## Synthesis Optimization on Galois-Field Based Arithmetic Operators for Rijndael Cipher

### BibTeX

@MISC{Mursanto_synthesisoptimization,

author = {Petrus Mursanto},

title = {Synthesis Optimization on Galois-Field Based Arithmetic Operators for Rijndael Cipher},

year = {}

}

### OpenURL

### Abstract

Abstract. A series of experiments has been conducted to show that FPGA synthesis of Galois-Field (GF) based arithmetic operators can be optimized automatically to improve Rijndael Cipher throughput. Moreover, it has been demonstrated that efficiency improvement in GF operators does not directly correspond to the system performance at application level. The experiments were motivated by so many research works that focused on improving performance of GF operators. Each of the variants has the most efficient form in either time (fastest) or space (smallest occupied area) when implemented in FPGA chips. In fact, GF operators are not utilized individually, but rather integrated one to the others to implement algorithms. Contribution of this paper is to raise issue on GF-based application performance and suggest alternative aspects that potentially affect it. Instead of focusing on GF operator efficiency, system characteristics are worth considered in optimizing application performance. Keywords: FPGA; Galois Field; Rijndael Cipher; VHDL. 1

### Citations

369 |
Error Control Systems for Digital Communications and Storage
- Wicker
- 1995
(Show Context)
Citation Context ...ommunication system, particularly in two important aspects of information exchange, i.e. security and data correctness. GF is utilized in cryptography algorithm [1,2] and error correction codes (ECC) =-=[3,4]-=-. Performance of applications in these two fields is determined by the efficiency of GF arithmetic operators involved in the system [5]. There has been found in the literatures research efforts in imp... |

184 | Applications of error-control coding
- Costello, Hagenauer, et al.
- 1998
(Show Context)
Citation Context ... cryptography algorithm [1,2] and error correction codes (ECC) [3,4]. Performance of applications in these two fields is determined by the efficiency of GF arithmetic operators involved in the system =-=[5]-=-. There has been found in the literatures research efforts in improving GF operators’ efficiency, e.g. multiplication [6], division [7] and inversion [8]. In fact, GF operators are not performing thei... |

169 |
Digital Communications: Fundamentals and Applications
- Sklar
- 1988
(Show Context)
Citation Context ... consistency of this optimization in other GF-based applications. Explorative experiments are required for Rijndael AES with cipher-key 128-bit [35] or RS (255,223) 8-bit such as the one used by NASA =-=[36]-=-. Hypothetical prediction suggests that higher performance ratio would be obtained by serial variants over the parallel ones. It is because of additional combinational path in parallel operators that ... |

101 |
A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases
- Itoh, Tsujii
- 1988
(Show Context)
Citation Context ...d a decomposition algorithm from GF(2 k ) to GF((2 n ) m ) where k = n.m, called composite field. In addition, Paar also explored inversion after the first algorithm introduced by Itoh-Tsujii in 1988 =-=[22]-=-. Paar's further research in [23] reported composite field multiplication and inversion in GF(2 8 ). Composite field implementation in FGPA showed components saving by 25% and acceleration by 10% [24]... |

67 |
VLSI Architectures for Computation in Galois Fields
- Mastrovito
- 1991
(Show Context)
Citation Context ...ce required for implementing Bartee and Schneider's algorithm [9]. In 1991, Mastrovito's dissertation reported an experimental investigation on multiplication using more than one representation basis =-=[13]-=-. It was concluded that PB multiplier is the most versatile form for the most arithmetic computational problems of GF(2 m ) in VLSI. In addition, PB solution also possess conversion cost that can comp... |

60 |
Efficient VLSI Architectures for Bit-Parallel Computation in Galois Fields
- Paar
- 1994
(Show Context)
Citation Context .... However, defining certain form of irreducible polynomial is considered as limitation, inflexible and low reusability [20]. A comprehensive study on GF arithmetic was reported by Paar's dissertation =-=[21]-=-, in which he proposed a decomposition algorithm from GF(2 k ) to GF((2 n ) m ) where k = n.m, called composite field. In addition, Paar also explored inversion after the first algorithm introduced by... |

59 |
Computational Method and Apparatus for Finite Field Arithmetic,” U.S. Patent Number 4,587,627
- Massey, Omura
- 1986
(Show Context)
Citation Context ... first circuit structure of GF arithmetic was proposed by Berlekamp in 1982, i.e. polynomial and dual based multiplication [10]. Normal based multiplier was introduced firstly by Massey-Omura in 1986 =-=[11]-=-, which is known afterward as MO multiplier. In 1988, Mastrovito proposed a more modular multiplier with higher regularity of the structure that suits systolic cells in VLSI [12]. However, speed, size... |

