This application is a national stage entry of PCT/CN2012/076053, filed May 25, 2012, which published as WO 2013/034000 on Mar. 14, 2013 in a language other than English, which claims the benefit of CN Application No. CN 201110267272.4, filed Sep. 9, 2011.
The present invention relates generally to a device for multiplying elements of a composite finite field, and more particularly to a multiplier for multiplying three operands of a composite finite field.
A finite field is a field containing only a finite number of elements, which is widely used in various engineering fields. At present, based on different design basis, multiplication over a finite field are mainly divided into four types: multiplication on the standard basis, multiplication on normal basis, multiplication on double basis, and multiplication on triangular basis.
A composite finite field is a special form of the finite field, and the composite finite field GF((2n)m) is the isomorphic form of the finite field GF(2n×m), which is effectively used in various cryptographic applications and encoding techniques. Effective multiplication design over the composite finite field plays a vital role in the implementation of cryptographic algorithms. There are a variety of known multipliers over composite finite fields in prior art, including software multiplier and hardware multiplier, both of which are devices for performing multiplication of two operands.
The multiplication of three operands is widely used in solving mathematical problems and engineering fields, for example, solving of the Oil and Vinegar polynomial which is commonly used in the cryptographic field. The structure of the Oil and Vinegar polynomial includes a plurality of multiplications of three operands as follows:
The Oil and Vinegar polynomial is the most common form of polynomial in multivariate public key cryptosystem. Each individual element of this polynomial is an element of the computing domain. When calculating the value of the Oil and Vinegar polynomial, especially the first two terms of αijxixj and βijxixj, the multiplication of three operands may be used for many times. The multiplication of three operands is not limited to this.
The existing techniques for solving the multiplication of three operands are realized by multipliers of two operands. However, under real-time and speed-sensitive circumstances, there is a need to use specific hardware devices to implement multiplication of three operands.
Therefore, in order to address the deficiencies and inadequacies in the art, the present invention aims to provide a high-speed composite finite field multiplier for multiplying three operands.
The object of the invention is achieved by the following technical solutions.
A composite finite field multiplier, including:
an input port, configured to input an operand a(x), an operand b(x), an operand c(x), an irreducible polynomial p(x) selected over the GF(2n) field, an irreducible polynomial q(x) selected over the GF((2n)m) field and a control signal k;
a GF(2n) standard basis multiplier, configured to implement the multiplication (a(x)×b(x)×c(x))mod(p(x)) of the three operands a(x), b(x) and c(x) on the standard basis over GF(2n);
a GF(2n) look-up table multiplier, configured to implement the multiplication (a(x)×b(x)×c(x))mod(p(x)) of the three operands a(x), b(x) and c(x) based on the look-up table over GF(2n);
a GF((2n)2) multiplier, including a first processor and a scheduler interconnected with each other; the first processor is configured to implement the multiplication (a(x)×b(x)×c(x))mod(q(x)) of the three operands a(x), b(x) and c(x) over GF((2n)2), wherein “mod” represents modular operation; the scheduler is configured to call the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier;
a controller, configured to control the GF((2n)2) multiplier, the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier;
an output port, configured to output the results;
the controller is connected respectively to the input port, the output port, the GF((2n)2) multiplier, the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier;
the GF((2n)2) multiplier is connected respectively to the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier.
The first processor includes an XOR gate circuit for processing the addition operation over the GF(2n) field.
The control signal k is a (2-bit) value, and has four types of binary value, i.e. (00)2, (01)2, (10)2 and (11)2.
The controller includes a parser and a second processor interconnected with each other;
the parser is configured to parse the inputted control signal;
the second processor is configured to receive the data signal from the input port, and, according to a parsing result from the parser, to notify the GF((2n)2) multiplier, the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier to perform a function corresponding to the parsing result.
The operand a(x), operand b(x) and operand c(x) are in the following forms:
a(x)=an-1xn-1+an-2xn-2+ . . . +a0;
b(x)=bn-1xn-1+bn-2xn-2+ . . . +b0;
c(x)=cn-1xn-1+cn-2xn-2+ . . . +c0.
