Low complexity bit-parallel systolic architecture for computing C+AB, AB, C+AB2 or AB2 over a class of GF (2m)

Abstract

A systolic architecture for computing C+AB, AB, C+AB2 or AB over a class of GF(2m) free global connection, wherein the A, B and C are the input elements of the GF(2m). The systolic architecture includes an inner product unit and a modular unit. The inner product unit includes m2 pieces of U cells and 2m+1 pieces of latch units. Each U cell includes a AND gate, a repulsive (or XOR) gate and three latches. The coefficients Aj, Bj and C<2j> of A, B and C are respectively inputted via the input ends Aj, Sj and C<2j> of U0,j, wherein the <2j> represents 2j modulo m+1. The modular unit includes m XOR gates for computing the modular p(x).

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a low complexity bit-parallel systolic architecture, and more particularly to a low complexity bit-parallel systolic architecture for computing C+AB, AB, C+AB² or AB² over a class of GF(2^m) free global connection.

2. Description of Related Art

Finite fields GF(2^m) have broadly applied to error control coding and cryptography [reference 12]. The fundamental operations in a finite field are addition, multiplication, exponentiation, division and multiplicative inversion. However, information processing usually requires the power-sum (C+AB²) operation to be performed in error control coding. AB² circuits have been shown to be more effective than AB circuits in performing exponentiation, inversion and division in GF(2^m). This AB² operation can be performed by typical multiplication, but not necessarily in an efficient way. Recently, several studies have sought to solve this problem. For example Wei [reference 1] presented a systolic array with bi-directional data flow to compute C+AB² over GF(2^m) using the standard basis representation, Wang and Guo [reference 2] presented a systolic array with unidirectional data flow over GF(2^m); Liu [reference 3] proposed an AB² multiplier that used a cellular architecture in GF(2^m) and was based on an irreducible all one polynomial (AOP), and Lee [reference 4] presented a bit-parallel systolic array over a class of GF(2^m) which also based on an irreducible AOP. This study focuses on the implementation of the systolic circuit of the C+AB, AB, C+AB or AB² operation over the class of AOP-based GF(2^m) and the class of equally spaced polynomial based (ESP-based) GF(2^m).

Irreducible AOP or irreducible ESP generates a special finite field, in which arithmetic operation can be simplified. In 1989, Itoh and Tsujii [reference 5] designed two low-complexity multipliers in a class of GF(2^m) based on the irreducible AOP of degree m or the irreducible ESP of degree mr. Since then, many bit-parallel low-complexity multipliers have been proposed for error-control coding or cryptographic applications, such as those described in [references 6-9]. Recently, Lee et. al. [reference 10] employed cyclic shifting and inner product to implement efficient systolic multipliers over a class of GF(2^m), in which an irreducible AOP or an irreducible ESP generates each element of the finite field, such that the systolic circuits have low latency and low complexity. However, the circuit includes many surplus inputs and latches [reference 10] if the order m of GF(2^m) is large. Later, Lee et. al. [reference 11] used some global connections disused inputs and latches in another design. In particular, public-key cryptography applies the finite field GF(2^m) [reference 12], in which the order m ranges from dozens to hundreds. If m is in the order of hundred, then reducing the number of redundant inputs and latches or eliminating the global connections becomes important.

This study develops an algorithm for computing C+AB, AB, C+AB² or AB² over a class of fields GF(2^m) using the characteristics of an irreducible AOP of degree m. Based on the algorithm, a ringed parallel-in parallel-out systolic multiplier for computing C+AB² is proposed. The multiplier consists of m² identical cells, each consisting of one 2-input AND gate, one 2-input XOR gate and three 1-bit latches. The gates in the multiplier are fewer than in [reference 3, 4, 10 or 11]. The architecture includes no redundant inputs, latches and has no global connections; it is therefore is suitable for use in VLSI design. Moreover, extending this algorithm enables the ringed bit-parallel systolic architecture over the class of GF(2^m) also to be applied to ESP-based multiplication over the class of GF(2^nr).

SUMMARY OF THE INVENTION

The main objective of the present invention is to provide an improved a bit-parallel systolic architecture for computing C+AB, AB, C+AB² or AB² over a class of GF(2^m) based on the irreducible all one polynomial (AOP) or the irreducible equally spaced polynomial (ESP), where A, B and C are elements of GF(2^m).

To achieve the objective, If elements over GF(2^m) are represented by extended forms, then these elements have two important properties: first, the polynomial of the elements is cyclic with modulo x^m+1+1, and second, some fixed zero terms of the product of two elements can be ignored in the polynomials. Then, with these properties, ringed low-complexity bit-parallel systolic multipliers are presented. The ringed bit-parallel systolic multiplier over the class of GF(2^m) requires few gates and no global connections. Accordingly, the new multiplier has a low complexity and few input pins. This ringed configuration can be easily implemented by taking advantage of three-dimensional routing in VLSI systems. The architecture of the multiplier was designed to compute C+AB² over GF(2⁴), based on the irreducible AOP, or over GF(2⁶), based on the irreducible ESP as examples, respectively. Notably, the field GF(2⁴) or GF(2⁶) is used to illustrate the structures and operations of the two new multipliers presented in this paper, However, the extension of these structures to a general case of GF(2^m) is straightforward.

Further benefits and advantages of the present invention will become apparent after a careful reading of the detailed description with appropriate reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1(a) is a bit-parallel systolic inner product unit for the C+AB, AB, C+AB² or AB² over GF(2⁴) in accordance with the present invention;

FIG. 1(b) is a detailed circuit of U_i,j cell;

FIG. 1(c) is a modular unit

FIG. 2 is a cyclic sequence <a⁰ a² a⁴ a¹ a³> with modulo (a⁵+1);

FIG. 3 is a ringed bit-parallel systolic circuit for computing C+AB, AB, C+AB² or AB over GF(2⁴) based on the irreducible AOP of degree 4; and

FIG. 4 is a ringed systolic structure for computing C+AB, AB, C+AB² or AB² over GF(2⁶) based on the irreducible ESP of degree 6.

DETAILED DESCRIPTION OF THE INVENTION

1. Mathematical Background

These section introduces the properties of the cyclic shifting and the inner product of the field GF(2^m) based on an irreducible AOP introduced in [reference 10]. These properties are important in developing the multipliers hereinafter.