33 |
A modified Massey-Omura parallel multiplier for a class of finite fields
- Hasan, Wang, et al.
- 1993
(Show Context)
Citation Context ...unar, et al. proposed conversion matrix for any form of generator polynomial [16]. Several improvements of multiplication algorithm were also reported by Afanasyev [17] and similarly by Hasan, et al. =-=[18]-=- that proposed a modification of the architecture by defining the irreducible polynomial as all-one polynomial (AOP). By applying the AOP, Hasan claimed the complexity of multiplicationSynthesis Opti... |

30 |
Bit-Serial Reed-Solomon Encoders
- Berlekamp
- 1982
(Show Context)
Citation Context ...VLSI complexity, i.e. the number of components and their total delay [6]. The first circuit structure of GF arithmetic was proposed by Berlekamp in 1982, i.e. polynomial and dual based multiplication =-=[10]-=-. Normal based multiplier was introduced firstly by Massey-Omura in 1986 [11], which is known afterward as MO multiplier. In 1988, Mastrovito proposed a more modular multiplier with higher regularity ... |

26 |
Efficient Rijndael Encryption Implementation with Composite Field Arithmetic
- Rudra, Dubey, et al.
- 2001
(Show Context)
Citation Context ...omposite field implementation in FGPA showed components saving by 25% and acceleration by 10% [24]. The composite field inversion requires 29% of AND and XOR gates compared to the standard one. Rudra =-=[25]-=- and Jutla [26] also developed a method for linear transformation of GF binary elements to composite field representation. Combination of serial and parallel processes were reported by Choi, et al. [2... |

23 | A New Finite Field Multiplier Using Redundant Representation
- Namin, Wu, et al.
- 2008
(Show Context)
Citation Context ...te the efficiency gained by the other representation basis [14] and occupies a half space of the one required by MO multiplier. Mapping problem for inter-basis conversion is the concern of Wu, et al. =-=[15]-=- which introduced an efficient conversion method from PB to NB specifically for squaring. Furthermore, Sunar, et al. proposed conversion matrix for any form of generator polynomial [16]. Several impro... |

16 |
GFð2mÞ Multiplication and Division over the Dual Basis
- Fenn, Benaissa, et al.
- 1996
(Show Context)
Citation Context ... with composite GF((2 n ) m ) where m is primary relative over n, or gcd(m,n) = 1. However, defining certain form of irreducible polynomial is considered as limitation, inflexible and low reusability =-=[20]-=-. A comprehensive study on GF arithmetic was reported by Paar's dissertation [21], in which he proposed a decomposition algorithm from GF(2 k ) to GF((2 n ) m ) where k = n.m, called composite field. ... |

15 |
Computation with Finite Fields
- Bartee, Schneider
(Show Context)
Citation Context ...ion and subtraction are simply implemented by exclusive-OR logic operation. The advance of digital technology has shifted performance measurement mechanism from the running time of software algorithm =-=[9]-=- to VLSI complexity, i.e. the number of components and their total delay [6]. The first circuit structure of GF arithmetic was proposed by Berlekamp in 1982, i.e. polynomial and dual based multiplicat... |

15 | Comparison of Arithmetic Architectures for Reed-Solomon Decoders
- Paar, Rosner
- 1997
(Show Context)
Citation Context ...GF(2 k ) to GF((2 n ) m ) where k = n.m, called composite field. In addition, Paar also explored inversion after the first algorithm introduced by Itoh-Tsujii in 1988 [22]. Paar's further research in =-=[23]-=- reported composite field multiplication and inversion in GF(2 8 ). Composite field implementation in FGPA showed components saving by 25% and acceleration by 10% [24]. The composite field inversion r... |

13 |
ERROR CONTROL CODING From Theory to Practice
- Sweeney
(Show Context)
Citation Context ...ommunication system, particularly in two important aspects of information exchange, i.e. security and data correctness. GF is utilized in cryptography algorithm [1,2] and error correction codes (ECC) =-=[3,4]-=-. Performance of applications in these two fields is determined by the efficiency of GF arithmetic operators involved in the system [5]. There has been found in the literatures research efforts in imp... |

7 |
An Introduction to Cryptology
- Tilborg
- 1988
(Show Context)
Citation Context ...tic plays an important role in modern communication system, particularly in two important aspects of information exchange, i.e. security and data correctness. GF is utilized in cryptography algorithm =-=[1,2]-=- and error correction codes (ECC) [3,4]. Performance of applications in these two fields is determined by the efficiency of GF arithmetic operators involved in the system [5]. There has been found in ... |