The irreducible polynomial p(x) selected over the GF(2n) field is in the following form:
p(x)=xn+pn-1xn-1+pn-2xn-2+ . . . +p1x+1;
The irreducible polynomial q(x) selected over the GF((2n)m) field is in the following form:
q(x)=qmxm+qm-1xm-1+ . . . +q0;
Compared with the prior art, the present invention has the following advantages and technical effects.
By using the GF((2n)2) multiplier, the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier, the multiplication of three operands is realized. Compared with the existing multiplier, the multiplier of the present invention has significant advantages in the speed of multiplying three operands over GF((2n)m), and thus can be widely used in various engineering fields, especially in hardware implementation of cryptographic algorithms and in solving various mathematical problems.
The invention will be better understood with reference to the following description taken in conjunction with the specific embodiments and the accompanying drawings. Accordingly, the scope of the present invention is defined by the appended claims rather than the foregoing description and the exemplary embodiments described therein.
As illustrated in
Following is a detailed description of the components of the multiplier of the present invention.
(1) The input ports: as illustrated in
a(x), b(x), c(x), p(x) and q(x) are in the following forms:
a(x)=an-1xn-1+an-2xn-2+ . . . +a0;
b(x)=bn-1xn-1+bn-2xn-2+ . . . +b0;
c(x)=cn-1xn-1+cn-2xn-2+ . . . +c0;
p(x)=xn+pn-1xn-1+pn-2xn-2+ . . . +p1x+1;
q(x)=qmxm+qm-1xm-1+ . . . +q0;
wherein qm, qm-1, . . . , q0 are elements of GF(2n), and am-1, am-2, . . . , a0, bm-1, bm-2, . . . , b0, cm-1, cm-2, . . . , c0, and pn-1, pn-2, . . . , p1 are elements of GF(2).
The control signal k is a (2-bit) value, which has four types of binary value, i.e. (00)2, (01)2, (10)2 and (11)2.
(2) The output port: as illustrated in
(3) The controller: as the only component that can communicate with I/O port, the controller is a core component of the multiplier of the present invention, which can control the GF((2n)2) multiplier, the GF(2n) standard basis multiplier and the GF(2n) look-up table multiplier.
As illustrated in
The parser is configured to parse the inputted control signal. For example, when the value of the inputted control signal k is (00)2, the parser will notify the processor to implement the standard basis multiplication of three operands over GF(2n); when the value of the inputted control signal k is (01)2, the parser will notify the processor to implement the look-up table multiplication of three operands over GF(2n); when the value of the inputted control signal k is (10)2, the parser will notify the processor to implement the standard basis multiplication of three operands over GF((2n)2); when the value of the inputted control signal k is (11)2, the parser will notify the processor to implement the look-up table multiplication of three operands over GF((2n)2).
The processor is configured to receive the inputted control signal, and to notify the function components to implement corresponding functions based on the parsing results of the parser. For example, if the parsing result indicates that it is necessary to implement the standard basis multiplication of three operands over GF(2n), then the processor will send a(x), b(x), c(x) and p(x) to the GF(2n) standard basis multiplier and wait for feedback; once the feedback result is obtained, the processor will send the result to the output port d. If the parsing result indicates that it is necessary to implement the look-up table multiplication of three operands over GF(2n), then the processor will send a(x), b(x), c(x) and p(x) to the GF(2n) look-up table multiplier and wait for feedback; once the feedback result is obtained, the processor will send the result to the output port d. If the parsing result indicates that it is necessary to implement the standard basis multiplication of three operands over GF((2n)2), or the look-up table multiplication of three operands over GF((2n)2), then the processor will send a(x), b(x), c(x), p(x) and q(x) to the GF((2n)2) multiplier and wait for feedback; once the feedback result is obtained, the processor will send the result to the output port d.
(4) The GF((2n)2) multiplier: as illustrated in
(5) The GF(2n) standard basis multiplier: as illustrated in
(5-1) Calculating vij based on
wherein i=0, 1, . . . , 3(n−1), j=0, 1, . . . , n−1.
(5-2) Calculating S, based on
wherein i=0, 1, . . . , 3(n−1).
(5-3) Calculating di based on
wherein i=0, 1, . . . , n−1.
