, which adds one extra clock cycle to the 32×16 bit multiplications. As the first array pass is completing for the first portion of operand RT, Booth recoding is performed on the second portion of the operand. Thus, the Booth recoded portion of RT is available to begin the second pass through the array immediately after the first pass is complete. The multiplication result is then calculated using CPA 3058.

Referring to FIG. 7C, a simple non-restoring division algorithm may be used for positive operands. The first cycle is used to negate RS, if needed. Following that, a varying number of iterative add/subtracts are performed. The actual number is based on the amount of leading zeros on the positive RS operand. A final remainder adjust may be needed if the remainder was negative. For timing reasons, this cycle is taken even if the remainder adjust is not needed. Finally, sign adjustment is performed if needed on the quotient and/or remainder. If both operands are positive, this cycle may be skipped.

Some applications demand faster division. Many techniques may be used to increase the performance of division. For example, the Sweeney, Robertson, and Tocher (SRT) algorithm or some variation thereof may be used.

Referring to FIG. 8, multiplication operations are implemented using a finite state machine. Multiplication begins in IDLE state 8010. The multiplier stays in the idle state until the start signal is asserted. Then, the multiplier transitions to either the ARR1 state 8020 or the ARR2A state 8030 depending on whether operand RT contains a 32-bit or 16-bit value. If a 32-bit value is stored in RT, then the system transitions to state ARR2B 8040 where the second array pass is run. If a 16-bit value is stored in operand RT, the multiplication is run through the array unit in state ARR18020.

In this implementation, the multiplier is pipelined. One multiplication may be run through the array unit and another through the CPA. Thus, the multiplier either transitions from ARR18020 or ARR2B 8040 to state CPA 8050 if there is no additional multiplication to perform, or begins a second multiplication. If no additional multiplication is needed, the multiplier is run through CPA 8050 and then either returns to IDLE 8010 or begins a new multiplication as discussed above.

If a second multiplication is ready to be performed when the first multiplication is ready to be run through the CPA, then the multiplier either transitions to CPA18060 (for a 32×16 multiplication) or CPA2A 8070 (for a 32×32 multiplication). In state CPA18060, the first multiplication is run through the CPA and the second multiplication is run through the array unit. The multiplier then transitions to state CPA 8050 to finalize the second multiplication.

If the second multiplication is a 32-bit multiplication, then in state CPA2A 8070 the first multiplication is run through the CPA and the second multiplication is run through the array unit. The multiplier then transitions to state ARR2B 8040 to complete the 32×32 multiplication. This pipelined approach allows 32×16 multiplications to be issued every clock cycle, with a two-cycle latency. Also, 32×32 multiplications may be issued every other clock cycle, with a three-cycle latency.

Referring to FIG. 9, iterative division operations may be implemented using a finite state machine. In one implementation, the MDU begins in IDLE state 9010. When a signal is received to begin a division operation, the MDU either transitions to DIV19020 if the operation is signed or DIV1U 9030 if the operation is unsigned. States DIV19020 and ERLY 9040 are used to prepare signed operands for division, adjusting the signs as necessary. States DIV1U 9030 and ERLYU 9050 are used to prepare an unsigned division operation. In states ERLY 9040 and ERLYU 9050, leading zeros are detected in operand RS to adjust the number of division iterations necessary.

Iterative division is performed in states DIV 9060 and DIVU 9070. Division may be performed by using a series of iterative add/subtracts and shifts. Finally, the remainders are finalized in states REM 9080 and REMU 9090. If either of the operands is negative, sign adjustment is performed in state SGN 9100.

In addition to multiplier implementations using hardware (e.g., within a microprocessor or microcontroller) implementations also may be embodied in software disposed, for example, in a computer usable (e.g., readable) medium configured to store the software (i.e., a computer readable program code). The program code causes the enablement of the functions or fabrication, or both, of the systems and techniques disclosed herein. For example, this can be accomplished through the use of general programming languages (e.g., C, C++), hardware description languages (HDL) including Verilog HDL, VHDL, AHDL (Altera HDL) and so on, or other available programming and/or circuit (i.e., schematic) capture tools. The program code can be disposed in any known computer usable medium including semiconductor, magnetic disk, optical disk (e.g., CD-ROM, DVD-ROM) and as a computer data signal embodied in a computer usable (e.g., readable) transmission medium (e.g., carrier wave or any other medium including digital, optical, or analog-based medium). As such, the code can be transmitted over communication networks including the Internet and intranets.

