Fast algorithms for multiplication in finite fields are required for several cryptographic applications, in particular for implementing elliptic curve operations over binary fields F2m. In this paper we present new software algorithms for efficient multiplication over F2m that use a Gaussian normal basis representation. Two approaches are presented, direct normal basis multiplication, and a method that exploits a mapping to a ring where fast polynomial-based techniques can be employed. Our analysis including experimental results on an Intel Pentium family processor shows that the new algorithms are faster and can use memory more efficiently than previous methods. Despite significant improvements, we conclude that the penalty in multiplication is still sufficiently large to discourage the use of normal bases in software implementations of elliptic curve systems. Key words Multiplication in F2 m, Gaussian normal basis, elliptic curve cryptography. 1

Abstract. We establish some necessary conditions for the existence of irreducible polynomials of degree n and weight n over F2. Such polynomials can be used to efficiently implement multiplication in F2n. We also provide a simple proof of a result of Bluher concerning the reducibility of a certain family of polynomials. 1.

Abstract. Fast arithmetic for characteristic three finite fields F3 m is desirable in pairing-based cryptography because there is a suitable family of elliptic curves over F3 m having embedding degree 6. In this paper we present some structure results for Gaussian normal bases of F3 m, and use the results to devise faster multiplication algorithms. We carefully compare multiplication in F3 m using polynomial bases and Gaussian normal bases. Finally, we compare the speed of encryption and decryption for the Boneh-Franklin and Sakai-Kasahara identity-based encryption schemes at the 128-bit security level, in the case where supersingular elliptic curves with embedding degrees 2, 4 and 6 are employed. 1.

Abstract. We extend low-weight polynomial form integers (LWPFIs) presented in [5]. An LWPFI p is an integer expressed as a degree-l, monic polynomial such that p = t l + fl−1t l + · · · + f1t + f0, where t can be any positive integer. In [5], fi’s are limited to 0 and ±1, but here we let |fi | ≤ ξ for some small positive integer ξ. In modular multiplication based on LWPFI, elements in Zp are expressed in polynomial in t and multiplication is performed in Z[t]/f(t). The coefficients must be reduced for subsequent modular multiplications. In [5], a coefficient reduction algorithm based on a division algorithm derived from the Barrett reduction algorithm is presented. In this report, we present a coefficient reduction algorithm based on the Montgomery reduction algorithm and its detailed analysis results. Bounds on the input and output of our coefficient reduction algorithm is carefully analyzed. We give conditions for eliminating the final subtractions at the end of the Montgomery reduction algorithm. In addition, we present efficient modular addition and subtraction methods using LWPFI moduli. 1

Abstract — Polynomial bases and normal bases are both used for elliptic curve cryptosystems, but field arithmetic operations such as multiplication, inversion and doubling for each basis are implemented by different methods. In general, it is said that normal bases, especially optimal normal bases (ONB) which are special cases on normal bases, are efficient for the implementation in hardware in comparison with polynomial bases. However there seems to be more examined by implementing and analyzing these systems under similar condition. In this paper, we designed field arithmetic operators for each basis over GF(2 233), which field has a polynomial basis recommended by SEC2 and a type-II ONB both, and analyzed these implementation results. And, in addition, we predicted the efficiency of two elliptic curve cryptosystems using these field arithmetic operators.

Encoder and decoder algorithm of the matroid burst errors correcting code is defined. Constant multiplications is considered, and are shown the circuits implemented in the XOR-basis that drastically reduces the encoder/decoder complexity. The features of the matroid code encoding/decoding are analysed. I.

A new GF(2 ) redundant representation is presented. Squaring in the representation is almost cost-free. Based on the representation, two multipliers are proposed. The XOR gate complexity of the first multiplier is lower than a recently proposed normal basis multiplier when C N (the complexity of the basis) is larger than 3n-1.

Abstract. Some algorithms are more efficient than others. The complexity of an algorithm is a function describing the efficiency of the algorithm which has two measures: Space Complexity and Time Complexity. In this paper, we present complexity analysis for FPGA based designs which is based on 4-input and 1-output LUT structure followed by the majority of FPGA manufacturers. The same procedure is then applied to Karatsuba-Offman Multiplier (KOM) because of two reasons. Firstly, due to the increased use of FPGAs especially for security applications, it seems logical to compare various architectures for their efficiencies in FPGAs. Secondly, for diverse security applications, it provides a prior estimation to hardware resources and achievable timing. We consider a 4-input and 1-output structure as a basic building block available in majority of FPGAs by different FPGA manufacturers. We then compare our theoretical and experimental results for KOM in FPGAs which are fairly convincible. Key words. complexity analysis, field programmable gate arrays (FPGAs), Karatsuba-Ofman multiplier, cryptography, hardware implementations

Abstract. A series of experiments has been conducted to show that FPGA synthesis of Galois-Field (GF) based arithmetic operators can be optimized automatically to improve Rijndael Cipher throughput. Moreover, it has been demonstrated that efficiency improvement in GF operators does not directly correspond to the system performance at application level. The experiments were motivated by so many research works that focused on improving performance of GF operators. Each of the variants has the most efficient form in either time (fastest) or space (smallest occupied area) when implemented in FPGA chips. In fact, GF operators are not utilized individually, but rather integrated one to the others to implement algorithms. Contribution of this paper is to raise issue on GF-based application performance and suggest alternative aspects that potentially affect it. Instead of focusing on GF operator efficiency, system characteristics are worth considered in optimizing application performance. Keywords: FPGA; Galois Field; Rijndael Cipher; VHDL. 1

Abstract. This paper presents a new bit-parallel multiplier for the finite field GF (2 m) generated with an irreducible all-one polynomial. Redundant representation is used to reduce the time delay of the proposed multiplier, while a three-term Karatsuba-like formula is combined with this representation to decrease the space complexity. As a result, the proposed multiplier requires about 10 percent fewer AND/XOR gates than the most efficient bit-parallel multipliers using an all-one polynomial, while it has almost the same time delay as the previously proposed ones. 1