1.1 Extended Canonical Basis

A polynomial of the form p(x)=p₀+p₁x+ . . . +p_mx^m over GF(2) is called an AOP of degree m if p_i=1 for i=0, 1, . . . , m [reference 5]. An AOP has been shown to be irreducible if and only if m+1 is a prime and 2 is a primitive element of the field GF(m+1). For m≦100, the possible values of m for which an AOP of degree m is irreducible, are 2, 4, 10, 12, 18, 28, 36, 52, 58, 60, 66, 82 and 100.

Suppose that a is a root of an irreducible AOP of degree m; then any element A in the Galois field GF(2^m) can be represented as A=a₀+a₁a+a₂a²+ . . . +a_m−1a^m−1, where the coefficients a_iεGF(2) for 0≦i≦m−1, and {1, a, a², . . . , a^m−1} is called a canonical basis of GF(2^m). Notably, the element A can also be represented as A=A₀+A₁a+A₂a²+ . . . +A_ma^m, with A_i=a_i+A_m for 0≦i≦m−1 and A_m=0 or 1. The basis {1, a, a², . . . , a^m} is then called an extended basis of the canonical basis {1, a, a², . . . , a^m−1}.

1.2 Inner Product

Let P(x)=1+x+x²+ . . . +x^m be an irreducible AOP of degree m; and let α be a root of P(x), such that P(α)=1+α+α²+ . . . +α^m=0. Then, α^m+1=1,  (1) Definition 1: Let A=A₀+A₁a+A₂a²+ . . . +A_ma^m be an element in GF(2^m), which is represented with the extended basis. Then, A⁽¹⁾(=A_m+A₀a+A₁a²+ . . . +A_m−1a^m) and A⁽⁻¹⁾(=A₁+A₂a+A₃a²+ . . . +A₀a^m) denote the elements obtained by shifting A cyclically one position to the right and one position to the left, respectively.

Analogously, A⁽ⁱ⁾ and A⁽⁻ⁱ⁾, where i=0, 1, 2 . . . m, represent the elements obtained by shifting A cyclically i positions to the right and i positions to the left, respectively. $\begin{array}{cc}{A}^{\left(i\right)}=A_{m-i+1}+A_{m-i+2}\alpha +\dots +A_{m-i}{\alpha }^m& \left(2\right)\\ =\sum _{j=0}^m{A}_{\langle j-i\rangle }{\alpha }^j& \\ A^{\left(-i\right)}=A_i+A_{i+1}\alpha +\dots +A_{\langle m+i\rangle }{\alpha }^m& \left(3\right)\\ =\sum _{j=0}^m{A}_{\langle j+1\rangle }{\alpha }^j& \end{array}$ where <θ>, the subscript of A_<θ>, represents the least nonnegative residues of θ modulo m+1 (for all AOP-based GF(2^m)). Notably, A⁽⁰⁾=A⁽⁻⁰⁾=A.

An important operation, called the inner product, is defined as follows. Definition 2: Let A=A₀+A₁a+ . . . +A_ma^m and B=B₀+B₁a+ . . . +B_ma^m be two elements of GF(2^m), where a is a root of the irreducible AOP of degree m. Then the inner product of A and B is defined as, $\begin{array}{cc}\begin{array}{c}A·B=\left(\sum _{j=0}^m{A}_j{\alpha }^j\right)·\left(\sum _{j=0}^m{B}_j{\alpha }^j\right)\\ =\sum _{j=0}^m{A}_j{B}_j{\alpha }^{2j}\end{array}& \left(4\right)\end{array}$ By Definitions 1 and 2, the inner product of A⁽ⁱ⁾ and B⁽ⁱ⁾ is given by, $\begin{array}{cc}\begin{array}{c}{A}^{\left(i\right)}·B^{\left(-i\right)}=\left(\sum _{j=0}^m{A}_{\langle j-i\rangle }{\alpha }^j\right)·\left(\sum _{j=0}^m{B}_{\langle j+i\rangle }{\alpha }^j\right)\\ =\sum _{j=0}^m{A}_{\langle j-i\rangle }{B}_{\langle j+i\rangle }{\alpha }^{2j}\end{array}& \left(5\right)\end{array}$

The inner product operation defined in Definition 2 is important in the proposed algorithm. Theorem 1: Assume that A=A₀+A₁a+ . . . +A_ma^m and B=B₀+B₁a+ . . . . +B_ma^m are two elements in GF(2^m). Then, the A and B over GF(2^m) can be multiplied using, $\begin{array}{cc}\begin{array}{c}\mathrm{AB}=A^{\left(0\right)}·B^{\left(-0\right)}+A^{\left(1\right)}·B^{\left(-1\right)}+\dots +A^{\left(m\right)}·B^{\left(-m\right)}\\ =\sum _{i=0}^m{A}^{\left(i\right)}·B^{\left(-i\right)}\end{array}& \left(6\right)\end{array}$

Based on theorem 1, bit-parallel systolic multipliers for computing C+AB² was presented in [reference 3] and [reference 4] the latency of those multipliers is only m+1 clock cycles. However, the circuit still requires (m+1)² cells and 5m+3 input pins. Following the above preliminaries, Section 3 presents a modified multiplier for computing C+AB over GF(2^m), based on an irreducible AOP.

