Finite Field Arithmetic and Implementations. Xinmiao Zhang Case Western Reserve University

Transcription

1 Finite Field Arithmetic nd Implementtions Xinmio Zhng Cse Western Reserve University

2 Applictions of Finite Field Arithmetic Error-correcting codes Hmming codes BCH codes Reed-Solomon codes Low-density prity-check codes Cryptosystems: Elliptic curve cryptogrphy Advnced Encryption Stndrd Biometric encryption Public key cipher Symmetric key cipher

3 Group A group is set of objects G on which binry opertion. is defined. The binry opertion tkes ny two elements in G nd genertes s its result n element tht is lso in G. The opertion must stisfy the following requirements if G is group. Associtivity: (. b). c =. (b. c) for ll, b, c G. Identity: there exists e G such tht. e =e. = for ll G. Inverse: for ech G there exists unique element - G such tht A group is sid to be commuttive (or belin) if it lso stisfies 4. Commuttivity: for ll,b G,. b = b. e

4 Field Let F be set of objects on which two opertions + nd. re defined, F is sid to be field iff. F forms commuttive group under +, the dditive identity element is lbeled.. F-{} forms commuttive group under. The multiplictive identity element is lbeled.. The opertion + nd. distributes:. (b+c)=(.b)+(.c) A field with finite number of elements is clled finite field, lso clled Glois Field, denoted by GF(p). p cn be prime number or power of prime.

5 Exmples of Finite Fields Finite field GF() consists of elements nd + XOR opertion dditive identity:. AND opertion; multiplictive identity: Finite field GF(7) consists of elements,, 6 + mod 7 integer ddition dditive identity:. mod 7 integer multipliction multiplictive identity:

6 Irreducible Polynomil & Extension Field m m A polynomil P( x) pmx pm x p, whose coefficients p i re elements of field GF(q), is clled polynomil over GF(q). A polynomil P(x) is irreducible over GF(q) if P(x) is only divisible by cgf(q) or itself. P(x) cn be used to construct extension field GF(q m ). Ech element in GF(q m ) cn be represented s polynomil of degree m- over GF(q) + polynomil ddition. polynomil multipliction modulo P(x)

7 Exmple of Extension Field P(x)=x +x+ cn be used to construct GF( ). An element A GF( ) cn be expressed by three bits (,, ), which cn be considered s the coefficients of polynomil A(x)= x + x+. Similrly, nother element B cn be expressed s: B(x)=b x +b x+b. + A(x)+B(x)=( b )x +( b )x +( b ) dditive identity:. A(x). B(x) mod P(x) multiplictive identity: {x, x, }, where x is root of P(x), is clled stndrd (polynomil) bsis of GF( ).

8 Representtions of Finite Field Elements Stndrd bsis Norml bsis Dul bsis Power representtion For n element α GF(q m ), the minimum integer r, such tht α r =, is clled the order of α. The mximum order of ny element is q m -, nd n element with order q m - is clled primitive element. All the nonzero elements of GF(q m ) cn be represented by the powers of primitive element α q {,,, } An irreducible polynomil whose roots hve order q m - is clled primitive polynomil m

9 Representtion Conversion Binry extension field, GF( m ), is usully dopted for hrdwre implementtions, since ech element cn be represented by m-bit binry tuple. P(x)=x +x+ is primitive polynomil, nd cn be used to construct GF( ). Power Stndrd bsis, x: root of P(x) ~= x ~ x x= x modulo P(x) x+ 4 ~= x +x 5 ~ (x +x) x= x +x modulo P(x) x +x+

10 Composite Field Two pirs {GF(q n n i ), G( y) y } nd {GF((q n ) m i g i y m ), m i P( x) x p } re clled i i x composite field if GF(q n ) is constructed from GF(q) by G(y). GF((q n ) m ) is constructed from GF(q n ) by P(x). A composite field GF((q n ) m ) is isomorphic to the field GF(q k ) with k=nm. n Ech element of GF((q n ) m ) cn be expressed s m elements of GF(q n )

11 Implementtion of Finite Field Arithmetic

12 Finite Field Addition Additions over GF( m ) using bsis representtions cn be performed by bit-wise XOR opertion Additions over GF( m ) using power representtion need look-up tbles of size m m Exmple: GF( ) cn be constructed using irreducible polynomil P(x)=x +x+ α α 4 α α 5 α α 6 α +α 4 + = α

13 Finite Field Multipliers

14 Multipliction using Power Representtion Using power representtion, multipliction over GF( m ) cn be implemented by dding up the exponents of the opernds modulo m -. Exmple: multiplictions over GF( ) 5 6 (56)mod7 4 Implementtion: m-bit unsigned integer ddition with the crry-out dded to the lest significnt bit.

15 Multipliction using Stndrd Bsis The product of A(x) nd B(x) is C(x)=A(x)B(x) mod P(x) C x B x P x xb x P x x B x P x m ( ) ( )mod ( ) ( ( ))mod ( ) m( ( ))mod ( ) C(x) XTime B(x) 7 XTime XTime XTime b 7 Xtime: multiply n element by x modulo P(x) b 7 b 7 b 7 b 7 P(x)=x 8 + x 7 + x 6 +x+

16 Multipliction over Composite Field In composite field GF(( n ) m ), the elements re represented by polynomils with mximum degree m- over GF( n ) m m m x mx i GF( n ) A( x) The complexity of composite field multipliction cn be reduced by the Krtsub-Ofmn Algorithm (KOA), which reduces the number of sub-field multiplictions t the cost of more dditions.

