CN108008934B - Composite finite field inversion device based on lookup table - Google Patents
Composite finite field inversion device based on lookup table Download PDFInfo
- Publication number
- CN108008934B CN108008934B CN201711259902.7A CN201711259902A CN108008934B CN 108008934 B CN108008934 B CN 108008934B CN 201711259902 A CN201711259902 A CN 201711259902A CN 108008934 B CN108008934 B CN 108008934B
- Authority
- CN
- China
- Prior art keywords
- finite field
- inversion
- module
- multiplication
- column
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/726—Inversion; Reciprocal calculation; Division of elements of a finite field
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- General Engineering & Computer Science (AREA)
- Error Detection And Correction (AREA)
Abstract
The invention discloses a lookup table-based composite finite field inversion device, which comprises a controller, an input port, an output port and an arithmetic unit, wherein the input port is connected with the output port of the controller; the input port is used for inputting a composite finite field GF ((2)n)2) The inversion operand a (x); the controller is used for calling the arithmetic unit to perform inversion operation on the inversion operand a (x) to obtain a composite finite field GF ((2)n)2) The inversion result b (x) of (a); the operator is used for running addition operation and multiplication operation, square operation and inversion operation based on a lookup table; the output port is used for outputting the inversion operation result b (x). The invention can effectively improve the operation efficiency of finite field inversion.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a composite finite field inversion device based on a lookup table.
Background
Finite field inversion belongs to finite field operation, and is widely used by cryptographic algorithms together with operations such as finite field addition, multiplication, division, squaring, and squaring. The composite finite field belongs to a finite field, and the inversion of the composite finite field is characterized in that the operation of a subdomain is required. A commonly used complex finite field is GF ((2)n)2) The size of the field is (2)n)2The subfield of which is GF (2)n)。GF((2n)2) The inversion operation of (2) generally requires the sub-field GFn) Addition, multiplication, inversion, etc. Since the complex finite field is GF ((2)n)2) Inversion containment subfield GF (2)n) Operation, therefore by optimizing GF (2)n) The operation can promote GF ((2)n)2) The inversion efficiency of (1).
The composite finite field inverter in the prior art cannot realize the arithmetic efficiency required by finite field inversion in real time and in a speed-sensitive environment.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a composite finite field inversion device based on a lookup table, which can effectively improve the operation efficiency of finite field inversion.
The technical scheme provided by the invention for the technical problem is as follows:
the invention provides a lookup table-based composite finite field inversion device, which comprises a controller, an input port, an output port and an arithmetic unit, wherein the input port is connected with the output port of the controller;
the input port is used for inputting a composite finite field GF ((2)n)2) The inversion operand a (x);
the controller is used for calling the arithmetic unit to perform inversion operation on the inversion operand a (x) to obtain a composite finite field GF ((2)n)2) The inversion result b (x) of (a);
the operator is used for running addition operation and multiplication operation, square operation and inversion operation based on a lookup table;
the output port is used for outputting the inversion operation result b (x).
Further, the polynomial expression of the inverse operand a (x) is a (x) ═ ahx+al;
The polynomial expression of the inversion result b (x) is b (x) ═ bhx+bl;b(x)=a(x)-1;
Wherein, ah,al,bh,blAre all finite fields GF (2)n) Of (2) is used.
Furthermore, the arithmetic unit comprises an addition operation module, a first multiplication operation module, a second multiplication operation module, a first square operation module, a second square operation module and an inversion operation module;
the input port is also used for inputting a clock signal;
the controller is specifically configured to invoke the first square operation module to calculate s in a first clock cycle0=ah 2Calling the second square operation module to calculate s1=al 2Calling the addition operation module to calculate s2=ah+al;
In the second clock cycle, calling the first multiplication operation module to calculate s3=al×s2Calling the second multiplication operation module to calculate s4=s0×e;
In the third clock cycle, calling the addition operation module to calculate s5=s4+s3;
In the fourth clock cycle, calling the inversion operation module to calculate s6=s5 -1;
In the fifth clock cycle, calling the first multiplication operation module to calculate bl=s2×s6Calling the second multiplication operation module to calculate bh=ah×s6Further, b (x) and b are calculatedhx+bl;
Wherein s is0,ah,s1,al,s2,s3,s4,s5,s6,bl,bhAre all finite fields GF (2)n) E is a finite field GF (2)n) Is constant.
Further, the addition module comprises n xor logic gates for the finite field GF (2)n) C (x) and d (x), calculating ei=ci+diFurther obtain the addition result
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,d(x)=dn-1xn-1+dn-2xn-2+...+d0,e(x)=en- 1xn-1+en-2xn-2+...+e0I-0, 1, n-1, n ≧ 1, + is finite field GF (2)n) Addition of cn-1,cn-2,...,c0,dn-1,dn-2,...,d0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
Further, the first squaring module and the second squaring module are respectively used for the finite field GF (2)n) From pre-established known elements c (x)Looking up c in the first column of the square lookup tableiObtaining ciElement e of the second column of the rowiFurther obtain the square operation result of c (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,e(x)=en-1xn-1+en-2xn-2+...+e0,i=0,1,...,n-1,cn-1,cn-2,...,c0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
Further, the first squaring module and the second squaring module are respectively used for aiming at a finite field GF (2)n) Is calculated as β ═ α for each element α of2modp (x) and stores α in a first column of a table and β in a second column of the table where α is located to create the square lookup table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1And beta are both finite fields GF (2)n) Of (2) is used.