2. Multiplier for Computing C+AB²

2.1 Representation for Computing C+AB²

Definition 3: Let B=B₀+B₁a+ . . . +B_ma^m be over GF(2^m) be generated by an irreducible AOP of p(x), where a is a root of the irreducible AOP of p(x). Then the square of B is defined as, $\begin{array}{cc}\begin{array}{c}{B}^2={\left(B_0+B_{1}a+B_2{a}^2+\dots +B_m{a}^m\right)}^2\\ =B_0+B_1{a}^2+B_2{a}^4+\dots +B_m{a}^{2m}\\ =S_0+S_{1}a+S_2{a}^2+\dots +S_m{a}^m\end{array}& \left(7\right)\end{array}$$\begin{array}{cc}\mathrm{where},S_i=\{\begin{array}{cc}{B}_{i/2},& \mathrm{even}i\\ B_{\left(i+m+1\right)/2},& \mathrm{odd}i\end{array}& \left(8\right)\end{array}$

Let A and B be two elements of GF(2^m), both represented with the extended basis {1, a, a², . . . , a^m}; then, the inner product of A and B² is obtained by, $\begin{array}{cc}\begin{array}{c}A·B^2=\left(A_0\right)\left(S_0\right)+\left(A_1{\alpha }^1\right)\left(S_1{\alpha }^1\right)+\dots +\left(A_m{\alpha }^m\right)\left(S_m{\alpha }^m\right)\\ =\left(\sum _{j=0}^m{A}_j{\alpha }^j\right)·\left(\sum _{j=0}^m{S}_j{\alpha }^j\right)\\ =\sum _{j=0}^m{A}_j{S}_j{\alpha }^{2j}\end{array}& \left(9\right)\end{array}$ By Definitions 1 and 2 again, the inner product of A⁽ⁱ⁾ and (B²)⁽⁻ⁱ⁾ is given by, $\begin{array}{cc}\begin{array}{c}{A}^{\left(i\right)}·{\left(B^2\right)}^{\left(-i\right)}=\left(\sum _{j=0}^m{A}_{\langle j-i\rangle }{\alpha }^j\right)·\left(\sum _{j=0}^m{S}_{\langle j+i\rangle }{\alpha }^j\right)\\ =\sum _{j=0}^m{A}_{\langle j-i\rangle }{S}_{\langle j+i\rangle }{\alpha }^{2j}\end{array}& \left(10\right)\end{array}$

According to Eqs. (1) and (7), the product of A and B² over GF(2^m) is, $\begin{array}{cc}\begin{array}{c}{\mathrm{AB}}^2=\left(A_0+A_{1a}+A_2{a}^2+\dots +A_m{a}^m\right)(S_0+S_{1}a+\\ S_2{a}^2+\dots +S_m{a}^m)\\ =\left(\sum _{j=0}^m{A}_j{\alpha }^j\right)\left(\sum _{i=0}^m{S}_i{\alpha }^i\right)\\ =\sum _{i=0}^m\sum _{j=0}^m{A}_j{S}_{\langle i-j\rangle }{\alpha }^i\end{array}& \left(11\right)\end{array}$$\mathrm{where},S_{\langle i-j\rangle }=\{\begin{array}{cc}{B}_{\langle \left(i-j\right)/2\rangle },& \mathrm{even}\left(i-j\right)\\ B_{\langle \left(i-j+m+1\right)/2\rangle },& \mathrm{odd}\left(i-j\right)\end{array}$

EXAMPLE 1

Assume that A=A₀+A₁a+A₂a²+A₃a³+A₄a⁴ and B=B₀+B₁a+B₂a²+B₃a³+B₄a⁴ are two elements in the field GF(2⁴). Let D=D₀+D₁a+D₂a²+D₃a³+D₄a⁴ denote the product of A and B² over GF(2⁴). $\begin{array}{c}D={\mathrm{AB}}^2=\left(A_0+A_{1}a+A_2{a}^2+A_3{a}^3+A_4{a}^4\right)\\ \left(S_0+S_{1}a+S_2{a}^2+S_3{a}^3+S_4{a}^4\right)\\ =\left(A_0+A_{1}a+A_2{a}^2+A_3{a}^3+A_4{a}^4\right)\\ \left(B_0+B_{3}a+B_1{a}^2+B_4{a}^3+B_2{a}^4\right)\end{array}$

Then, from Eq. (1), a⁵=1, and from Eq. (11), the coefficients of D are given by, D₀=A₀B₀+A₄B₃+A₃B₁+A₂B₄+A₁B₂, D₁=A₁B₀+A₀B₃+A₄B₁+A₃B₄+A₂B₂, D₂=A₂B₀+A₁B₃+A₀B₁+A₄B₄+A₃B₂, D₃=A₃B₀+A₂B₃+A₁B₁+A₀B₄+A₄B₂, and D₄=A₄B₀+A₃B₃+A₂B₁+A₁B₄+A₀B₂. 2.2 AOP-Based Algorithm and Circuit Theorem 2: Assume that A=A₀+A₁a+A₂a²+ . . . +A_ma^m and B=B₀+B₁a+B₂a²+ . . . +B_ma^m are two elements in GF(2^m). Then, A and B² over GF(2^m) can be multiplied using, $\begin{array}{c}{\mathrm{AB}}^2=A^{\left(0\right)}·{\left(B^2\right)}^{\left(-0\right)}+A^{\left(1\right)}·{\left(B^2\right)}^{\left(-1\right)}+\dots +A^{\left(m\right)}·{\left(B^2\right)}^{\left(-m\right)}\\ =\sum _{i=0}^m{A}^{\left(i\right)}·{\left(B^2\right)}^{\left(-i\right)}\end{array}$ Proof: A and B are two elements in GF(2^m); then, the product A and B² can be obtained from Eq. (11) as, ${\mathrm{AB}}^2=\sum _{i=0}^m\sum _{j=0}^m{A}_j{S}_{<i-j>}{\alpha }^i.$ Splitting the right side of this equation into two terms with i=even and i=odd, yields, $\begin{array}{cc}{\mathrm{AB}}^2=\underset{\mathrm{even}}{\sum _{i=0}^m}\sum _{j=0}^m{A}_{<i-j>}{S}_j{\alpha }^i+\underset{\mathrm{odd}}{\sum _{i=1}^{m-1}}\sum _{j=0}^m{A}_{<i-j>}{S}_j{\alpha }^i.& \left(12\right)\end{array}$ Notably, m must be even for an irreducible AOP of degree m. Substituting aⁱ=a^m+1+i and <i−j>=<m+1+i−j> into the second term on the right side of Eq. (12) gives $\begin{array}{cc}{\mathrm{AB}}^2=\underset{\mathrm{even}}{\sum _{i=0}^m}\sum _{j=0}^m{A}_{<i-j>}{S}_j{\alpha }^i+\underset{\mathrm{odd}}{\sum _{i=0}^m}\sum _{j=0}^m{A}_{<m+1+i-j>}{S}_j{\alpha }^{m+1+i}.& \left(13\right)\end{array}$ Taking i=2p for i=even where p=0, 1, . . . , m/2, and taking i=2p−m−1 for i=odd, where p=(m/2)+1, (m/2)+2, . . . , m, Eq. (13) can be rewritten as, $\begin{array}{cc}{\mathrm{AB}}^2=\sum _{p=0}^m\sum _{j=0}^m{A}_{<2p-j>}{S}_j{\alpha }^{2p}.& \left(14\right)\end{array}$ Let k be an integer such that 0≦k≦m. Then <p+k> must be in the range 0≦<p+k>≦m for 0≦p≦m. Thus, j=<p+k> can be substituted into the subscripts of A_<2p−j>S_j in Eq. (14) to obtain, $\begin{array}{cc}{\mathrm{AB}}^2=\sum _{k=0}^m\sum _{p=0}^m{A}_{<p-k>}{S}_{<p+k>}{\alpha }^{2p}.& \left(15\right)\end{array}$ Comparing Eq. (15) with Eq. (10) finally gives, ${\mathrm{AB}}^2=\sum _{k=0}^m{A}^{\left(k\right)}·S^{\left(-k\right)}$ That is, ${\mathrm{AB}}^2=\sum _{i=0}^m{A}^{\left(i\right)}·{\left(B^2\right)}^{\left(-i\right)}$