7 |
Complexity of VLSI Implementation of Finite Field Arithmetic
- Afanasyev
- 1990
(Show Context)
Citation Context ...fically for squaring. Furthermore, Sunar, et al. proposed conversion matrix for any form of generator polynomial [16]. Several improvements of multiplication algorithm were also reported by Afanasyev =-=[17]-=- and similarly by Hasan, et al. [18] that proposed a modification of the architecture by defining the irreducible polynomial as all-one polynomial (AOP). By applying the AOP, Hasan claimed the complex... |

6 |
Division and Bit-Serial Multiplication over GF(q m
- Hasan, Wang, et al.
- 1992
(Show Context)
Citation Context ...the efficiency of GF arithmetic operators involved in the system [5]. There has been found in the literatures research efforts in improving GF operators’ efficiency, e.g. multiplication [6], division =-=[7]-=- and inversion [8]. In fact, GF operators are not performing their functions individually and independently, rather they are parts of a functional integration at the system level. Is operator efficien... |

4 | A New Aspect of Dual Basis for Efficient Field Arithmetic, Samsung Advanced Inst of Technology
- Lee, Lim
- 1998
(Show Context)
Citation Context ... multiplicationSynthesis Optimization on Galois Field Based Arithmetic Operators 91 decreases by 50%. Meanwhile, Lee-Lim also reported a performance improvement by applying circular dual basis (CDB) =-=[19]-=-. Lee's method is very efficient for trinomial with composite GF((2 n ) m ) where m is primary relative over n, or gcd(m,n) = 1. However, defining certain form of irreducible polynomial is considered ... |

3 |
GF(p) Modular Inversion Algorithm Suitable for VLSI
- Zhou, Bai, et al.
(Show Context)
Citation Context ...GF arithmetic operators involved in the system [5]. There has been found in the literatures research efforts in improving GF operators’ efficiency, e.g. multiplication [6], division [7] and inversion =-=[8]-=-. In fact, GF operators are not performing their functions individually and independently, rather they are parts of a functional integration at the system level. Is operator efficiency beneficial to t... |

3 | Constructing Composite Field Representations for Efficient Conversion
- Sunar, Savas, et al.
- 2003
(Show Context)
Citation Context ... of Wu, et al. [15] which introduced an efficient conversion method from PB to NB specifically for squaring. Furthermore, Sunar, et al. proposed conversion matrix for any form of generator polynomial =-=[16]-=-. Several improvements of multiplication algorithm were also reported by Afanasyev [17] and similarly by Hasan, et al. [18] that proposed a modification of the architecture by defining the irreducible... |

2 |
VLSI Designs for Computations Over Finite Field GF
- Mastrovito
- 1988
(Show Context)
Citation Context ... Massey-Omura in 1986 [11], which is known afterward as MO multiplier. In 1988, Mastrovito proposed a more modular multiplier with higher regularity of the structure that suits systolic cells in VLSI =-=[12]-=-. However, speed, size and modularity of Mastrovito's multiplier depend much on the irreducible polynomial P(x) used to generate the field elements. By selecting the right P(x), parallel multiplicatio... |

2 |
A parallel S-box architecture for AES byte substitution
- Li
- 2004
(Show Context)
Citation Context ...lementation of Rijndael cipher has been reported, such as improvement of arithmetic efficiency based on composite field by Rudra et.al. [25], optimization of transformation using Look Up Table by Lee =-=[29,30]-=-, and performance improvement of SubBytes algorithm specifically on S-Box module by Rijmen [31]. 3 Motivation Previous research focused on efficiency improvement of GF operators to obtain better perfo... |

1 |
Applied Chryptography
- Schneier
- 1993
(Show Context)
Citation Context ...tic plays an important role in modern communication system, particularly in two important aspects of information exchange, i.e. security and data correctness. GF is utilized in cryptography algorithm =-=[1,2]-=- and error correction codes (ECC) [3,4]. Performance of applications in these two fields is determined by the efficiency of GF arithmetic operators involved in the system [5]. There has been found in ... |

1 |
Algorithmenentwurf in der kryptographie Habil
- Gollman
- 1990
(Show Context)
Citation Context ...m for the most arithmetic computational problems of GF(2 m ) in VLSI. In addition, PB solution also possess conversion cost that can compensate the efficiency gained by the other representation basis =-=[14]-=- and occupies a half space of the one required by MO multiplier. Mapping problem for inter-basis conversion is the concern of Wu, et al. [15] which introduced an efficient conversion method from PB to... |