It is understood that the functions accomplished and/or structure provided by the systems and techniques described above can be represented in a core (e.g., a microprocessor core) that is embodied in program code and may be transformed to hardware as part of the production of integrated circuits. Also, the systems and techniques may be embodied as a combination of hardware and software. Accordingly, other implementations are within the scope of the following claim.

Claims

1. A programmable CPU multiplier responsive to instructions dedicated to polynomial operations, comprising: an array unit responsive to instructions dedicated to polynomial operations, the array unit having: a first array that is used to perform arithmetic multiplication, the first array having a first result output and a second result output; anda second array that is used to perform binary polynomial multiplication, the second array having a third result output; anda carry propagation adder having a first input, a second input, and an output, whereinthe first input of the carry propagation adder is selectively coupled to the first result output of the first array,the second input of the carry propagation adder is selectively coupled to the second result output of the first array and the third result output of the second array, andthe output of the carry propagation adder is stored in a register to provide an output of the polynomial operations.
2. The programmable CPU multiplier of claim 1, further comprising: a first multiplexer coupled to the first result output of the first array;a first register coupled between an output of the first multiplexer and the first input of the carry propagation adder;a second multiplexer coupled to the second result output of the first array; anda second register coupled between an output of the second multiplexer and the second input of the carry propagation adder.
3. The programmable CPU multiplier of claim 2, wherein the third result output of the second array is coupled to an input of the second multiplexer.
4. The programmable CPU multiplier of claim 2, wherein an output of the first register is coupled to an input of the first array and an input of the second array.
5. The programmable CPU multiplier of claim 2, wherein an output of the second register is coupled to an input of the first array.
6. The programmable CPU multiplier of claim 1, wherein the first array includes a plurality of carry-save adders arranged in a tree structure.
7. The programmable CPU multiplier of claim 1, wherein the first array is a Wallace tree multiplier array.
8. The programmable CPU multiplier of claim 1, wherein the first array is a 32-bit by 16-bit array.
9. The programmable CPU multiplier of claim 1, wherein the second array is a 32-bit by 16-bit array.
10. The programmable CPU multiplier of claim 1, wherein the processor performs 32-bit by 32-bit multiplications.
11. The programmable CPU multiplier of claim 1, wherein the processor multiplies a first operand and a second operand to form a resultant value, the first operand being provided to a first input of the first array and the second operand being provided to a second input of the first array, and wherein the resultant value is available at an output of the carry propagation adder.
12. The programmable CPU multiplier of claim 1, wherein the processor multiplies a first polynomial value and a second polynomial value to form a resultant value, the first polynomial value being provided to a first input of the second array and the second polynomial value being provided to a second input of the second array, and wherein the resultant value is available at an output of the carry propagation adder.
13. A tangible computer-readable storage medium comprising a programmable CPU multiplier responsive to instructions dedicated to polynomial operations embodied in software, the programmable CPU multiplier comprising: an array unit responsive to instructions dedicated to polynomial operations, the array unit having: a first array that is used to perform arithmetic multiplication, the first array having a first result output and a second result output; anda second array that is used to perform binary polynomial multiplication, the second array having a third result output; anda carry propagation adder having a first input, a second input, and an output, whereinthe first input of the carry propagation adder is selectively coupled to the first result output of the first array,the second input of the carry propagation adder is selectively coupled to the second result output of the first array and the third result output of the second array, andthe output of the carry propagation adder is stored in a register to provide an output of the polynomial operations.
14. The tangible computer-readable storage medium of claim 13, wherein the programmable CPU multiplier embodied in software further comprises: a first multiplexer coupled to the first result output of the first array;a first register coupled between an output of the first multiplexer and the first input of the carry propagation adder;a second multiplexer coupled to the second result output of the first array; anda second register coupled between an output of the second multiplexer and the second input of the carry propagation adder.
15. The tangible computer-readable storage medium of claim 14, wherein the third result output of the second array is coupled to an input of the second multiplexer.
16. The tangible computer-readable storage medium of claim 15, wherein an output of the first register is coupled to an input of the first array and an input of the second array.