EXAMPLE 2

Assume that {1, a, a², a³, a⁴} is an extended basis of the field GF(2⁴). Let A=A₀+A₁a+A₂a²+A₃a³+A₄a⁴ and B=B₀+B₁a+B₂a²+B₃a³+B₄a⁴ be two elements of the field GF(2⁴). And let D=D₀+D₁a+D₂a²+D₃a³+D₄a⁴ be the product of A and B². By employing the properties of a^m+1+i=aⁱ modulo (a^m+1+1) for m=4, the product D can then be computed using Theorem 2: $\begin{array}{cccccc}& a^0& a^2& a^4& a^6\left(=a^1\right)& a^8\left(=a^3\right)\\ A^{\left(0\right)}·{\left(B^2\right)}^{\left(-0\right)}=& A_0{B}_0& A_1{B}_3& A_2{B}_1& A_3{B}_4& A_4{B}_2\\ A^{\left(1\right)}·{\left(B^2\right)}^{\left(-1\right)}=& A_4{B}_3& A_0{B}_1& A_1{B}_4& A_2{B}_2& A_3{B}_0\\ A^{\left(2\right)}·{\left(B^2\right)}^{\left(-2\right)}=& A_3{B}_1& A_4{B}_4& A_0{B}_2& A_1{B}_0& A_2{B}_3\\ A^{\left(3\right)}·{\left(B^2\right)}^{\left(-3\right)}=& A_2{B}_4& A_3{B}_2& A_4{B}_0& A_0{B}_3& A_1{B}_1\\ +A^{\left(4\right)}·{\left(B^2\right)}^{\left(-4\right)}=& A_1{B}_2& A_2{B}_0& A_3{B}_3& A_4{B}_1& A_0{B}_4\\ & D_0& D_2& D_4& D_1& D_3\end{array}\hspace{1em}$

Definition 4: Let A=A₀+A₁a+ . . . +A_ma^m and B=B₀+B₁a+ . . . +B_ma^m be two elements of GF(2^m), represented with the extended basis {1, a, a², . . . , a^m}, where a is a root of the irreducible AOP of degree m. If A and B are represented with A_m=B_m=0, then A_iB_m and A_mB_i equal zero, for 0≦i≦m. Those terms are called fixed zero terms.

Definition 4 yields the following theorem.

Theorem 3: Assume that A=A₀+A₁a+ . . . +A_ma^m and B=B₀+B₁a+ . . . +B_ma^m are two elements in GF(2^m), and a is a root of the irreducible. AOP of degree m. If A and B are represented with A_m=B_m=0, then the product of A and B over GF(2^m) includes 2m+1 fixed zero terms. Proof: According to Eq. (11), the product of A and B² over GF(2^m) has (m+1)² terms Since A_m=B_m=0, Eq. (11) can be simplified as, $\begin{array}{cc}{\mathrm{AB}}^2=\left(A_0+A_1\alpha +\dots +A_{m-1}{\alpha }^{m-1}+0{\alpha }^m\right){\left(B_0+B_1\alpha +\dots +B_{m-1}{\alpha }^{m-1}+0{\alpha }^m\right)}^2=\left(A_0+A_1\alpha +\dots +A_{m-1}{\alpha }^{m-1}\right)\left(B_0+B_1{\alpha }^2+\dots +B_{m-1}{\alpha }^{2\left(m-1\right)}\right)=\left(\sum _{j=0}^{m-1}{A}_j{\alpha }^j\right)\left(\sum _{i=0}^{m-1}{B}_i{\alpha }^{<2i>}\right)& \left(16\right)\end{array}$

According to Eq. (16) the product of A and B² over GF(2^m) has m×m=m² terms. Therefore, the product of A and B² over GF(2^m) has 2 m+1 fixed zero terms.

Using theorem 3, the C+AB² circuit can be simplified by omitting the fixed zero terms. The following example illustrates the fixed zero terms of C+AB² over GF(2⁴).

EXAMPLE 3

Assume that {1, a, a², a³, a⁴} is an extended basis of the field GF(2⁴). Let A=A₀+A₁a+A₂a²+A₃a³+A₄a⁴, B=B₀+B₁a+B₂a²+B₃a³+B₄a⁴ and C=C₀+C₁a+C₂a²+C₃a³+C₄a⁴ be three elements of the field GF(2⁴), where A₄=B₄=C₄=0. Let D=D₀+D₁a+D₂a²+D₃a³+D₄a⁴ be the product of C+AB 2. The product D can then be computed using theorems 1 and 3: $\begin{array}{cccccc}& a^0& a^2& a^4& a^6\left(=a^1\right)& a^8\left(=a^3\right)\\ C=& C_0& C_2& C_4& C_1& C_3\\ A^{\left(0\right)}·{\left(B^2\right)}^{\left(-0\right)}=& A_0{B}_0& A_1{B}_3& A_2{B}_1& \left(A_3{B}_4=0\right)& \left(A_4{B}_2=0\right)\\ A^{\left(1\right)}·{\left(B^2\right)}^{\left(-1\right)}=& \left(A_4{B}_3=0\right)& A_0{B}_1& \left(A_1{B}_4=0\right)& A_2{B}_2& A_3{B}_0\\ A^{\left(2\right)}·{\left(B^2\right)}^{\left(-2\right)}=& A_3{B}_1& \left(A_4{B}_4=0\right)& A_0{B}_2& A_1{B}_0& A_2{B}_3\\ A^{\left(3\right)}·{\left(B^2\right)}^{\left(-3\right)}=& \left(A_2{B}_4=0\right)& A_3{B}_2& \left(A_4{B}_0=0\right)& A_0{B}_3& A_1{B}_1\\ +A^{\left(4\right)}·{\left(B^2\right)}^{\left(-4\right)}=& A_1{B}_2& A_2{B}_0& A_3{B}_3& \left(A_4{B}_1=0\right)& \left(A_0{B}_4=0\right)\\ D=& D_0& D_2& D_4& D_1& D_3\end{array}\hspace{1em}$