1 |
Comparison of Galois Field Mutlipliers in Standard and Composite Field Architectures
- Mursanto
- 2007
(Show Context)
Citation Context ...[22]. Paar's further research in [23] reported composite field multiplication and inversion in GF(2 8 ). Composite field implementation in FGPA showed components saving by 25% and acceleration by 10% =-=[24]-=-. The composite field inversion requires 29% of AND and XOR gates compared to the standard one. Rudra [25] and Jutla [26] also developed a method for linear transformation of GF binary elements to com... |

1 | On The Circuit Complexity of Isomorphic Galois Field Transformations
- Jutla, Kumar, et al.
- 2002
(Show Context)
Citation Context ...implementation in FGPA showed components saving by 25% and acceleration by 10% [24]. The composite field inversion requires 29% of AND and XOR gates compared to the standard one. Rudra [25] and Jutla =-=[26]-=- also developed a method for linear transformation of GF binary elements to composite field representation. Combination of serial and parallel processes were reported by Choi, et al. [27] that introdu... |

1 |
Hybrid Multiplier for GF(2 m ) Defined by Some Irreducible Trinomials
- Choi, Chang, et al.
- 2004
(Show Context)
Citation Context ...5] and Jutla [26] also developed a method for linear transformation of GF binary elements to composite field representation. Combination of serial and parallel processes were reported by Choi, et al. =-=[27]-=- that introduced hybrid multiplier by forming irreducible polynomial x m + x n + 1 where n ≤ m/2. This hybrid multiplier has flexible structure to compromise space and time complexity and is proven ha... |

1 |
High-Speed Easily Testable Galois-Field Inverter
- Huang, Wu
- 2000
(Show Context)
Citation Context ...ompromise space and time complexity and is proven having less complexity than Wu and Hasan’s multipliers [15]. Several other methods were proposed to support hardware implementation, such as Huang-Wu =-=[28]-=- that has systolic array architecture approach to ease the testing process. Previous implementation of Rijndael cipher has been reported, such as improvement of arithmetic efficiency based on composit... |

1 |
A New CAM Based S-Box Look Up Table
- Li
- 2005
(Show Context)
Citation Context ...lementation of Rijndael cipher has been reported, such as improvement of arithmetic efficiency based on composite field by Rudra et.al. [25], optimization of transformation using Look Up Table by Lee =-=[29,30]-=-, and performance improvement of SubBytes algorithm specifically on S-Box module by Rijmen [31]. 3 Motivation Previous research focused on efficiency improvement of GF operators to obtain better perfo... |

1 |
Efficient Implementation of the Rijndael S-box F.W.O
- Rijmen
- 2001
(Show Context)
Citation Context ...ed on composite field by Rudra et.al. [25], optimization of transformation using Look Up Table by Lee [29,30], and performance improvement of SubBytes algorithm specifically on S-Box module by Rijmen =-=[31]-=-. 3 Motivation Previous research focused on efficiency improvement of GF operators to obtain better performance in term of speed or occupied space when implemented in digital circuits. However, litera... |

1 |
Manfaat Representasi Elemen Berbasis Normal dalam Meningkatkan Kinerja Operator Aritmetika Galois Field
- Mursanto
- 2007
(Show Context)
Citation Context ...e with SubBytes involving only inversion and XOR. Performance measurement of ARK can be seen in Table 5. It is shown that normal based inversion variant has the highest performance as demonstrated in =-=[33]-=-. Table 5 Throughput Round Key Generator in MBps. Structure Tool PB NB DB FulPar Parallel Serial Xilinx 211.12 183.96 161.84 Altium 227.16 196.8 172.72 Xilinx 117.08 186.76 n.a. Altium 128.20 203.44 n... |

1 |
Performance Evaluaton of Galois Field Arithmetic Operators for Optimizing Reed Solomon Codec
- Mursanto
(Show Context)
Citation Context ...nstant. This explains why the experimental results show the superiority of serial based system over parallel ones. This result supports previous finding with similar experiments on Reed Solomon Codec =-=[34]-=-. Obtaining synergic efficiency at system level requires careful considerations on several aspects of the system. Based on the facts obtained in this paper, it is worth to investigate system character... |

1 |
The Advanced Encription
- Daemen, Rijmen
- 2001
(Show Context)
Citation Context ...hin the system. It is interesting to examine further the consistency of this optimization in other GF-based applications. Explorative experiments are required for Rijndael AES with cipher-key 128-bit =-=[35]-=- or RS (255,223) 8-bit such as the one used by NASA [36]. Hypothetical prediction suggests that higher performance ratio would be obtained by serial variants over the parallel ones. It is because of a... |