Novel bit-parallel multiplier for $\mathit{GF}(2^m)$ defined by all-one polynomial using generalized Karatsuba algorithm

Highlights

• We construct a bit-parallel multiplier for AOP based on a generalized Karatsuba algorithm.

• We examine the influence about multiplier efficiency with respect to decomposition of polynomial degree.

• The lower bound of the space complexity is $m^2/2+O(m^{\{3/2\}})+O(m)$.

• The time complexity nearly matches the fastest multiplier for AOP.

Abstract

In this paper, a novel bit-parallel multiplier for finite field $\mathit{GF}(2^m)$ defined by irreducible all-one polynomial (AOP) is proposed. We utilize a generalized Karatsuba algorithm (KA) to reduce the number of coefficient multiplications and the redundant representation to simplify polynomial modular reduction. Explicit formulae with respect to the space and time complexity of the proposed multiplier are given. By evaluating the asymptotic lower bound of the complexity, the selection of the generalized KA and decomposition of m are investigated to obtain the optimal result. Consequently, theoretical complexity analysis proved that our architecture requires even fewer logic gates than previous proposals, while it still maintains relatively low time delay. For a special class of $\mathit{GF}(2^m)$ generated with AOPs, it even matches the best known multipliers found in the literatures.

Introduction

Efficient bit-parallel multipliers over $\mathit{GF}(2^m)$ are frequently desired by some public-key cryptosystems [1], [2]. Generally, the multiplier efficiency is evaluated by the space and time complexity, where the former is usually defined as the number of AND/XOR gates and the latter is defined as the operation time of the multiplier circuit. The irreducible polynomials used to define $\mathit{GF}(2^m)$ always have great influence on the performance of related multipliers. The irreducible polynomials such as all-one polynomial (AOP) [3], [4], trinomial [5] and pentanomial [6] are fully studied for efficient implementation.

Since AOP can obtain a trade-off between time and space complexity, a number of bit-parallel multipliers using irreducible AOPs are proposed during recent years. These proposals are based on polynomial basis (PB) [3], normal basis (NB) [4], [8], [9], weakly dual basis [10] and some other non-conventional basis. The most efficient multipliers among above proposals cost $m^2$ AND gates, $m^2-1$ XOR gates with $T_A+(1+\lceil {\log }_2(m-1)\rceil )T_X$ time delays. Some other special multipliers based on AOPs have also been proposed in [7], [12], [13], [14], [15].

In [16], a low-complexity bit-parallel multiplier for AOP was proposed by Chang et al. where redundant representation is applied instead of PB to represent finite field elements. The redundant representation [17] was derived from the minimal cyclotomic ring where $\mathit{GF}(2^m)$ is represented as a subring of a residue class ring ${\mathbb{F}}_2[x]/(x^n+1)$ with $n>m$. It provides free squaring operation and elimination of the modular reduction step with a small increase of circuit gates. If $\mathit{GF}(2^m)$ is defined by an irreducible AOP, the ring has a minimal redundant bits as $x^{m+1}=1$. Chang used this representation combined with Karatsuba algorithm (KA) to construct high efficient polynomial multiplication. As a result, their approach only requires approximately 3/4 circuit gates compared with previous ones, while the corresponding time complexity is nearly the same.

Based on a three-term KA [19], [20], we have improved the above approach and constructed a bit-parallel multiplier for AOPs with lower complexity [18]. In this contribution, we focus on the generalization of our previous scheme. By introducing a n-term KA mentioned in [19] and utilizing a decomposition of the AOP degree m, a novel bit-parallel AOP multiplier is developed. Explicit formulae and complexity analysis are given. We then show in detail how to select the most suitable KA and decomposition of m to obtain the optimal results. Consequently, it is argued that for a number of irreducible AOPs, our multipliers have almost the same time complexity, but lower space complexity compared with the best known proposals in the literatures.

The rest of the paper is organized as follows: In Section 2, we briefly review the redundant representation for $\mathit{GF}(2^m)$ generated with the AOPs and introduce the n-term KA mentioned in [19]. Then we describe a new bit-parallel multiplier architecture by combing with redundant representation and the n-term KA in Section 3. In Section 4, we further analyze its complexity and present a comparison between the proposed multiplier and some others. Finally, some conclusions are drawn.