Example 3 involves nine fixed zero terms that forms A4Bi and AiB4 are zeroes and need not be computed.

FIG. 1(a) shows a parallel-in-parallel-out systolic multiplier to perform the above computation. The multiplier consists of 16 U cells and nine latch units. Each U cell employs one 2-input AND gate and one 2-input XOR gate, as shown in FIG. 1(b). The three 1-bit latches in each cell are used to delay each output of the cell by one clock cycle. Notably, bits A₄, B₄ and C₄ are zeroes and need not be input. The modular unit (MU), as shown in FIG. 1(c), is used to compute the operation of modulo p(α). Since p(α)=1+α+α²+α³+α⁴=0 (or α⁴=1+α+α²+α³), the product can be obtained from the relationship D(a)=d₀+d₁a+d₂a²+d₃a³=D₀+D₁a+D₂a²+D₃a³+D₄a⁴ mod p(α); and therefore d_i=D_i+D₄, for i=0, 1, 2, 3.

2.3 Ringed AOP-Based circuit FIG. 1(a) shows some global connections that cause a long delay in a VLSI circuit over GF(2^m) if m is large. From Eq. (5), the order of a²ⁱ has a cyclic property with modulo (a^m+1+1). For example, the sequence <a⁰ a² a⁴ a¹ a³> is cyclic with modulo (a⁵+1) as in FIG. 2.

Using the cyclic property of the sequence <a⁰ a² a⁴ a¹ a³>, FIG. 3 depicts a ringed parallel-in parallel-out systolic multiplicative circuit that realizes the computation in example 3. The circuit includes 16 U cells, U_i,j, where i and j are the row and column numbers, respectively. The circuit of the U cell is that same as that shown in FIG. 1. FIG. 3 performs the following equations. T_0,j=C_<2j>, initialization, for j=0, 1 . . . , m.  (17) T_i+1,j=T_i,j+A_j⁽ⁱ⁾S_j⁽⁻ⁱ⁾, for i=0, 1 . . . , m and j=0, 1 . . . , m  (18) D_<2j>=T_m+1,j, for j=0, 1 . . . , m  (19)

Where S_j is defined as in Eq. (8). The product D can be computed, as the following steps:

The item a³ is rearranged to the leftest by cyclic property in above steps. The advantage of the circuit in FIG. 3 is no any global connections. Several points should be addressed. Using Eq. (18), in the ring level 0, the U cell at position P_0,3 for computing the bit operation T_1,3=T_0,3+A₃B₄ can be replaced by a bit latch because B₄=0, and the U cell at position P_0,4 for computing the bit operation T_1,4=T_0,4+A₄B₂ can be replaced by a bit latch because A₄=0. In the next level ring, A₄ or B₄ shifts to the right or the left, respectively. Then, in the ring level 1, at position P_1,0 or P_1,2 each bit operation for computing T_2,0=T_1,0+A₄B₃ or T_2,2=T_1,2+A₁B₄ requires only one bit latch rather than a U cell. The others, the positions P_2,1 P_3,0 P_3,2 P_4,3, and P_4,4, can be replaced by bit latches.

The positions of the ring using latches instead of U-cells are as the follows.

Where P_i,j denotes position in row i and column j. In FIG. 3, as in the example illustrated in FIG. 1, the three elements A, B and C in GF(2⁴) are used as the three inputs of the modified version, and D represents the result of C+AB². Comparing the modified circuit with the circuit in [reference 4] shows that the total number of input pins has been reduced from 23 to 12, and the number of U cells has been reduced from 25 to 16.

3. Modified ESP-Based Multiplier

This section proposes an ESP-Based multiplier. The method for computing C+AB² based on an irreducible AOP can also be applied to compute the multiplication based on an irreducible ESP.

3.1 Algorithm

A polynomial of the form g(x)=1+x^r+ . . . +x^(n−1)r+x^nr is called an r-equally spaced polynomial (r-ESP) of degree nr. Let g(x)=p(x^r), then p(x) is an AOP of degree n. If p(x) is an irreducible AOP, then r-ESP g(x) has been shown to be irreducible if and only if r=(n+1)^j≠1 modulo (n+1)r, for j≧1 [reference 5]. For nr≦100, the possible pairs (nr,r) for which an r-ESP of degree nr is irreducible, are (6,3), (18,9), (20,5), (54,27) and (100,25).

Now, suppose that a is a root of the irreducible r-ESP of degree nr. Then, an element A in the Galois field GF(2^nr) can be represented as A=a₀+a₁a+ . . . +a_nr−1a^nr−1 using the canonical basis {1, a, a² . . . , a^nr−1} where a_iεGF(2) for 0≦i≦nr−1. The element A can also be represented using the extended basis {1, a, a², . . . , a^(n+1)r−1}, as, $A=A_0+A_{1}a+\dots +A_{\left(n+1\right)r-1}{a}^{\left(n+1\right)r-1}=\sum _{i=0}^{\left(n+1\right)r-1}{A}_i{\alpha }^i,$ where A_i=a_i, for 0≦i≦nr−1 and A_i=0 for nr≦i≦(n+1)r−1.

