Elliptic curves are the basis for a relative new class of public-key schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into low-level algorithms, which deal with arithmetic in the underlying finite field and high-level algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the Karatsuba-Ofman Algorithm to multiplication in composite fields GF ((2 n ) m ). The second algorithm deals with efficient inversion in composite Galois fields of the form GF ((2 n ) m ). The third algorithm is an entirely new approach which accelerates the multiplication of points which i...

Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported optimizations focus on finite fields of the form GF (p) and GF (2 m), an OEF is the class of fields GF (p m), for p a prime of special form and m a positive integer. Modern RISC workstation processors are optimized to perform integer arithmetic on integers of size up to the word size of the processor. Our construction employs well-known techniques for fast finite field arithmetic which fully exploit the fast integer arithmetic found on these processors. In this paper, we describe our methods to perform the arithmetic in an OEF and the methods to construct OEFs. We provide a list of OEFs tailored for processors with 8, 16, 32, and 64 bit word sizes. We report on our application of this approach to construction of elliptic curve cryptosystems and demonstrate a substantial performance improvement over all previous reported software implementations of Galois field arithmetic for elliptic curves.

. This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (p m ) can be computed with only m- 1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudo-Mersenne primes and OEFs. We apply this new work to provide implementation results using these me...

Almost all of the most successful quantum algorithms discovered to date exploit the ability of the Fourier transform to recover subgroup structures of functions, especially periodicity. The fact that Fourier transforms can also be used to capture shift structure has received far less attention in the context of quantum computation. In this paper, we present three examples of “unknown shift” problems that can be solved efficiently on a quantum computer using the quantum Fourier transform. For one of these problems, the shifted Legendre symbol problem, we give evidence that the problem is hard to solve classically, by showing a reduction from breaking algebraically homomorphic cryptosystems. We also define the hidden coset problem, which generalizes the hidden shift problem and the hidden subgroup problem. This framework provides a unified way of viewing the ability of the Fourier transform to capture subgroup and shift structure.

Recently, there has been a lot of interest on cryptographic applications based on fields OF(p"), for p > 2. This contribution presents OF(p TM) multipliers architectures, where p is odd. We present designs which trade area for performance based on the number of coefficients that the multiplier processes at one time. Families of irreducible polynomials are introduced to reduce the complexity of the modulo reduction operation and, thus, improved the efficiency of the multiplier. We, then, specialize to fields OF(3 TM) and provide the first cubing architecture pre- sented in the literature. We synthesize our architectures for the special case of OF(397) on the XCV1000-8-FG1156 and XC2VP20-7-FF1156 FPGAs and provide area/performance numbers and comparisons to previous OF(3 TM) and OF(2 TM) implementations. Finally, we provide tables of irreducible polynomials over OF(3) of degree m with 2 _< m _< 255.

This contribution introduces a new class of multipliers for finite fields GF ((2 n ) 4 ). The architecture is based on a modified version of the Karatsuba-Ofman algorithm (KOA). By determining optimized field polynomials of degree four, the last stage of the KOA and the modulo reduction can be combined. This saves computation and area in VLSI implementations. The new algorithm leads to architectures which show a considerably improved gate complexity compared to traditional approaches and reduced delay if compared with KOA-based architectures with separate modulo reduction. The new multipliers lead to highly modular architectures an are thus well suited for VLSI implementations. Three types of field polynomials are introduced and conditions for their existence are established. For the small fields where n = 2; 3; : : : ; 8, which are of primary technical interest, optimized field polynomials were determined by an exhaustive search. For each field order, exact space and ti...

Partition functions, also known as homomorphism functions, form a rich family of graph invariants that contain combinatorial invariants such as the number of k-colourings or the number of independent sets of a graph and also the partition functions of certain “spin glass” models of statistical physics such as the Ising model. Building on earlier work by Dyer and Greenhill [7] and Bulatov and Grohe [6], we completely classify the computational complexity of partition functions. Our main result is a dichotomy theorem stating that every partition function is either computable in polynomial time or #P-complete. Partition functions are described by symmetric matrices with real entries, and we prove that it is decidable in polynomial time in terms of the matrix whether a given partition function is in polynomial time or #P-complete. While in general it is very complicated to give an explicit algebraic or combinatorial description of the tractable cases, for partition functions described by a Hadamard matrices — these turn out to be central in our proofs — we obtain a simple algebraic tractability criterion, which says that the tractable cases are those “representable” by a quadratic polynomial over the field F2.

. The problem of finite field basis conversion is to convert from the representation of a field element in one basis to the representation of the element in another basis. This paper presents new algorithms for the problem that require much less storage than previous solutions. For the finite field GF (2 m ), for example, the storage requirement of the new algorithms is only O(m) bits, compared to O(m 2 ) for previous solutions. With the new algorithms, it is possible to extend an implementation in one basis to support other bases with little additional cost, thereby providing the desired interoperability in many cryptographic applications. 1 Introduction Finite field arithmetic is becoming increasingly important in today's computer systems, particularly for cryptographic operations. Among the more common finite fields in cryptography are odd-characteristic finite fields of degree 1, conventionally known as GF (p) arithmetic or arithmetic modulo a prime, and evencharacteristic fin...

Reed-Solomon (RS) error correction codes are being widely used in modern communication systems such as compact disk players or satellite communication links. RS codes rely on arithmetic in finite, or Galois fields. The specific field GF (2 8 ) is of central importance for many practical systems. The most costly, and thus most critical, elementary operations in RS decoders are multiplication and inversion in Galois fields. Although there have been considerable efforts in the area of Galois field arithmetic architectures, there appears to be very little reported work for Galois field arithmetic for reconfigurable hardware. This contribution provides a systematic comparison of two promising arithmetic architecture classes. The first one is based on a standard base representation, and the second one is based on composite fields. For both classes a multiplier and an inverter for GF (2 8 ) are described and theoretical gate counts are provided. Using a design entry based on a VHDL descr...

Graph homomorphism problem has been studied intensively. Given an m × m symmetric matrix A, the graph homomorphism function is defined as ZA(G) = Aξ(u),ξ(v), ξ:V →[m] (u,v)∈E where G = (V, E) is any undirected graph. The function ZA(G) can encode many interesting graph properties, including counting vertex covers and k-colorings. We study the computational complexity of ZA(G) for arbitrary complex valued symmetric matrices A. Building on work by Dyer and Greenhill [6], Bulatov and Grohe [2], and especially the recent beautiful work by Goldberg,