17. The tangible computer-readable storage medium of claim 15, wherein an output of the second register is coupled to an input of the first array.
18. The tangible computer-readable storage medium of claim 13, wherein the first array includes a plurality of carry-save adders arranged in a tree structure.
19. The tangible computer-readable storage medium of claim 13, wherein the first array is a Wallace tree multiplier array.
20. The tangible computer-readable storage medium of claim 13, wherein the first array is a 32-bit by 16-bit array.
21. The tangible computer-readable storage medium of claim 13, wherein the second array is a 32-bit by 16-bit array.
22. The tangible computer-readable storage medium of claim 13, wherein the programmable CPU multiplier performs 32-bit by 32-bit multiplications.
23. The tangible computer-readable storage medium of claim 13, wherein the programmable CPU multiplier multiplies a first operand and a second operand to form a resultant value, the first operand being provided to a first input of the first array and the second operand being provided to a second input of the first array, and wherein the resultant value is available at an output of the carry propagation adder.
24. The tangible computer-readable storage medium of claim 13, wherein the programmable CPU multiplier multiplies a first polynomial value and a second polynomial value to form a resultant value, the first polynomial value being provided to a first input of the second array and the second polynomial value being provided to a second input of the second array, and wherein the resultant value is available at an output of the carry propagation adder.
25. The tangible computer-readable storage medium of claim 13, wherein the programmable CPU multiplier is embodied in hardware description language software.
26. The tangible computer-readable storage medium of claim 13, wherein the programmable CPU multiplier is embodied in one of Verilog hardware description language software and VHDL hardware description language software.
27. A system, comprising: a processor for performing multiplication, the processor including:an execution unit responsive to a first set of instructions, and a multiply-divide unit, responsive to a second set of instructions dedicated to polynomial operations, the multiply-divide unit comprising: an array unit in the processor for performing multiplication having: a first array that is used to perform arithmetic multiplication, the first array having a first result output and a second result output, anda second array that is used to perform binary polynomial multiplication, the second array having a third result output, anda carry propagation adder having a first input, a second input, and an output, wherein the first input of the carry propagation adder is selectively coupled to the first result output of the first array,the second input of the carry propagation adder is selectively coupled to the second result output of the first array and the third result output of the second array, andthe output of the carry propagation adder is stored in a register to provide an output of the polynomial operations; anda memory coupled to the processor to store the first and second set of instructions.
28. The system of claim 27, wherein the multiply-divide unit further comprises: a first multiplexer coupled to the first result output of the first array;a first register coupled between an output of the first multiplexer and the first input of the carry propagation adder;a second multiplexer coupled to the second result output of the first array; anda second register coupled between an output of the second multiplexer and the second input of the carry propagation adder.
29. The system of claim 28, wherein the third result output of the second array is coupled to an input of the second multiplexer.
30. The system of claim 29, wherein an output of the first register is coupled to an input of the first array and an input of the second array.
31. The system of claim 29, wherein an output of the second register is coupled to an input of the first array.
32. The system of claim 27, wherein the first array includes a plurality of carry-save adders arranged in a tree structure.
33. The system of claim 27, wherein the first array is a Wallace tree multiplier array.
34. The system of claim 27, wherein the first array is a 32-bit by 16-bit array.
35. The system of claim 27, wherein the second array is a 32-bit by 16-bit array.
36. The system of claim 27, wherein the multiply-divide unit performs 32-bit by 32-bit multiplications.
37. The system of claim 27, wherein the multiply-divide unit multiplies a first operand and a second operand to form a resultant value, the first operand being provided to a first input of the first array and the second operand being provided to a second input of the first array, and wherein the resultant value is available at an output of the carry propagation adder.
38. The system of claim 27, wherein the multiply-divide unit multiplies a first polynomial value and a second polynomial value to form a resultant value, the first polynomial value being provided to a first input of the second array and the second polynomial value being provided to a second input of the second array, and wherein the resultant value is available at an output of the carry propagation adder.
39. The system of claim 27, wherein operation of the multiply-divide unit is decoupled from operation of the execution unit.

