Claims
- 1. An apparatus for multiplying a first and a second binary polynomial X(t) and Y(t) over GF(2), where an irreducible polynomial Mm(t)=tm+am−1tm−1+am2tm−2+ . . . +a1t+a0, where the coefficients ai are equal to either 1 or 0, and m is a field degree, where degree of X(t)<n, and degree of Y(t)<n, and wherein m≦n, the apparatus comprising:
a digit serial modular multiplier circuit coupled to supply a multiplication result of degree ≧m of a multiplication of the first and second binary polynomials, the digit serial modular multiplier circuit including, a first and second register, each being ≦n bits;
a partial product generator circuit coupled to multiply a portion of digit size d of contents of the first register and at least a portion of contents of the second register; and wherein the partial product generator is further coupled to be utilized as part of a reduction operation for at least one generic curve.
- 2. The apparatus as recited in claim 1 wherein the partial product generator is coupled to utilize a polynomial M′, M′=(Mm(t)−tm)*tn−m as part of the reduction operation.
- 3. The apparatus as recited in claim 1 wherein the partial product generator is coupled to utilize a polynomial M″, M″=(Mm(t))*tn−m as part of the reduction operation.
- 4. The apparatus as recited in claim 1 further comprising a partial product register coupled to the partial product generator to store a partial product and a result register coupled to accumulate a multiplication result.
- 5. The apparatus as recited in claim 4 wherein a size of the partial product register is ≦(n+d) bits.
- 6. The apparatus as recited in claim 4 wherein a size of the result register is ≦n+d bits.
- 7. The apparatus as recited in claim 4 further comprising:
at least one hardwired reduction circuit coupled to reduce the partial product in the partial product register according to an irreducible polynomial corresponding to a named curve and to supply a reduced partial product; and and wherein the reduced partial product is coupled to be added with an accumulated result in the result register and stored in the result register.
- 8. The apparatus as recited in claim 1 wherein the partial product generator alternately performs a multiplication iteration and a reduction iteration when reduction is not supported by a hardwired reduction circuit.
- 9. The apparatus as recited in claim 1 wherein the second polynomial is shifted and reduced as part of an iteration to generate a partial product and the reduced and shifted second polynomial is multiplied by a shifted portion of the first polynomial of the digit size d.
- 10. The apparatus as recited in claim 9 wherein the second polynomial is reduced by a hardwired reduction circuit, the reduced second polynomial being coupled to generate a subsequent partial product.
- 11. The apparatus as recited in claim 9 wherein the partial product generator alternately performs a multiplication operation used as part of a reduction operation on the second polynomial to produce a reduced second polynomial and a multiplication of the reduced second polynomial and a portion of the first polynomial to produce a partial product.
- 12. The apparatus as recited in claim 11 wherein the first register is utilized in a reduction operation on contents of the second register.
- 13. The apparatus as recited in claim 12 further comprising a partial product register coupled to receive the partial product from the partial product generator and wherein the first register alternately supplies,
high order bits of a sum of low order bits of shifted contents of the second register and low order bits of the partial product register; and low order bits of shifted contents of the first register.
- 14. The apparatus as recited in claim 1 wherein the digit serial modular multiplier circuit is implemented as a least significant digit first modular multiplier.
- 15. The apparatus as recited in claim 14 further comprising:
a first plurality of hardwired reduction circuits corresponding to respective irreducible polynomials coupled to reduce the contents of the second register, one of the hardwired reduction circuits being selected according to an underlying extension field of (2); and a second plurality of hardwired reduction circuits coupled to reduce the partial product using one of a second plurality of hardwired reduction circuits corresponding to the respective irreducible polynomials.
- 16. The apparatus as recited in claim 1 wherein the digit serial modular multiplier circuit is implemented as a most significant digit first modular multiplier circuit.
- 17. The apparatus as recited in claim 16 wherein the first and second binary polynomials are left justified by a factor of td*└(n−m)/d┘ and stored in the first and second registers.