17 Multipliction over Composite Field C(x)=A(x)B(x) m m m m m m m h l m m m m m m m h l A( x) x ( x ) ( x ) x A ( x) A( x) Bx ( ) x ( x b b ) ( x b b) x B( x) B( x) define D() x A() x B() x l l D () x [ A() x A()][ x B() x B ()] x D () x A() x B () x h l h l h h m m C( x) x D ( x) x [ D ( x) D ( x) D ( x)] D ( x) The number of element multiplictions is reduced m /4m

18 Finite Field Inverters

19 Inversion Using Look-up Tble & Power representtion Inversions over GF( m ) cn be implemented by look-up tbles of size m m Assuming n element AGF( m ) cn be expressed in power representtion s A=α b, where α is primitive element of GF( m ) nd b< m - A b b b Exmple: for A=α 6 GF( 4 ), A - =α 6--6 =α 9 Implementtion: m-bit integer subtrction m m

20 Inversion using Multiply-squre For n element AGF( m ) (A), since m A m m m ( ) 4 A A A A A A A A A A A Compred to generl multiplier, squrer cn be implemented by simpler rchitecture Hs high complexity nd long ltency

21 Inversion over Composite Field GF(( m ) ) The inversion over GF(( m ) ) cn be converted to computtions over GF( m ) An element A GF(( m ) ) cn be represented s m A x),, GF( ) ( x Assume tht the irreducible polynomil used to construct GF(( m ) ) from GF( m ) is Px ( ) x x. Apply the Extended Eucliden lgorithm A ( x) ( ( ) ) x( )( ( ) ) x x

22 Exmple of Finite Field Inverter over GF( 8 )

23 Complexity of Constnt Multiplier over GF( 8 ) Assuming irreducible polynomil P(x)=x 8 +x 4 +x +x+ is used to construct GF( 8 ), the coefficients of C=A cn be computed s: c7=7+6 c6=5+ c5=6+5 c4=7+4+ c= c=5+ c=7+6+4 c=6+4+ Complexity: XOR gte Criticl pth: XOR gte

24 Complexity of Stndrd Bsis Multiplier 7 Complexity: 77 XOR, 64 AND Criticl pth: gtes

25 Inverter Bsed on Multiply-squre Approch A A A 54 A A 4 A 8 A 6 A A 64 A 8 A A A A A A A # of XOR: 59 # of AND: 84 Criticl pth: 64 gtes

26 Inverter Bsed on Multiply-squre Approch B A A 4 4 ( A ) ( A ) ( A ) 4 A A 4 A 4 A 4 # of XOR: *(+*)+77*4=85 # of AND: 64*4=56 Criticl pth: ++*+*=46 gtes

27 Inverter Bsed on Multiply-squre (C) Approch C A A A A 4 (A ) A A A A A 4 A 4 A - A 4 A : # of XOR: 75, # of AND: 4, Criticl pth: 6 gtes # of XOR: 75+*+**+*77=94 # of AND: 4+*64= Criticl pth: 6+*+*+**=8 gtes

28 Inverter bsed on Composite Field The following irreducible polynomils cn be used to construct the composite field of GF( 8 ): GF() GF( ) : P(x)=x +x+ GF( ) GF (( ) ) : P(x)=x +x+φ GF ( ) ) GF ((( ) ) ) : P(x)=x +x+λ φ= {}, λ = {} x x

29 Inverter Bsed on Composite Field Multiplictions over GF( 4 ) cn be further decomposed into GF( ), then into GF(). Multiplictions over GF() re simply AND opertions. φ= {}, λ = {} Block # of gtes Criticl pth XOR XOR x 4 XOR XOR Multiplier in GF( ) 4 XOR + AND XOR + AND Multiplier in GF( 4 ) XOR +9 AND 4 XOR + AND

30 Implementtion of Inversion over GF( 4 ) Approch D: Inversion over GF( 4 ) cn be implemented by multiply-squre for AGF( 4 ), A - =A 4 =A A 4 A 8 4 x x x 4 # of XOR: 54 # of AND: 8 Criticl pth: 4 gtes

31 Approch E: Inversion over GF( 4 ) cn be further decomposed into inversion over GF(( ) ) using the Extended Eucliden lgorithm Implementtion of Inversion over GF( 4 ) x x A ) ) ( ( ) ) ( )( ( ) ( x x x 4 4 # of XOR: 7 # of AND: 9 Criticl pth: 9 gtes

32 Approch F: The bits in A - ={ -, -, -, - } cn be expressed in terms of the bits in A={,,, } by following the computtions done by ech of the blocks in the previous figure Implementtion of Inversion over GF( 4 ) # of XOR: 4 # of AND: 9 Criticl pth: 5 gtes

33 Complexities of Inverters over GF( 8 ) Approch # of XOR # of AND Criticl pth A B C 94 8 D E 6 9 F GF( 8 ) decompose GF(( 4 ) ) GF( 4 ) decompose direct computtion GF(( ) ) E GF( 4 ) F