US Referenced Citations (210)

Number	Name	Date	Kind
3614406	Brown	Oct 1971	A
3642744	Moberly et al.	Feb 1972	A
3654621	Bock et al.	Apr 1972	A
3916388	Shrimp et al.	Oct 1975	A
4023023	Bourrez et al.	May 1977	A
4109310	England et al.	Aug 1978	A
4126896	Yamazaki	Nov 1978	A
4128880	Cray, Jr.	Dec 1978	A
4130880	Nutter	Dec 1978	A
4173041	Dvorak et al.	Oct 1979	A
4219874	Gusev et al.	Aug 1980	A
4302820	Struger et al.	Nov 1981	A
4307445	Tredennick et al.	Dec 1981	A
4317170	Wada et al.	Feb 1982	A
4394736	Bernstein et al.	Jul 1983	A
4396982	Wada et al.	Aug 1983	A
4434462	Guttag et al.	Feb 1984	A
4491910	Caudel et al.	Jan 1985	A
4495598	Vahlstrom et al.	Jan 1985	A
4507731	Morrison et al.	Mar 1985	A
4511990	Hagiwara et al.	Apr 1985	A
4520439	Liepa	May 1985	A
4538239	Magar	Aug 1985	A
4583199	Boothroyd et al.	Apr 1986	A
4586130	Butts, Jr. et al.	Apr 1986	A
4771463	Beeman	Sep 1988	A
4773006	Kinoshita et al.	Sep 1988	A
4809212	New et al.	Feb 1989	A
4811215	Smith	Mar 1989	A
4814976	Hansen et al.	Mar 1989	A
4825363	Baumann et al.	Apr 1989	A
4829380	Iadipaolo	May 1989	A
4847801	Tong	Jul 1989	A
4852037	Aoki	Jul 1989	A
4860192	Sachs et al.	Aug 1989	A
4868777	Nishiyama et al.	Sep 1989	A
4878174	Watkins et al.	Oct 1989	A
4879676	Hansen	Nov 1989	A
4884197	Sachs et al.	Nov 1989	A
4891781	Omura	Jan 1990	A
4899275	Sachs et al.	Feb 1990	A
4924435	Brunvand et al.	May 1990	A
4928223	Dao et al.	May 1990	A
4949250	Bhandarkar et al.	Aug 1990	A
4992934	Portanova et al.	Feb 1991	A
5005118	Lenoski	Apr 1991	A
5073864	Methvin et al.	Dec 1991	A
5136696	Beckwith et al.	Aug 1992	A
5150290	Hunt	Sep 1992	A
5177701	Iwasa	Jan 1993	A
5181183	Miyazaki	Jan 1993	A
5185713	Kobunaya	Feb 1993	A
5193202	Jackson et al.	Mar 1993	A
5220656	Itomitsu et al.	Jun 1993	A
5222244	Carbine et al.	Jun 1993	A
5235686	Bosshart	Aug 1993	A
5280439	Quek et al.	Jan 1994	A
5280593	Bullions, III et al.	Jan 1994	A
5299147	Holst	Mar 1994	A
5392228	Burgess et al.	Feb 1995	A
5392408	Fitch	Feb 1995	A
5396502	Owsley et al.	Mar 1995	A
5418915	Matuda et al.	May 1995	A
5452241	Desrosiers et al.	Sep 1995	A
5479620	Kiyohara et al.	Dec 1995	A
5499299	Takenaka et al.	Mar 1996	A
5502829	Sachs	Mar 1996	A
5513366	Agarwal et al.	Apr 1996	A
5517438	Dao-Trong et al.	May 1996	A
5537562	Gallup et al.	Jul 1996	A
5537629	Brown et al.	Jul 1996	A
5550768	Ogilvie et al.	Aug 1996	A
5559974	Boggs et al.	Sep 1996	A
5560028	Sachs et al.	Sep 1996	A
5581773	Glover	Dec 1996	A