EXAMPLE 4

Assume that a is a root of the r-ESP g(x)=1+x³+x⁶ (that is, g(x) is an irreducible ESP with nr=6 and r=3). Then, {1, a, a², a³, a⁴, a⁵} is a canonical basis of the Galois field GF(2⁶) and {1, a, a², a³, a⁴, a⁵, a⁶, a⁷, a⁸} can be used as an extended basis of this canonical basis. Thus, an element in GF(2⁶) can be represented as A=a₀+a₁a+a₂a²+a₃a³+a₄a⁴+a₅a⁵=A₀+A₁a+A₂a²+A₃a³+A₄a⁴+A₅a⁵+A₆a⁶+A₇a⁷+A₈a⁸ using the extended basis, where the A=a_i, for 0≦i≦5, and A₆=A₇=A₈=0.

Theorem 4: Assume that A=A₀+A₁a+ . . . +A_(n+1)r−1a^(n+1)r−1 and B=B₀+B₁a+ . . . +B_(n+1)r−1a^(n+1)r−1 are two elements in GF(2^nr), which are represented with the extended basis {1, a, a², . . . , a^(n+1)r−1} where a is a root of the irreducible r-ESP of degree nr. Then, the product of A and B² over GF(2^nr) includes (2n+1)r² fixed zero terms of the form A_iB_j or A_jB_i, for nr≦j≦(n+1)r−1, and 0≦i≦(n+1)r−1, if A and B are represented with A_j=B_j=0, for nr≦j≦(n+1)r−1. Proof: According to Eq. (16), the product of A and B² over GF(2^nr) is, $\begin{array}{cc}{\mathrm{AB}}^2=\left(A_0+A_1\alpha +\dots +A_{\left(n+1\right)r-1}{\alpha }^{\left(n+1\right)r-1}\right){\left(B_0+B_1\alpha +\dots +B_{\left(n+1\right)r-1}{\alpha }^{\left(n+1\right)r-1}\right)}^2,=\left(\sum _{j=0}^{\left(n+1\right)r-1}{A}_j{\alpha }^j\right)\left(\sum _{i=0}^{\left(n+1\right)r-1}{B}_i{\alpha }^{<2i>}\right),=\sum _{i=0}^{\left(n+1\right)r-1}\sum _{j=0}^{\left(n+1\right)r-1}{A}_j{B}_{<i-j>}{\alpha }^i.& \left(20\right)\end{array}$ where <θ>, the subscript of B_<θ>, denotes the least nonnegative residues of θ modulo (n+1)r (for all ESP-Based GF(2^nr)). Equation (20) has ((n+1)r)² multiplicative terms. Since A_j=B_j=0 for nr≦j=(n+1)r−1, Eq. (20) can be simplified as, $\begin{array}{cc}{\mathrm{AB}}^2=\left(A_0+A_1\alpha +\dots +A_{\mathrm{nr}-1}{\alpha }^{\mathrm{nr}-1}\right){\left(B_0+B_1\alpha +\dots +B_{\mathrm{nr}-1}{\alpha }^{\mathrm{nr}-1}\right)}^2,=\left(\sum _{j=0}^{\mathrm{nr}-1}{A}_j{\alpha }^j\right)\left(\sum _{i=0}^{\mathrm{nr}-1}{B}_i{\alpha }^{<2i>}\right),=\sum _{i=0}^{\mathrm{nr}-1}\sum _{j=0}^{\mathrm{nr}-1}{A}_j{B}_{<i-j>}{\alpha }^i.& \left(21\right)\end{array}$ According to Eq. (21) the product of A and B² over GF(2^nr) has (nr)² terms. Therefore, the product of A and B² over GF(2^m) has ((n+1)r)²−(nr)²=(2n+1)r² fixed zero terms.

Since a is a root of the irreducible r-ESP g(x)=1+x^r+ . . . +x^nr, g(a)=1+a^r+ . . . +a^nr=0. Assume that two elements A=A₀+A₁a+A₂a²+ . . . +A_(n+1)r−1a^(n+1)r−1 and B=B₀+B₁a+B₂a²+ . . . +B_(n+1)r−1a^(n+1)r−1; then, the product of A and B², according to Theorem 2 and Eq. (20), can be expressed as, $\begin{array}{cc}{\mathrm{AB}}^2=A^{\left(0\right)}·{\left(B^2\right)}^{\left(-0\right)}+A^{\left(1\right)}·{\left(B^2\right)}^{\left(-1\right)}+\dots +A^{\left(\left(n+1\right)r-1\right)}·{\left(B^2\right)}^{\left(-\left(n+1\right)r+1\right)}=\sum _{i=0}^{\left(n+1\right)r-1}{A}^{\left(i\right)}·{\left(B^2\right)}^{\left(-i\right)}& \left(22\right)\end{array}$ Thus, the method of multiplication based on an irreducible AOP can also be used for multiplication based on an irreducible ESP. 3.2 Ringed Circuit of an ESP-Based Multiplier

Assume that two elements A=a₀+a₁a+a₂a²+a₃a³+a₄a⁴+a₅a⁵=A₀+A₁a+A₂a²+ . . . +A₈a⁸ and B=b₀+b₁a+b₂a+b₃a+b₄a⁴+b₅a⁵=B₀+B₁α+B₂α²+ . . . +B₈α⁸, Let D=D₀+D₁a+D₂a²+ . . . +D₈a⁸ be the product of AB²+C, where A, B and C are elements over GF(2⁶). Set the initial value T₀=C. The product D can then be computed using Eq. (22), as follows.

The sequence D₀, D₂, D₄, D₆, D₈, D₁, D₃, D₅, D₇, is a permutation of the sequence D₀, D₁, D₂, D₃, D₄ D₅, D₆, D₇, D₈. Notably, the terms that include A₆, A₇, A₈, B₆, B₇ and B₈ are all zeros, such that A_jB_k and A_kB_j need not be computed for 6≦j≦8 and 0≦k≦8. Using Eq. (18), the zeroth ring level, U cells for computing the bit operation T_1,3=T_0,3+A₃B₆, T_1,5=T_0,5+A₅B₇ and T_1,7=T_0,7+A₇B₈ can be replaced by bit latches respectively, because B₆=B₇=B₈=0, and those for performing the bit operation T_1,6=T_0,6+A₆B₃ T_1,7=T_0,7+A₇B₈, and T_1,8=T_0,8+A₈B₄ can be replaced by bit latches since A₆=A₇=A₈=0. In the first level ring, A₄ or B₄ shifts to the right or the left, respectively. Then, each bit operation for computing T_2,2=T_1,2+A₁B₆, T_2,4=T_1,4+A₃B₇, T_2,6=T_1,6+A₅B₈, T_2,7=T_1,7+A₆B₄, T_2,8=T_1,8+A₇B₀ and T_2,<9>=T_2,0=T_1,0+A₈B₅ requires only one bit latch instead of a U cell, respectively.

