Elliptic curves are the basis for a relative new class of public-key schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into low-level algorithms, which deal with arithmetic in the underlying finite field and high-level algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the Karatsuba-Ofman Algorithm to multiplication in composite fields GF ((2 n ) m ). The second algorithm deals with efficient inversion in composite Galois fields of the form GF ((2 n ) m ). The third algorithm is an entirely new approach which accelerates the multiplication of points which i...

An efficient algorithm for the multiplication in GF(2 m) was introduced by Mastrovito. The space complexity of the Mastrovito multiplier for the irreducible trinomial x m +x+1 was given as m 2 − 1 XOR and m 2 AND gates. In this paper, we describe an architecture based on a new formulation of the multiplication matrix, and show that the Mastrovito multiplier for the generating trinomial x m + x n +1, where m � = 2n, also requires m 2 − 1 XOR and m 2 AND gates. However, m 2 − m/2 XOR gates are sufficient when the generating trinomial is of the form x m + x m/2 +1 for an even m. We also calculate the time complexity of the proposed Mastrovito multiplier, and give design examples for the irreducible trinomials x 7 + x 4 +1 and x 6 + x 3 +1.

We present a new low-complexity bitparallel canonical basis multiplier for the #eld GF#2 m # generated by an all-one-polynomial. The proposed canonical basis multiplier requires m 2 , 1 XOR gates and m 2 AND gates. We also extend this canonical basis multiplier to obtain a new bit-parallel normal basis multiplier. Keywords--- Finite #elds, multiplication, normal basis, canonical basis, all-one-polynomial. I. Introduction The arithmetic operations in the Galois #eld GF#2 m # have several applications in coding theory, computer algebra, and cryptography #6#, #4#. In these applications, time and area e#cient algorithms and hardware structures are desired for addition, multiplication, squaring, and exponentiation operations. The performance of these operations is closely related to the representation of the #eld elements. An important advance in this area has been the introduction of the Massey-Omura algorithm #7#, which is based on the normal basis representation of the #eld el...

This paper introduces a mechanism for creating a family of stream ciphers based on Linear Feedback Shift Registers over the Galois Finite Field of order 2

Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other public-key schemes based on the discrete logarithm in finite fields and the integer factorization problem and are thus attractive for many applications. This thesis describes an implementation of a crypto engine based on elliptic curves. The underlying algebraic structures are composite Galois fields GF((2 n) m) in a standard base representation. As a major new feature, the system is developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients, field order, or field representation. The thesis deals with the design and implementation of elliptic curve point multiplicationarchitectures. The architectures are described in VHDL and mapped to Xilinx FPGA devices. Architectures over Galois fields of different order and representation were implemented and compared. Area and timing measurements are provided for all architectures. It is shown that a full point multiplication on elliptic curves of real-world size can be implemented on commercially available FPGAs.

We present a new formulation of the Mastrovito multiplication matrix for the field GF(2 m) generated by an arbitrary irreducible polynomial. We study in detail several specific types of irreducible polynomials, e.g., trinomials, all-one-polynomials, and equally-spaced-polynomials, and obtain the time and space complexity of these designs. Particular examples, illustrating the properties of the proposed architecture, are also given. The complexity results established in this paper match the best complexity results known to date. The most important new result is the space complexity of the Mastrovito multiplier for an equally-spaced-polynomial, which is found as (m 2 − ∆) XOR gates and m 2 AND gates, where ∆ is the spacing factor.

The state-of-the-art Galois field GF(2m)multipliers offer advantageous space and time complexities when the field is generated by some special irreducible polynomial. To date, the best complexity results have been obtained when the irreducible polynomial is either a trinomial or an equally-space polynomial (ESP). Unfortunately, there exist only a few irreducible ESPs in the range of interest for most of the applications, e.g., error-correcting codes, computer algebra, and elliptic curve cryptography. Furthermore, it is not always possible to find an irreducible trinomial of degree m in this range. For those cases, where neither an irreducible trinomial or an irreducible ESP exists, the use of irreducible pentanomials has been suggested. Irreducible pentanomials are abundant, 2and there are several eligible candidates for a given m. Inthis paper, we promote the use of two special types of irreducible pentanomials. We propose new Mastrovito and dual basis multiplier architectures based on these special irreducible pentanomials, and give rigorous analyses of their space and time complexity. Index Terms: Finite fields arithmetic, parallel multipliers, pentanomials, multipliers for GF(2m). 1

We introduce a generalized method for constructing sub-quadratic complexity multipliers for even characteristic field extensions. The construction is obtained by recursively extending short convolution algorithms and nesting them. To obtain the short convolution algorithms the Winograd short convolution algorithm is reintroduced and analyzed in the context of polynomial multiplication. We present a recursive construction technique that extends any d point multiplier into an n = d k point multiplier with area that is sub-quadratic and delay that is logarithmic in the bit-length n. We present a thorough analysis that establishes the exact space and time complexities of these multipliers. Using the recursive construction method we obtain six new constructions, among which one turns out to be identical to the Karatsuba multiplier. All six algorithms have sub-quadratic space complexities and two of the algorithms have significantly better time complexities than the Karatsuba algorithm. Keywords: Bit-parallel multipliers, finite fields, Winograd convolution 1

This paper proposes the Turing stream cipher. Turing offers up to 256-bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael[20], Twofish[21], tc24[23] and SAFER[22].

This paper proposes the t-class of SOBER stream ciphers: t8, t16 and t32. t8, t16 and t32 offer 64-, 128- and 256-bit key strength respectively. The t-class ciphers are based on the same principles as the original SOBER family: SOBER [17], SOBER-II [18], S16 and S32 [19], utilising the structure SOBER-II and S16 are based. The t-class ciphers are software stream ciphers designed for software implementation. Changes between the t-class and the original SOBER family are centred around constructing a stronger non-linear filter and more secure key loading. Also, t32 is now based on the same structure as t8 and t16 (S32 had a different structure). Much of the analysis of SOBER-II and S16 applies to the t-class; this paper discusses the applications of such analyses to the t-class and introduces further analyses. The output streams from these ciphers have proven to perform well in all statistical tests.