5590345	Barker et al.	Dec 1996	A
5598571	Gallup et al.	Jan 1997	A
5664136	Witt et al.	Sep 1997	A
5666298	Peleg et al.	Sep 1997	A
5669010	Duluk, Jr.	Sep 1997	A
5671401	Harrell	Sep 1997	A
5673407	Poland et al.	Sep 1997	A
5696937	White et al.	Dec 1997	A
5713035	Ferrell et al.	Jan 1998	A
5717910	Henry	Feb 1998	A
5721892	Peleg et al.	Feb 1998	A
5726927	Wolrich et al.	Mar 1998	A
5729554	Weir et al.	Mar 1998	A
5729724	Sharangpani et al.	Mar 1998	A
5729728	Colwell et al.	Mar 1998	A
5734600	Dieffenderfer et al.	Mar 1998	A
5734874	Van Hook et al.	Mar 1998	A
5740340	Purcell et al.	Apr 1998	A
5748979	Trimberger	May 1998	A
5752071	Tubbs et al.	May 1998	A
5758176	Agarwal et al.	May 1998	A
5761523	Wilkinson et al.	Jun 1998	A
5768172	Derby	Jun 1998	A
5774709	Worrell	Jun 1998	A
5778241	Bindloss et al.	Jul 1998	A
5781457	Cohen et al.	Jul 1998	A
5784602	Glass et al.	Jul 1998	A
5790827	Leung	Aug 1998	A
5793661	Dulong et al.	Aug 1998	A
5794003	Sachs	Aug 1998	A
5796973	Witt et al.	Aug 1998	A
5798923	Laskowski	Aug 1998	A
5809294	Ando	Sep 1998	A
5812147	Van Hook et al.	Sep 1998	A
5812723	Ohtsu et al.	Sep 1998	A
5815695	James et al.	Sep 1998	A
5815723	Wilkinson et al.	Sep 1998	A
5819117	Hansen et al.	Oct 1998	A
5822606	Morton	Oct 1998	A
5838984	Nguyen et al.	Nov 1998	A
5838986	Garg et al.	Nov 1998	A
5848255	Kondo	Dec 1998	A
5848269	Hara	Dec 1998	A
5850452	Sourgen et al.	Dec 1998	A
5852726	Lin et al.	Dec 1998	A
5864703	Van Hook et al.	Jan 1999	A
5867682	Witt et al.	Feb 1999	A
5875336	Dickol et al.	Feb 1999	A
5875355	Sidwell et al.	Feb 1999	A
5880984	Burchfiel et al.	Mar 1999	A
5881307	Park et al.	Mar 1999	A
5887183	Agarwal et al.	Mar 1999	A
5892960	Seide	Apr 1999	A
5918031	Morrison et al.	Jun 1999	A
5922066	Cho et al.	Jul 1999	A
5926642	Favor	Jul 1999	A
5933650	Van Hook et al.	Aug 1999	A
5936872	Fischer et al.	Aug 1999	A
5944776	Zhang et al.	Aug 1999	A
5953241	Hansen et al.	Sep 1999	A
5960012	Spracklen	Sep 1999	A
5961629	Nguyen et al.	Oct 1999	A
5996056	Volkonsky	Nov 1999	A
5996062	Sachs	Nov 1999	A
6006316	Dinkjian	Dec 1999	A
6009261	Scalzi et al.	Dec 1999	A
6009450	Dworkin et al.	Dec 1999	A
6026420	DesJardins et al.	Feb 2000	A
6035120	Ravichandran	Mar 2000	A
6035316	Peleg et al.	Mar 2000	A
6035317	Guy	Mar 2000	A
6041403	Parker et al.	Mar 2000	A
6058465	Nguyen	May 2000	A
6058500	DesJardins et al.	May 2000	A
6065115	Sharangpani et al.	May 2000	A
6066178	Bair et al.	May 2000	A
6067615	Upton	May 2000	A
6073154	Dick	Jun 2000	A
