Abstract
We describe an algorithm which can efficiently evaluate Bernstein–Rabin–Winograd (BRW) polynomials. The presently best known complexity of evaluating a BRW polynomial on \(m\ge 3\) field elements is \(\lfloor m/2\rfloor \) field multiplications. Typically, a field multiplication consists of a basic multiplication followed by a reduction. The new algorithm requires \(\lfloor m/2\rfloor \) basic multiplications and \(1+\lfloor m/4\rfloor \) reductions. Based on the new algorithm for evaluating BRW polynomials, we propose two new hash functions \({\textsf {BRW}}128\) and \({\textsf {BRW}}256\) with digest sizes 128 bits and 256 bits respectively. The practicability of these hash functions is demonstrated by implementing them using instructions available on modern Intel processors. Timing results obtained from the implementations suggest that \({\textsf {BRW}}\) based hashing compares favourably to the highly optimised implementation by Gueron of Horner’s rule based hash function.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
One of the reviewers has observed that this forms a fractal.
References
Bernstein D.J.: The Poly1305-AES message-authentication code. In: Gilbert H., Handschuh H. (eds.) FSE, Lecture Notes in Computer Science, vol. 3557, pp. 32–49. Springer, Berlin (2005).
Bernstein D.J.: Polynomial evaluation and message authentication (2007). http://cr.yp.to/papers.html#pema.
Carter L., Wegman M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979).
Chakraborty D., Ghosh S., Sarkar P.: A fast single-key two-level universal hash function. IACR Trans. Symmetric Cryptol. 2017(1), 106–128 (2017).
Chakraborty D., Mancillas-López C., Rodríguez-Henríquez F., Sarkar P.: Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes. IEEE Trans. Comput. 62(2), 279–294 (2013).
Gueron S., Kounavis M.E.: Efficient implementation of the Galois Counter Mode using a carry-less multiplier and a fast reduction algorithm. Inf. Process. Lett. 110(14–15), 549–553 (2010).
Gueron S., Langley A., Lindell Y.: AES-GCM-SIV: specification and analysis. IACR Cryptol. 2017, 168 (2017).
Krovetz T., Rogaway P.: The software performance of authenticated-encryption modes. In: Joux A. (ed.) Fast Software Encryption—18th International Workshop, FSE 2011, Lyngby, Denmark, 13–16 February, 2011, Revised Selected Papers, vol. 6733 of Lecture Notes in Computer Science, pp. 306–327. Springer, Berlin (2011).
Rabin M.O., Winograd S.: Fast evaluation of polynomials by rational preparation. Commun. Pure Appl. Math. 25, 433–458 (1972).
Sarkar P.: Efficient tweakable enciphering schemes from (block-wise) universal hash functions. IEEE Trans. Inf. Theory 55(10), 4749–4760 (2009).
Sarkar P.: A new multi-linear universal hash family. Des. Codes Cryptogr. 69(3), 351–367 (2013).
Wegman M.N., Carter L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981).
Acknowledgements
We acknowledge with thanks several helpful discussions with Debrup Chakraborty. We are indebted to the reviewers for their careful reading of the paper and providing helpful comments.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.
Rights and permissions
About this article
Cite this article
Ghosh, S., Sarkar, P. Evaluating Bernstein–Rabin–Winograd polynomials. Des. Codes Cryptogr. 87, 527–546 (2019). https://doi.org/10.1007/s10623-018-0561-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-018-0561-7
Keywords
- Almost universal hash function
- BRW polynomials
- Field multiplication
- Reduction
- Message authentication code