Results 11  20
of
74
A generalized method for constructing subquadratic complexity GF(2 k ) multipliers
 IEEE Transactions on Computers
, 2004
"... We introduce a generalized method for constructing subquadratic complexity multipliers for even characteristic field extensions. The construction is obtained by recursively extending short convolution algorithms and nesting them. To obtain the short convolution algorithms the Winograd short convolu ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
(Show Context)
We introduce a generalized method for constructing subquadratic complexity multipliers for even characteristic field extensions. The construction is obtained by recursively extending short convolution algorithms and nesting them. To obtain the short convolution algorithms the Winograd short convolution algorithm is reintroduced and analyzed in the context of polynomial multiplication. We present a recursive construction technique that extends any d point multiplier into an n = d k point multiplier with area that is subquadratic and delay that is logarithmic in the bitlength n. We present a thorough analysis that establishes the exact space and time complexities of these multipliers. Using the recursive construction method we obtain six new constructions, among which one turns out to be identical to the Karatsuba multiplier. All six algorithms have subquadratic space complexities and two of the algorithms have significantly better time complexities than the Karatsuba algorithm. Keywords: Bitparallel multipliers, finite fields, Winograd convolution 1
A Very Compact "Perfectly Masked" SBox for AES
 In Applied Cryptography and Network Security  ACNS 2008, volume 5037 of LNCS
, 2008
"... Abstract. Implementations of the Advanced Encryption Standard (AES), including hardware applications with limited resources (e.g., smart cards), may be vulnerable to “sidechannel attacks ” such as differential power analysis. One countermeasure against such attacks is adding a random mask to the da ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Implementations of the Advanced Encryption Standard (AES), including hardware applications with limited resources (e.g., smart cards), may be vulnerable to “sidechannel attacks ” such as differential power analysis. One countermeasure against such attacks is adding a random mask to the data; this randomizes the statistics of the calculation at the cost of computing “mask corrections. ” The single nonlinear step in each AES round is the “Sbox ” (involving a Galois inversion), which incurs the majority of the cost for mask corrections. Oswald et al.[1] showed how the “tower field ” representation allows maintaining an additive mask throughout the Galois inverse calculation. This work applies a similar masking strategy to the most compact (unmasked) Sbox to date[2]. The result is the most compact masked Sbox so far, with “perfect masking” (by the definition of Blömer[3]) giving suitable implementations immunity to firstorder differential sidechannel attacks. keywords: AES, Sbox, masking, DPA, composite Galois field
Systematic evaluation of compact hardware implementations for the Rijndael Sbox
 In Topics in Cryptology — CTRSA 2005
, 2005
"... Abstract. This work proposes a compact implementation of the AES Sbox using composite field arithmetic in GF(((2 2) 2) 2). It describes a systematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transformation matr ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This work proposes a compact implementation of the AES Sbox using composite field arithmetic in GF(((2 2) 2) 2). It describes a systematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transformation matrices that map one field representation to another. We show that the area of Satoh’s Sbox, which is the most compact to our knowledge, is at least 5 % away from an optimal solution. We implemented this optimal solution and Satoh’s design using a 0.18 µm standard cell library. Keywords: AES, Sbox, inversion in GF (2 n), composite fields, smart card implementation
Elliptic curve cryptosystems on reconfigurable hardware
 MASTER’S THESIS, WORCESTER POLYTECHNIC INST
, 1998
"... Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other publickey schemes based on the discrete logarithm in finite fields and the integer factorization problem and are thus attractive for many applications. This thesis describes an implementation of a crypto engine based on elliptic curves. The underlying algebraic structures are composite Galois fields GF((2 n) m) in a standard base representation. As a major new feature, the system is developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients, field order, or field representation. The thesis deals with the design and implementation of elliptic curve point multiplicationarchitectures. The architectures are described in VHDL and mapped to Xilinx FPGA devices. Architectures over Galois fields of different order and representation were implemented and compared. Area and timing measurements are provided for all architectures. It is shown that a full point multiplication on elliptic curves of realworld size can be implemented on commercially available FPGAs.
Parallel Multipliers Based on Special Irreducible Pentanomials
 IEEE Trans on Computers
, 2003
"... Abstract—The stateoftheart Galois field GFð2 m Þ multipliers offer advantageous space and time complexities when the field is generated by some special irreducible polynomial. To date, the best complexity results have been obtained when the irreducible polynomial is either a trinomial or an equal ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
(Show Context)
Abstract—The stateoftheart Galois field GFð2 m Þ multipliers offer advantageous space and time complexities when the field is generated by some special irreducible polynomial. To date, the best complexity results have been obtained when the irreducible polynomial is either a trinomial or an equally spaced polynomial (ESP). Unfortunately, there exist only a few irreducible ESPs in the range of interest for most of the applications, e.g., errorcorrecting codes, computer algebra, and elliptic curve cryptography. Furthermore, it is not always possible to find an irreducible trinomial of degree m in this range. For those cases where neither an irreducible trinomial nor an irreducible ESP exists, the use of irreducible pentanomials has been suggested. Irreducible pentanomials are abundant, and there are several eligible candidates for a given m. In this paper, we promote the use of two special types of irreducible pentanomials. We propose new Mastrovito and dual basis multiplier architectures based on these special irreducible pentanomials and give rigorous analyses of their space and time complexity. Index Terms—Finite fields arithmetic, parallel multipliers, pentanomials, multipliers for GFð2 m Þ. æ
Turing: A Fast Stream Cipher
, 2002
"... This paper proposes the Turing stream cipher. Turing offers up to 256bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mix ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
This paper proposes the Turing stream cipher. Turing offers up to 256bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael[20], Twofish[21], tc24[23] and SAFER[22].
Some Remarks on Efficient Inversion in Finite Fields
 IEEE International Symposium on Information Theory
, 1995
"... ..."
Efficient Implementation of Rijndael Encryption With Composite Field Arithmetic
"... We explore the use of subfield arithmetic for efficient implementations Galois Field arithmetic in the context of Rijndael cipher. ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
We explore the use of subfield arithmetic for efficient implementations Galois Field arithmetic in the context of Rijndael cipher.
Overlapfree KaratsubaOfman Polynomial Multiplication Algorithms for Hardware Implementations
"... We describe how a simple way to split input operands allows for fast VLSI implementations of subquadratic GF(2)[x] KaratsubaOfman multipliers. The theoretical XOR gate delay of the resulting multipliers is reduced significantly. For example, it is reduced by about 33 % and 25 % for n = 2t and n = 3 ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We describe how a simple way to split input operands allows for fast VLSI implementations of subquadratic GF(2)[x] KaratsubaOfman multipliers. The theoretical XOR gate delay of the resulting multipliers is reduced significantly. For example, it is reduced by about 33 % and 25 % for n = 2t and n = 3t (t> 1), respectively. To the best of our knowledge, this parameter has never been improved since the original KaratsubaOfman algorithm was first used to design GF(2n) multipliers in 1990.
High Speed Architecture for Galois/Counter Mode of Operation (GCM)
 IACR PREPRINT ARCHIVE
, 2005
"... In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path dela ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path delays resulting in an efficient pipeline structure. The proposed GCM architecture yields a throughput of 34 Gbps running at 271 MHz using a 0.18 µm CMOS standard cell library.