- 18. The apparatus as recited in claim 16 wherein a value in a result register is right justified by a factor of td*└(n−m)/d┘, thus providing a result of the modular multiplication.
- 19. The apparatus as recited in claim 16 wherein a reduction operation occurs for both generic and named curves after each partial product is generated and wherein the partial product is utilized in the reduction operation.
- 20. The apparatus as recited in claim 19 further comprising:
a partial product register coupled to the partial product generator to store a partial product; and a result register coupled to accumulate a result of the multiplication operation.
- 21. The apparatus as recited in claim 20 further comprising at least one hardwired reduction circuit, coupled to reduce a sum of a shifted accumulated result and the partial product and supply a result of the reduction operation to the result register.
- 22. The apparatus as recited in claim 20 wherein the partial product generator is coupled to utilize one of a first and second polynomial M′ and M″, M′=(Mm(t)−tm)*tn−m, and M″=(Mm(t))*tn−m, as part of a reduction operation utilizing the partial product.
- 23. A circuit for performing a modular multiplication operation on first and second binary polynomials X(t) and Y(t) over GF(2), where an irreducible polynomial M(t)=tm+am−1tm−1+am−2tm−2+ . . .+a1t+a0, the coefficients ai being equal to either 1 or 0, and m being a field degree, the circuit comprising:
a first register storing the first polynomial of degree <n, n being ≧m; a second register storing the second polynomial of degree <n; a multiplier circuit coupled to the first and second registers to perform a multiplication of at least a portion of contents of the first and second registers; a result register coupled to the multiplier circuit to store a multiplication result of degree <2n−1; and wherein the multiplier circuit is further coupled to multiply high order bits of the multiplication result and one of a first and second polynomial M′ and M″, respectively, M′=(Mm(t)−tm)*tn−m, and M″=(Mm(t))*tn−m, and to supply an intermediate reduction result as part of a reduction operation to reduce the multiplication result to a degree less than n and ≧m.
- 24. The apparatus as recited in claim 23 further comprising:
an adder circuit; and a third register coupled to the adder, the adder circuit coupled to add low order bits of contents of the intermediate reduction result and contents of the third register.
- 25. The apparatus as recited in claim 24, wherein
the multiplier circuit is further coupled to iteratively multiply high order bits of each intermediate reduction result and one of the polynomials M′ and M″, until the high order bits of the intermediate reduction result are zero; and wherein the adder adds the low order bits of each intermediate reduction result and the contents of the third register until the high order bits of the reduction result become zero, thereby providing a reduced multiplication result of degree less than n and ≧m.
- 26. The apparatus as recited in claim 24 wherein the first and second registers are utilized to supply the multiplier circuit with the high order bits of the output of the result register and at least one of the polynomial M′ and M″.
- 27. A method for multiplying a first and a second binary polynomials X(t) and Y(t) over GF(2) in a digit serial modular multiplier, where an irreducible polynomial Mm(t)=tm+am−1tm−1+am−2tm−2+ . . . +a1t +a0, where the coefficients ai are equal to either 1 or 0, and m is a field degree, where degree of X(t)<n, and degree of Y(t)<n, the method comprising:
storing the first and second polynomials in a first and second register, respectively; multiplying in a partial product generator circuit a portion of digit size d of contents of the first register and at least a portion of contents of the second register and generating a partial product; and for a generic curve, utilizing the partial product generator as part of a reduction operation.
- 28. The method as recited in claim 27 further comprising supplying a polynomial M′, M′=(Mm(t)−tm)*tn−m as part of the reduction operation for use with the generic curve.
- 29. The method as recited in claim 27 further comprising supplying a polynomial M″, M″ (Mm(t))*tn−m as part of the reduction operation for use with the generic curve.
- 30. The method as recited in claim 27 further comprising:
reducing the partial product generated by the partial product generator using a hardwired reduction circuit according to an irreducible polynomial corresponding to a named curve and supplying a reduced partial product; and adding the reduced partial product with an accumulated result.