(5-4) Let
then d(x) is the product of the three operands a(x), b(x) and c(x) over GF(2n), and d(x) is also an element of GF(2n).
(6) The GF(2n) look-up table multiplier: the GF(2n) look-up table multiplier is configured to implement the multiplication (a(x)×b(x)×c(x))mod(p(x)) of the three operands a(x), b(x) and c(x) over GF(2n). As illustrated in
The GF(2n) look-up table is constructed according to the following principle. There are 2n elements of GF(2n) in total. Assuming that a is a primitive root of GF(2n), then each nonzero element of GF(2n) may be expressed as an exponentiation of α, i.e. as an element in {α0, α1, . . . , α2
Working procedure of the multiplier of the present invention is now further described taking the example of n=4.
Let the control signal k be (00)2, the parser of the controller notifies the processor of the controller to implement the standard basis multiplication of three operands over GF(24). The processor of the controller receives the inputted data signals a(x), b(x), c(x) and p(x). As the three operands, a(x), b(x) and c(x) have the following forms: a(x)=a3x3+a2x2+a1x+a0, b(x)=b3x3+b2x2+b1x+b0 and c(x)=c3x3+c2x2+c1x+c0, all of which are elements of GF(24); p(x) has a fixed inputting form: p(x)=x4+p3x3+p2x2+p1x+1, and it is an irreducible polynomial selected over GF(24). a3, a2, a1, a0, b3, b2, b1, b0, c3, c2, c1, c0 and p3, p2, p1 are all elements of GF(2).
The processor of the controller sends a(x), b(x), c(x) and p(x) to the GF(2n) standard basis multiplier and waits for feedback results. At this time, the GF(2n) standard basis multiplier starts its processor, and implements the multiplication of three operands over GF(2n), with the process as follows:
calculating vij based on
wherein i=0, 1, . . . , 9, j=0, 1, . . . , 3;
calculating S, based on
wherein i=0, 1, . . . , 9;
calculating di based on
wherein i=0, 1, . . . , 3.
is the product of three operands over GF(24), and the GF(2n) standard basis multiplier sends this result to the controller; the controller sends the result to the output port d.
Let the control signal k be (01)2, the parser of the controller notifies the processor of the controller to implement the look-up table multiplication of three operands over GF(2n). The processor of the controller receives the inputted data signals a(x), b(x), c(x) and p(x). As the three operands, a(x), b(x) and c(x) have the following forms: a(x)=a3x3+a2x2+a1x+a0, b(x)=b3x3+b2x2+b1x+b0 and c(x)=c3x3+c2x2+c1x+c0, all of which are elements of GF(24); p(x) has a fixed inputting form: p(x)=x4+p3x3+p2x2+p1x+1, and it is an irreducible polynomial selected over GF(24). a3, a2, a1, a0, b3, b2, b1, b0, c3, c2, c1, c0 and p3, p2, p1 are all elements of GF(2).
The processor of the controller sends a(x), b(x), c(x) and p(x) to the GF(2n) look-up table multiplier and waits for feedback results. The GF(2n) look-up table multiplier starts its processor, and implements the multiplication of three operands over GF(2n), with the detailed process as follows:
The processor of the GF(2n) look-up table multiplier constructs the GF(24) look-up table according to the following principle. There are sixteen elements in GF(24) in total. Assuming that α is a primitive root of GF(24), then each nonzero element of GF(24) may be expressed as an exponentiation of α, i.e. as an element of {α0, α1, . . . , α14}. Assuming that ki(x) is an element of GF(24), and may be expressed as αi, then {i, ki(x)} is saved into the look-up table.
When the processor of the GF(2n) look-up table multiplier is calculating (ki(x)·kj(x)·km(x))mod(p(x)), the exponentiations of α respectively corresponding to ki(x), kj(x), km(x), i.e. i, j, m, are looked up by searching in the constructed look-up table. Next, the value u of (i+j+m)mod(15) is calculated. Lastly, an element ku(x) corresponding to αu in GF(24) is looked up by searching in the look-up table. Thus, ku(x) is the result of (ki(x)·kj(x)·km(x))mod(p(x)). The GF(2n) look-up table multiplier sends the calculation result to the controller, and the controller outputs this result into the output port d.