Now, positions of the ring that uses latches rather than cells is described briefly as follows.

where position P_i,j, in which i and j are the row and column numbers, respectively.

As introduced in Section 3, use a ringed structure to realize the circuit of the cyclic shift sequence <a⁰ a² a⁴ a⁶ a⁸ a¹ a³ a⁵ a⁷>. FIG. 4 depicts the ringed bit-parallel systolic multiplier based on 3-ESP x⁶+x³+1, as a simple illustration; the detail of the U-cell circuit is as shown in FIG. 1. FIG. 4 shows the positions of each level ring that uses a latch rather than a U cell. the proposed ESP-based systolic multiplier comprises (nr)² U cells and (2n+1)r² latch units. Herein, only the positions of the ring in which cells can be replaced by latches are discussed. From FIG. 4, cells over GF(2⁶) in positions P_i<2j> with A_kB₆A_kB₇, A_kB₈ and A₆B_k A₇B_k A₈B_k for 0≦k≦8 can be replaced by latches.

The positions of the ringed ESP-based over GF(2^nr) are obtained according to a general rule as follows.

• Step 1: //Initialization. Hereafter, P_i,j denotes the position of level i and column j, in an r-ESP structure
  • for every i=1, 2, . . . , (n+1)r−1, and j=1, 2, . . . , (n+1)r−1 that P_i,j=U-Cell;
• Step 2: //Replace U-cells of A_jB_k and A_kB_j with latches
  • for every i=1, 2, . . . , (n−1)r−1,
    • for j=nr+i, nr+i+1, . . . , (n+1)r+i−1 that
      • P_i,j=Latch; // for A_jB_k, where 0≦k≦(n+1)r−1, fixed zero terms,
    • for j=(n−1)r−i, (n−1)r−i+2, . . . (n+1)r−i−2, that
    • P_i,j=Latch; // for A_kB_j, where 0≦k≦(n+1)r−1, fixed zero terms This rule is suitable for both AOP-based and ESP-based systolic architectures. For r=1, the above algorithm is an AOP-based systolic architecture.

Clearly, the proposed three-dimensional ESP-based systolic architecture over GF(2^nr) requires only (n+1)r clock cycles. Moreover, the circuit needs no global connections and the proposed ESP-based systolic multiplier can save (2n+1)r² U cells by ignoring the fixed zero terms.

4. Comparison and Discussion

This work has presented a three-dimensional ringed parallel systolic AOP-based multiplier for computing C+AB, AB, C+AB² or AB² over GF(2^m). The latency of the AOP-based multipliers is only m+1 clock cycles in performing a multiplication over GF(2^m). The number of input pins is only 3m, which equals the sum of the number of bits in A, B and C. Table 1 compares the new AOP-based parallel systolic multipliers with those of Liu [reference 3], Lee [reference 4] and Lee [reference 11]. The table reveals that the ringed AOP-based multipliers (RAOPM) include fewer gates and fewer input pins than other multipliers. Clearly, the ringed systolic multipliers involve much low hardware complexity and no global connections, which characteristics are of course advantageous in VLSI implementation. Notably, the Architecture of C+AB² is used to illustrate the structures and operations of a new multiplier presented in this paper, However, the extension of these structures to a general case of C+AB, AB or AB² is straightforward.

Although the invention has been explained in relation to its preferred embodiment, it is to be understood that many other possible modifications and variations can be made without departing from the spirit and scope of the invention as hereinafter claimed.

TABLE 1
Comparison of the ringed AOP multiplier with related
bit-parallel systolic multipliers over GF(2m).
	Multipliers
				Proposed
Items	Liu[3]	Lee[4]	Lee[11]	in FIG. 3
type	C + AB2	C + AB2	C + AB	C + AB2
Number of
total gates
2-input AND	(m + 1)2	(m + 1)2	(m + 1)2	m2
2-input XOR	(m + 1)2	(m + 1)2	(m + 1)2	m2
1-bit latch	3(m + 1)2	3(m + 1)2	3(m + 1)2	3m2 +
				4m − 1
Minimum possible	TA +	TA +	TA +	TA +
clock period	TX + TL	TX + TL	TX + TL	TX + TL
Global	Free, but	Free	yes	Free
connections	jump
	connections
Input pins	5m + 3	5m + 3	3m + 3	3m
Latency	2m + 2	m + 1	m + 1	m + 1