- 31. The method as recited in claim 27 further comprising alternately performing in the partial product generator a multiplication iteration and a reduction iteration when reduction is not supported by a hardwired reduction circuit.
- 32. The method as recited in claim 27 further comprising:
shifting and reducing the second polynomial; and multiplying the shifted and reduced second polynomial and a portion of the first polynomial of digit size d.
- 33. The method as recited in claim 32 further comprising reducing the shifted second polynomial using a hardwired reduction circuit.
- 34. The method as recited in claim 32 further comprising alternately multiplying in the partial product generator one of a polynomial M′ and M″, respectively, as part of a reduction operation on the shifted second polynomial to produce a reduced second polynomial, M′=(Mm(t)−tm)*tn−m, and M″=(Mm(t))*tn−m, and multiplying the reduced second polynomial and a portion of the first polynomial to produce a partial product.
- 35. The method as recited in claim 27 wherein a reduction operation occurs for both generic and named curves after each partial product is generated and wherein the partial product is utilized in the reduction operation.
- 36. A method for performing a modular multiplication operation on first and second binary polynomials X(t) and Y(t) over GF(2), where an irreducible polynomial M(t)=tm+am−1tm−1+am−2tm−2+ . . . +a1t +a0, the coefficients ai being equal to either 1 or 0, and m being a field degree, a degree of the first and second binary polynomials being <n, n being≧m, the method comprising:
storing in a first and second register the first and second binary polynomials, respectively, the first and second registers being less than or equal to n bits; performing a multiplication of at least a portion of contents of the first and second registers; storing a multiplication result of degree <2n−1; and multiplying high order bits of the multiplication result and one of a polynomial M′ and M″, respectively, M′=(M(t)−tm)*tn−m, and M″=M(t)*tn−m to provide an intermediate reduction result as part of a reduction operation to reduce the multiplication result to a degree less than n and ≧m.
- 37. The method as recited in claim 36 further iteratively multiplying high order n bits of the each intermediate reduction result and one of the polynomials M′ and M″, until the high order n bits of the intermediate reduction result are zero.
- 38. The method as recited in claim 37 further comprising adding the low order bits of each intermediate reduction result and the contents of a third register until one cycle after the high order n bits of the intermediate reduction result become zero, thereby providing a reduced multiplication result of degree less than n and ≧m.
- 39. An apparatus for multiplying a first and a second binary polynomials X(t) and Y(t) over GF(2), where an irreducible polynomial Mm(t)=tm+am−1tm−1+am−2tm−2+ . . . +a1t+a0, where the coefficients ai are equal to either 1 or 0, and m is a field degree, where degree of X(t)<n, and degree of Y(t)<n, the apparatus comprising:
a first and second register storing the first and second binary polynomials; first means for reducing a multiplication of the first and second binary polynomials using at least one hardwired reduction circuit; and second means for reducing a multiplication of the first and second binary polynomials using a partial product generator used for multiplication of the first and second polynomials, the partial product generator circuit coupled to multiply a portion of digit size d of contents of the first register and contents of the second register and generate a partial product.
- 40. The apparatus as recited in claim 39 wherein the first and second means are used to reduce the shifted second polynomial.
- 41. The apparatus as recited in claim 39 wherein the first and second means are used to reduce the partial product.
CROSS-REFERENCE TO RELATED APPLICATION(S)
[0001] This application claims the benefit under 35 U.S.C. §119(e) of the following provisional applications: 60/376,742, filed May 1, 2002; No. 60/379,316, filed May 10, 2002; No. 60/389,135 filed Jun. 14, 2002; No. 60/400,223 filed Aug. 1, 2002; and No. 60/426,783, filed Nov. 15, 2002; all of which are incorporated herein by reference.
Provisional Applications (5)
|
Number |
Date |
Country |
|
60376742 |
May 2002 |
US |
|
60379316 |
May 2002 |
US |
|
60389135 |
Jun 2002 |
US |
|
60400223 |
Aug 2002 |
US |
|
60426783 |
Nov 2002 |
US |