An efficient algorithm for the multiplication in GF(2 m) was introduced by Mastrovito. The space complexity of the Mastrovito multiplier for the irreducible trinomial x m +x+1 was given as m 2 − 1 XOR and m 2 AND gates. In this paper, we describe an architecture based on a new formulation of the multiplication matrix, and show that the Mastrovito multiplier for the generating trinomial x m + x n +1, where m � = 2n, also requires m 2 − 1 XOR and m 2 AND gates. However, m 2 − m/2 XOR gates are sufficient when the generating trinomial is of the form x m + x m/2 +1 for an even m. We also calculate the time complexity of the proposed Mastrovito multiplier, and give design examples for the irreducible trinomials x 7 + x 4 +1 and x 6 + x 3 +1.

We present a new formulation of the Mastrovito multiplication matrix for the field GF(2 m) generated by an arbitrary irreducible polynomial. We study in detail several specific types of irreducible polynomials, e.g., trinomials, all-one-polynomials, and equally-spaced-polynomials, and obtain the time and space complexity of these designs. Particular examples, illustrating the properties of the proposed architecture, are also given. The complexity results established in this paper match the best complexity results known to date. The most important new result is the space complexity of the Mastrovito multiplier for an equally-spaced-polynomial, which is found as (m 2 − ∆) XOR gates and m 2 AND gates, where ∆ is the spacing factor.

The state-of-the-art Galois field GF(2m)multipliers offer advantageous space and time complexities when the field is generated by some special irreducible polynomial. To date, the best complexity results have been obtained when the irreducible polynomial is either a trinomial or an equally-space polynomial (ESP). Unfortunately, there exist only a few irreducible ESPs in the range of interest for most of the applications, e.g., error-correcting codes, computer algebra, and elliptic curve cryptography. Furthermore, it is not always possible to find an irreducible trinomial of degree m in this range. For those cases, where neither an irreducible trinomial or an irreducible ESP exists, the use of irreducible pentanomials has been suggested. Irreducible pentanomials are abundant, 2and there are several eligible candidates for a given m. Inthis paper, we promote the use of two special types of irreducible pentanomials. We propose new Mastrovito and dual basis multiplier architectures based on these special irreducible pentanomials, and give rigorous analyses of their space and time complexity. Index Terms: Finite fields arithmetic, parallel multipliers, pentanomials, multipliers for GF(2m). 1

We introduce a generalized method for constructing sub-quadratic complexity multipliers for even characteristic field extensions. The construction is obtained by recursively extending short convolution algorithms and nesting them. To obtain the short convolution algorithms the Winograd short convolution algorithm is reintroduced and analyzed in the context of polynomial multiplication. We present a recursive construction technique that extends any d point multiplier into an n = d k point multiplier with area that is sub-quadratic and delay that is logarithmic in the bit-length n. We present a thorough analysis that establishes the exact space and time complexities of these multipliers. Using the recursive construction method we obtain six new constructions, among which one turns out to be identical to the Karatsuba multiplier. All six algorithms have sub-quadratic space complexities and two of the algorithms have significantly better time complexities than the Karatsuba algorithm. Keywords: Bit-parallel multipliers, finite fields, Winograd convolution 1

Department of Computer Science,

Abstract—Elements of a finite field, GFð2 m Þ, are represented as elements in a ring in which multiplication is more time efficient. This leads to faster multipliers with a modest increase in the number of XOR and AND gates needed to construct the multiplier. Such multipliers are used in error control coding and cryptography. We consider rings modulo trinomials and 4-term polynomials. In each case, we show that our multiplier is faster than multipliers over elements in a finite field defined by irreducible pentanomials. These results are especially significant in the field of elliptic curve cryptography, where pentanomials are used to define finite fields. Finally, an efficient systolic implementation of a multiplier for elements in a ring defined by x n þ x þ 1 is presented. Index Terms—Finite field multiplication, ring representation, systolic arrays. æ 1

Based on a recently proposed Toeplitz matrix-vector product approach, a subquadratic computational complexity scheme is presented for multiplications in binary extended finite fields using Type I and II optimal normal bases. basis. Index Terms Finite field, subquadratic computational complexity multiplication, normal basis, optimal normal

This paper focuses on designing elliptic curve crypto-accelerators in GF(2 m) that are cryptographically scalable and hold some degree of reconfigurability. Previous work in elliptic curve crypto-accelerators focused on implementations using projective coordinate systems for specific field sizes. Their performance, scalar point multiplication per second (kP/s), was determined primarily by the underlying multiplier implementation. In addition, a multiplier only implementation and a multiplier plus divider implementation are compared in terms of critical path, area, and area time (AT) product. Our multiplier only design, designed for high performance, can achieve 6314 kP/s for GF(2 571) and requires 47876 LUTs. Meanwhile our multiplier and divider design, with a greater degree of reconfigurability, can achieve 44 kP/s for GF(2 571). However, this design requires 27355 LUTs, and has a significantly higher AT product. It is shown that reconfigurability with the reduction polynomial significantly benefits from the addition of a low latency divider unit and scalar point multiplication in affine coordinates. In both cases the performance is limited by a critical path in the control logic. 1

this paper, a low-complexity Programmable Cellular Automata (PCA) based versatile modular multiplier in GF(2 ) is presented. The proposed versatile multiplier increases flexibility in using the same multiplier in different security environments, and it reduces the user's cost. Moreover, the multiplier can be easily extended to high order of m for more security, and low-cost serial implementation is feasible in restricted computing environments, such as smart cards and wireless devices

University ofWaterloo