6078941	Jiang et al.	Jun 2000	A
6088783	Morton	Jul 2000	A
6122738	Millard	Sep 2000	A
6128726	LeComec	Oct 2000	A
6138229	Kucukcakar et al.	Oct 2000	A
6141421	Takaragi et al.	Oct 2000	A
6141786	Cox et al.	Oct 2000	A
6145077	Sidwell et al.	Nov 2000	A
6154834	Neal et al.	Nov 2000	A
6172494	Feuser	Jan 2001	B1
6181729	O'Farrell	Jan 2001	B1
6185668	Arya	Feb 2001	B1
6192491	Cashman et al.	Feb 2001	B1
6199087	Blake et al.	Mar 2001	B1
6199088	Weng et al.	Mar 2001	B1
6233597	Tanoue et al.	May 2001	B1
6243732	Arakawa et al.	Jun 2001	B1
6263429	Siska	Jul 2001	B1
6266758	Van Hook et al.	Jul 2001	B1
6279023	Weng et al.	Aug 2001	B1
6282635	Sachs	Aug 2001	B1
6292883	Augusteijn et al.	Sep 2001	B1
6295599	Hansen et al.	Sep 2001	B1
6298438	Thayer et al.	Oct 2001	B1
6314445	Poole	Nov 2001	B1
6336178	Favor	Jan 2002	B1
6349318	Vanstone et al.	Feb 2002	B1
6349377	Lindwer	Feb 2002	B1
6397241	Glaser et al.	May 2002	B1
6421817	Mohan et al.	Jul 2002	B1
6425124	Tominaga et al.	Jul 2002	B1
6453407	Lavi et al.	Sep 2002	B1
6480872	Choquette	Nov 2002	B1
6513054	Carroll	Jan 2003	B1
6523054	Kamijo	Feb 2003	B1
6587939	Takano	Jul 2003	B1
6615366	Grochowski et al.	Sep 2003	B1
6625726	Clark et al.	Sep 2003	B1
6625737	Kissell	Sep 2003	B1
6651160	Hays	Nov 2003	B1
6658561	Benayoun et al.	Dec 2003	B1
6711602	Bhandal et al.	Mar 2004	B1
6760742	Hoyle	Jul 2004	B1
6892293	Sachs et al.	May 2005	B2
6952478	Lee et al.	Oct 2005	B2
6976178	Kissell	Dec 2005	B1
7003715	Thurston	Feb 2006	B1
7162621	Kissell	Jan 2007	B2
7181484	Kissell et al.	Feb 2007	B2
20010052118	Steinbusch	Dec 2001	A1
20020013691	Warnes	Jan 2002	A1
20020062436	Van Hook et al.	May 2002	A1
20020069402	Nevill et al.	Jun 2002	A1
20020116428	Kissell	Aug 2002	A1
20020178203	Stribaek et al.	Nov 2002	A1
20030172254	Mandavilli et al.	Sep 2003	A1
20060190518	Ekner et al.	Aug 2006	A1

Foreign Referenced Citations (11)

Number	Date	Country
196 44 688	Apr 1998	DE
0 681 236	Nov 1995	EP
0 681 236	Nov 2000	EP
07-182142	Jul 1995	JP
10-11289	Jan 1998	JP
11-003226	Jan 1999	JP
11-174955	Jul 1999	JP
2000-293507	Oct 2000	JP
2000-321979	Nov 2000	JP
WO 9707450	Feb 1997	WO
WO 9708608	Mar 1997	WO

Related Publications (1)

	Number	Date	Country
	20060190518 A1	Aug 2006	US

Binary polynomial multiplier

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications

Term Extension

Abstract

Description

Claims

US Referenced Citations (210)

Foreign Referenced Citations (11)

Related Publications (1)