1 a new multiplication technique for gf(2 m ) with cryptographic significance athar mahboob and...
TRANSCRIPT
![Page 1: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/1.jpg)
1A New Multiplication Technique for GF(2m) with Cryptographic Significance
A New Multiplication Technique for GF(2m) with Cryptographic
SignificanceAthar Mahboob and Nassar Ikram
National University of Sciences & Technology, Pakistan
Presented at WISA 2004
August 23-25, 2004
Jeju Island, South Korea
![Page 2: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/2.jpg)
2A New Multiplication Technique for GF(2m) with Cryptographic Significance
Multiplication
Multiplication is a fundamental arithmetic operation in many algebraic structures such as GF(2m)
Other fundamental operations includeAdditionSubtractionSquaringDivisionInversionExponentiation
Hence multiplication is the most important arithmetic op but ... Multiplication more time consuming than addition, subtraction
and squaring
Addition and Subtraction are same in GF(2m). Addition is not a computational bottleneck Complexity is O(m)
}
Division can be replaced by inversion followed by multiplication. Inversion can be done using multiplication as per Fermat's Theorem
}
Squaring can be done as multiplication but there are very fast methods for squaring in GF(2m)
Exponentiation (repeated multiplication) can be efficiently done using binary method and improved versions of it such as ITI
![Page 3: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/3.jpg)
3A New Multiplication Technique for GF(2m) with Cryptographic Significance
Schoolbook Method
11110011 10000101 ----------------- 11110011 00000000X 11110011XX 00000000XXX 00000000XXXX 00000000XXXXX 00000000XXXXXX 11110011XXXXXXX ----------------- 111101010111111 -----------------
Examines bits of the multiplier and adds shifted versions of the multiplicand based on the bit
Maps easily into a Shift-and-Add Scheme
Partial Products are first created
Partial Products are added or accumulated to generate the Final Product
Number of bit operations are O(m2)
![Page 4: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/4.jpg)
4A New Multiplication Technique for GF(2m) with Cryptographic Significance
Our Research
GF(2m) Multiplication performance is critical for ECC cryptosystems defined using Elliptic Curves over GF(2m)
EC Point Addition and Doubling require 6 additions, 1 squaring, 2 multiplications and 1 inversion
Inversions can be replaced by multiplications using projective coordinates
Inversions can also be done using multiplications and squaring – Fermat's Little Theorem
Typical ECC Field sizes are 112 < m < 600 Standard fields use m which is prime (for presumed security) Standard fields support fast polynomial modular reduction
![Page 5: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/5.jpg)
5A New Multiplication Technique for GF(2m) with Cryptographic Significance
Issues with GF(2m) Multiplication in Software
Lack of machine level GF(2m) word-level multiply instruction
Bit level operations are required such as examining single bit at a time, shifts, ANDs, XORs
Modular Reduction may be a computational bottleneck for a general field polynomial
Decide on doing inter-leaved modular reduction or fast modular reduction at the end
We do fast modular reduction using trinomial or pentanomial at the end like most typical ECC implementations
![Page 6: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/6.jpg)
6A New Multiplication Technique for GF(2m) with Cryptographic Significance
Multitude of Multiplication Techniques
Multiplication Classical Multiplication Modular Multiplication
GF(p) Multiplication followed by classical long division Multiplication followed by Fast Reduction Techniques
• Barret Reduction Montgomery Multiplication dispenses with modular reduction step
GF(2m) – Polynomial Basis Multiplication followed by classical long division Multiplication followed by Fast Reduction Techniques
• Trinomial/Pentanomial Modular Reduction Montgomery Multiplication dispenses with modular reduction step LookUp Tables based Multiplication
• Any m• Composite m
GF(2m) – Normal Basis Massey Omura Multiplier
This list is not exhaustive by any means ...
![Page 7: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/7.jpg)
7A New Multiplication Technique for GF(2m) with Cryptographic Significance
Classical Multiplication Techniques
Schoolbook – if nothing else makes sense ... Karatsuba – recursive binary subdivision technique Toom-Cook – recursive three-way subdivision technique FFT – asymptotically fastest technique, not used for sizes
typical in PKC Comba – something similar to what we have proposed, little
known in cryptographic circles, we do not have access to the source, never has been proposed for use in GF(2m)
There are typical cutoff values where one technique starts to be more efficient than others due to inherent overheads of each technique
![Page 8: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/8.jpg)
8A New Multiplication Technique for GF(2m) with Cryptographic Significance
Classical Shift and Add
![Page 9: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/9.jpg)
9A New Multiplication Technique for GF(2m) with Cryptographic Significance
Shift and Add with Precomputation
![Page 10: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/10.jpg)
10A New Multiplication Technique for GF(2m) with Cryptographic Significance
Other LUT Techniques
Composite mGenerally use composite extension fields m = ab in GF(2m)Perform arithmetic using LUT in the subfield where LUT is
small enough to fit in memoryUse log and antilogs to convert from multiplication to
addition (which are just XORs) resulting processing a bits at a time instead of one bit for Shift and Add
Not applicable to standardized fields for ECC Any m
One general LUT technique creates LUT on fly for each different multiplier, it is more of a windowing technique
Our LUT is calculated once and for all for all m and for all multipliers
![Page 11: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/11.jpg)
11A New Multiplication Technique for GF(2m) with Cryptographic Significance
Our LUT Technique
Uses mullut a 128 kbyte LookUp Table Calculates output one byte/one word at a time instead
of first calculating partial products and then adding them
Two versionsB-LUT: generates output one byte at a timeF-LUT: generates output one word (32-bits) at a time
![Page 12: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/12.jpg)
12A New Multiplication Technique for GF(2m) with Cryptographic Significance
The LookUp Table (LUT)The algorithm precomputes the product of all polynomials up to degree 7 with coefficients in GF(2).