Let the control signal k be (10)2 or (11)2, the parser of the controller notifies the processor of the controller to implement the standard basis multiplication or the look-up table multiplication of three operands over GF((2n)2). The processor of the controller receives the inputted data signals a(x), b(x), c(x), p(x) and q(x). As the three operands, a(x), b(x) and c(x) have the following forms: a(x)=ahx+al, b(x)=bhx+bl and c(x)=chx+cl, all of which are elements of GF((24)2); ah, al, bh, bl, ch and cl are all elements of the GF(24) finite field; p(x) and q(x), as the inputted data signals, are irreducible polynomials selected over GF(24) and GF((24)2), and have the following forms: p(x)=x4+x+1 and q(x)=x2+x+e, wherein e=9 is a constant of GF(24).
The processor of the controller sends a(x), b(x), c(x), p(x) and q(x) to the GF((2n)2) multiplier, and waits for the feedback result. At this time, the GF((2n)2) multiplier starts its processor, and implement the multiplication of three operands over GF((2n)2), calculating respectively:
dh=e·ah·bh·ch+ah·bh·ch+ah·bl·ch+al·bh·ch+ah·bh·cl+al·bl·ch+ah·bl·cl+al·bh·cl,dl=e(ah·bh·ch+ah·bl·ch+al·bh·ch+ah·bh·cl)+al·bl·cl.
The operator · is the multiplication operation over the sub-field GF(24), and the operator + is the addition operation over the sub-field GF(24). When the processor of the GF((2n)2) multiplier is processing the multiplication operation over the sub-field GF(24), it performs the calculation by starting the internal scheduler. At this time, the internal scheduler will need to send the three operands to the GF(2n) standard basis multiplier or the GF(2n) look-up table multiplier (i.e. sending to the GF(2n) standard basis multiplier when k is (10)2, and sending to the GF(2n) look-up table multiplier when k is (11)2), and wait for the feedback result. Once the GF(2n) standard basis multiplier or the GF(2n) look-up table multiplier has completed the necessary calculating and sent the result to the scheduler, the scheduler will immediately send the result to the processor of the GF((2n)2) multiplier. When the processor of the GF((2n)2) multiplier is processing the addition operation over the sub-field GF(24), it obtains the calculating result by an XOR gate circuit. d(x)=dhx+dl is the calculating result of (a(x)×b(x)×c(x))mod(q(x)), and it is an element of GF((24)2); dh and dl are elements of GF(24). The internal processor sends the result to the controller, and the controller sends the result to the output port d.
The above embodiments are preferred embodiments of the present invention, which, however, is not intended to limit the implementation of the present invention. All of the variations, modifications, alternatives, combinations, simplifications that are not apart from the spirit of the invention shall be deemed as equivalences to those skilled in the art, and are within the protection scope of the present invention.
Number | Date | Country | Kind |
---|---|---|---|
2011 1 0267272 | Sep 2011 | CN | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/CN2012/076053 | 5/25/2012 | WO | 00 | 12/3/2013 |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO2013/034000 | 3/14/2013 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
5931894 | Wei | Aug 1999 | A |
6263470 | Hung | Jul 2001 | B1 |
6701336 | Shen et al. | Mar 2004 | B1 |
7464128 | Pitsianis | Dec 2008 | B1 |
8200734 | Asher | Jun 2012 | B1 |
20030135530 | Parthasarathy | Jul 2003 | A1 |
20120170738 | Lablans | Jul 2012 | A1 |
Number | Date | Country |
---|---|---|
101095102 | Dec 2007 | CN |
101739233 | Jun 2010 | CN |
101819519 | Sep 2010 | CN |
102314330 | Jan 2012 | CN |
202217262 | May 2012 | CN |
Entry |
---|
Mar. 14, 2013, International Search Report PCT/CN2012/076053. |
Written Opinion PCT/CN2012/076053—Chinese. |
Written Opinion PCT/CN2012/076053—English. |
Number | Date | Country | |
---|---|---|---|
20140101220 A1 | Apr 2014 | US |