REFERENCES

• [1] S. W. Wei, “A Systolic Power-Sum Circuit for GF(2^m),” IEEE Trans. on Computers vol. 43, no. 2, pp. 226-229, February 1994.
• [2] C. L. Wang and J. H. Guo, “New Systolic Array for C+AB², Inversion, and Division in GF(2^m),” IEEE Trans. on Computers vol. 49, no. 10, pp. 1120-1125, October 2000.
• [3] C. H. Liu, N. F. Huang and C. Y Lee, “Computation of AB² Multiplier in GF(2^m) Using an Efficient Low-Complexity Cellular Architecture,” IEICE Trans. Fundaments, vol. E83-A, no. 12, pp. 2657-2663, December 2000.
• [4] C. Y. Lee, E. H. Lu and L. F. Sun, “Low-Complexity Bit-parallel Systolic Architecture for Computing AB²+C in a Class of Finite Field GF(2^m),” IEEE Trans. on Circuits Syst. II vol. 48, no. 5, pp. 519-523, May. 2001.
• [5] T. Itoh and S. Tsujii, “Structure of parallel multipliers for a class of fields GF(2^m),” Information and Computation, Vol. 83, pp. 21-40, 1989.
• [6] M. A. Hasan, M. Z. Wang, and V. K. Bhargava, “Modular construction of low complexity parallel multipliers for a class of finite fields GF(2^m),” IEEE Trans. on Computers vol. 41, no. 8, pp. 962-971, August 1992.
• [7] C. K. Koc and B. Sunar, “Low complexity bit-parallel canonical and normal basis multipliers for a class of finite fields,” IEEE Trans. on Computers vol. 47, no. 3, pp. 353-356, March 1998.
• [8] H. Wu, and M. A. Hasan, “Low-complexity bit-parallel multipliers for a class of finite fields,” IEEE Trans. on Computers vol. 47, no. 8, pp. 883-887, August 1998.
• [9] H. Wu, M. A. Hasan, and L. F. Blake, “New low-complexity bit-parallel finite field multipliers using weakly dual bases,” IEEE Trans. on Computers vol. 47, no. 11, pp. 1223-1234, November 1998.
• [10] C. Y. Lee, E. H. Lu, and J. Y Lee, “Bit-Parallel Systolic Multipliers for GF(2^m) Fields Defined by All-One and Equally-Spaced Polynomials,” IEEE Trans. on Computers, No. 5, pp. 385-393, May 2001.
• [11] C. Y. Lee, E. H. Lu, and J. Y. Lee, “Bit-Parallel Systolic Modular Multipliers for for a class of GF(2^m),” 15th IEEE Symposium on Computer Arithmetic (Arith-2001), Vail, Colo., USA, pp. 51-58, June 2001.
• [12] EEE-SA Standards Board, “IEEE Std. 1363-2000, IEEE Standard Specifications for Public-Key Cryptography,” January 2000.

Claims

1. A low complexity bit-parallel systolic architecture for computing C+AB, AB, C+AB2 or AB2 over a class of GF(2m) free global connection, wherein the A, B and C are the input elements of the GF(2m).

2. The systolic architecture as claimed in claim 1 comprising an inner product unit and a modular arithmetic unit, the inner product unit including m2 pieces of U cells and 2 m+1 pieces of latch units, each U cell including a AND gate, an XOR gate and three latches, the coefficients Aj, Bj and C<2> of A, B and C respectively inputted via the input ends Aj, Sj and C<2j> of U0,j, wherein the <2j> represents the 2j modulo m+1, the modular arithmetic unit including m pieces of repulsive XOR gate for computing the modular p(x).

3. The systolic architecture as claimed in claim 1 further comprising an inner product unit, after the inner product unit computing the U cell of the first stratum, the A and B respectively right and left endlessly moved into the cell of the second stratum and running the following formula,

4. The systolic architecture as claimed in claim 1, wherein the circuit achieves GF(24) and the output D is a result of C+AB that can be easily popularized to a class of GF(2m), wherein the m is a plus integer that is kept in a modular polynomial.

5. The systolic architecture as claimed in claim 1 being used to computing A multiply B when the coefficient of C is zero.

6. The systolic architecture as claimed in claim 1 being used in GF(2m) formed by a modular polynomial for computing C+AB2.

7. The systolic architecture as claimed in claim 6 comprising an inner product unit and a modular arithmetic unit, the inner product unit including m2 pieces of U cells and 2m+1 pieces of latch units, each U cell including a AND gate, an XOR gate and three latches, the coefficients Aj, Bj and C<2j> of A, B and C respectively inputted via the input ends Aj, Sj and C<2j> of U0,j, wherein the <2j> represents the 2j modulo m+1, the modular arithmetic unit including m XOR gates for computing the modular p(x).

8. The systolic architecture as claimed in claim further comprising an inner product unit, after the inner product unit computing the U cell of the first stratum, the A and B respectively right and left endlessly moved into the cell of the second stratum and running the following formula,

9. The systolic architecture as claimed in claim 6, wherein the circuit achieves GF(24) and the output D is a result of C+AB2 that can be easily popularized to a class of GF(2m), wherein the m is a plus integer that is kept in a modular polynomial.

10. The systolic architecture as claimed in claim 6 being used to computing A multiply B2 when the coefficient of C is zero.

11. A architecture for computing C+AB over a class of GF(2nr) formed by a all one polynomial, wherein the A, B and C are the input elements of the GF(2nr).

12. The systolic architecture as claimed in claim 11 comprising an inner product unit and a modular arithmetic unit, the inner product unit including (nr)2 pieces of U cells and (2n+1)r2 pieces of latch units, each U cell including a AND gate, an XOR gate and three latches, the coefficients Aj, Bj and C<2j> of A, B and C respectively inputted via the input ends Aj, Sj and C<2j> of U0,j, wherein the <2j> represents the 2j modulo (n+1)r, the modular arithmetic unit including n*r XOR gates for computing the modular p(x).

13. The systolic architecture as claimed in claim 11 further comprising an inner product unit, after the inner product unit computing the U cell of the first stratum, the A and B respectively right and left endlessly moved into the cell of the second stratum and running the following formula,

14. The systolic architecture as claimed in claim 11, wherein the circuit achieves GF(26) and the output D is a result of C+AB that can be easily popularized to a class of GF(2nr), wherein the nr is a plus integer that is kept in a modular polynomial.

15. The systolic architecture as claimed in claim 11 being used to computing A multiply B when the coefficient of C is zero.

16. A architecture for computing C+AB over a class of GF(2nr) based on an equally spaced polynomial (ESP), wherein the A, B and C are the input elements of the GF(2nr).

17. The systolic architecture as claimed in claim 16 comprising an inner product unit and a modular arithmetic unit, the inner product unit including (nr)2 pieces of U cells and (2n+1)r2 pieces of latch units, each U cell including an AND gate, an XOR gate and three latches, the coefficients Aj, Bj and C<2j> of A, B and C respectively inputted via the input ends Aj, Sj and C<2j> of U0,j, wherein the <2j> represents the 2j modulo (n+1)r, the modular arithmetic unit including n*r XOR gates for computing the modular p(x).

18. The systolic architecture as claimed in claim 16 further comprising an inner product unit, after the inner product unit computing the U cell of the first stratum, the A and B respectively right and left endlessly moved into the cell of the second stratum and running the following formula,

19. The systolic architecture as claimed in claim 16, wherein the output D is a result of C+AB that can be easily popularized to a class of GF(2nr) based on ESP, wherein the n and r are integers.

20. The systolic architecture as claimed in claim 16 being used to computing A multiply B when the coefficients of C are zeroes.