![Page 13: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/13.jpg)
13A New Multiplication Technique for GF(2m) with Cryptographic Significance
Multiplication using mullut[256][256]
A0
B0
A0
B0
A1
B1
A0B
0A
0B
0
A0B
1
A1B
0
A1B
1
C0
C1
C2
C3
Ai and B
i are 8-bit values
8 8 multiplication 16 16 multiplication
C0
C1
C0 = A
0B
0 & 0xFF
C1 = (A
0B
0 ≫ 8) & 0xFF
C0 = A
0B
0 & 0xFF
C1 = ((A
0B
0≫8) &0xFF)(A
0B
1& 0xFF)(A
1B
0 & 0xFF)
C2 = ((A
0B
1≫8) &0xFF)((A
1B
0≫8) & 0xFF)(A
1B
1& 0xFF)
C3 = (A
1B
1≫8) & 0xFF
![Page 14: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/14.jpg)
14A New Multiplication Technique for GF(2m) with Cryptographic Significance
32 × 32 multiplication using mullut[256][256]
A0
B0
A1
B1
A0B
0
A0B
1
A1B
0
A0B
2
C0
C1
C2
C3
A2
B2
A3
B3
C4
C5
C6
C7
A1B
1
A2B
0
A0B
3
A1B
2
A2B
1
A3B
0
A1B
3
A2B
2
A3B
1
A2B
3
A3B
2
A3B
3
Ai and B
i are 8-bit values
Shaded portions indicate something that effects neighbours
Each Ci depends on
A
i and B
i whose
indices add up to i
Effects of processing in word-size is that bytes of the boundaries of words have to result in some sort of “carry”
![Page 15: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/15.jpg)
15A New Multiplication Technique for GF(2m) with Cryptographic Significance
The Pattern Emerges
C0 = A
0B
0 & 0xFF
C1 = ((A
0B
0≫8) &0xFF) (A
0B
1& 0xFF) (A
1B
0 & 0xFF)
C2 = ((A
0B
1≫8) &0xFF) ((A
1B
0≫8) & 0xFF) (A
0B
2& 0xFF) (A
1B
1& 0xFF) (A
2B
0& 0xFF)
C3 = ((A
0B
2& 0xFF)≫8) ((A
1B
1& 0xFF)≫8) ((A
2B
0& 0xFF))≫8) (A
0B
3& 0xFF)
(A1B
2& 0xFF) (A
2B
1& 0xFF) (A
3B
0& 0xFF)
C4 = ((A
0B
3 ≫8) & 0xFF) ((A
1B
2≫8) & 0xFF) ((A
2B
1≫8) & 0xFF) ((A
3B
0≫8) & 0xFF)
(A1B
3& 0xFF) (A
2B
2& 0xFF) (A
3B
1& 0xFF)
C5 = ((A
1B
3≫8) & 0xFF) ((A
2B
2 ≫8) & 0xFF) ((A
3B
1≫8) & 0xFF)
(A2B
3& 0xFF) (A
3B
2& 0xFF)
C6 = ((A
2B
3≫8) & 0xFF) (A
3B
2≫8)& 0xFF) (A
3B
3& 0xFF)
C7 = (A
3B
3≫8) & 0xFF
![Page 16: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/16.jpg)
16A New Multiplication Technique for GF(2m) with Cryptographic Significance
B-LUT
We process 8 bits of the inputs at a time.The number of 8-bit units present in the inputs a and b is given as d.Output c before reduction would consist of 2·d bytes. Each byte of the output is calculated by performing lookups into the table mullut and adding (XOR) looked up values after they have been shifted by necessary amounts. The symbol & represents the bit-wise AND operation.
![Page 17: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/17.jpg)
17A New Multiplication Technique for GF(2m) with Cryptographic Significance
GF(216) Multiply Using mullut
![Page 18: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/18.jpg)
18A New Multiplication Technique for GF(2m) with Cryptographic Significance
F-LUT
![Page 19: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/19.jpg)
19A New Multiplication Technique for GF(2m) with Cryptographic Significance
Comparison with Other Techniques
![Page 20: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/20.jpg)
20A New Multiplication Technique for GF(2m) with Cryptographic Significance
Multiplier Performance Data
![Page 21: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/21.jpg)
21A New Multiplication Technique for GF(2m) with Cryptographic Significance
Impact on ECC Performance
![Page 22: 1 A New Multiplication Technique for GF(2 m ) with Cryptographic Significance Athar Mahboob and Nassar Ikram National University of Sciences & Technology,](https://reader033.vdocuments.us/reader033/viewer/2022051515/5517cc2b550346892b8b4d44/html5/thumbnails/22.jpg)
22A New Multiplication Technique for GF(2m) with Cryptographic Significance
Conclusions and Future Work
We presented:Two new algorithms for GF(2m) multiplication using Lookup
Table and results of an implementation of the new LUT based finite field multiplication techniques.
We provided the results of our ECC implementation showing performance impact of our new GF(2m) multiplication technique.
Future ideas:Combine Karatsuba’s algorithm with our LUT based
technique to cut down the base number of XORs, Shifts and Table Lookups.
We also intend to explore more efficient EC scalar multiplication techniques and use of our multiplication technique for HECC.