Further, the first multiplication module and the second multiplication module are respectively used for the finite field GF (2)n) C (x) and d (x), all c are found from the first column of the pre-established multiplication look-up tableiFrom ciLooking up d in the second column of rowsiObtaining the found diThird column element e of the rowiFurther obtain the multiplication result of c (x) and d (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,d(x)=dn-1xn-1+dn-2xn-2+...+d0,e(x)=en- 1xn-1+en-2xn-2+...+e0,cn-1,cn-2,...,c0,dn-1,dn-2,...,d0,en-1,en-2,...,e0Are all finite fields GF (2)n) I is 0,1, n-1, n is more than or equal to 1.
Further, the first multiplication module and the second multiplication module are respectively used for the finite field GF (2)n) Calculating δ ═ α × β modp (x), and storing α in a first column of a table, β in a second column of the table where α is located, and δ in a third column of the table where β is located, to build the multiplication look-up table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1Delta is a finite field GF (2)n) Of (2) is used.
Further, the inversion operation module is configured to target the finite field GF (2)n) C (x) from the first column of the pre-established inversion look-up tableiIf c is foundiThen obtain ciElement e of the second column of the rowiFurther obtain the inversion operation result of c (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,e(x)=en-1xn-1+en-2xn-2+...+e0,i=0,1,...,n-1,cn-1,cn-2,...,c0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
Further, the inversion operation module is further configured to target the finite field GF (2)n) Is calculated as β ═ α for each element α of- 1modp (x) and stores α in a first column of a table and β in a second column of a row of the table in which α is located to construct the inversion lookup table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1Delta is a finite field GF (2)n) Of (2) is used.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the complex finite field inversion operation, multiplication operation, square operation and inversion operation are carried out based on a lookup table, compared with a finite field inverter in the prior art, the operation efficiency is effectively improved, and the method can be widely applied to the mathematical fields and the engineering fields of symmetric encryption (such as DES and AES), public key cryptography, Rainbow, TTS, UOV signature and the like.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a composite finite field inversion apparatus based on a lookup table according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Example one
The embodiment of the invention provides a lookup table-based composite finite field inversion device, which is shown in figure 1 and comprises a controller 1, an input port, an output port b and an arithmetic unit;
the input port comprises a port a for inputting a composite finite field GF ((2)n)2) The inversion operand a (x);
the controller 1 is used for calling the arithmetic unit to perform an inversion operation on the inversion operand a (x) to obtain a composite finite field GF ((2)n)2) The inversion result b (x) of (a);
the operator is used for running addition operation and multiplication operation, square operation and inversion operation based on a lookup table;
the output port b is used for outputting the inversion operation result b (x).
The controller is respectively connected with the input port, the output port and the arithmetic unit and used for scheduling connected components. The input port comprises a port a for inputting the composite finite field GF ((2)n)2) The output port comprises a port b for outputting the composite finite field GF ((2)n)2) The result b (x) of the inversion operation of (a).
Further, the polynomial expression of the inverse operand a (x) is a (x) ═ ahx+al;
The polynomial expression of the inversion result b (x) is b (x) ═ bhx+bl;b(x)=a(x)-1;
Wherein, ah,al,bh,blAre all finite fields GF (2)n) Of (2) is used.
Incidentally, GF ((2)n)2) Is q (x) x2+ x + e, e is the finite field GF (2)n) Is constant. The inverse operand a (x) is composed of two n-bit numbers, and can be expressed in polynomial form or coefficient form, such as a (x) a (a)h,al),ah,alIs a finite field GF (2)n) Of (2) is used. The inversion result b (x) is composed of two n-bit arrays, and can be expressed in the form of a polynomial or a coefficient, such as b (x) b (b)h,bl),bh,blIs a finite field GF (2)n) Of (2) is used.
Furthermore, the arithmetic unit comprises an addition operation module 4, a first multiplication operation module 5, a second multiplication operation module 6, a first square operation module 7, a second square operation module 8 and an inversion operation module 9;
the input port further comprises a port clk for inputting a clock signal;
the controller is specifically configured to invoke the first square operation module to calculate s in a first clock cycle0=ah 2Calling the second square operation module to calculate s1=al 2Calling the addition operation module to calculate s2=ah+al;
In the second clock cycle, calling the first multiplication operation module to calculate s3=al×s2Calling the second multiplication operation module to calculate s4=s0×e;
In the third clock cycle, calling the addition operation module to calculate s5=s4+s3;
In the fourth clock cycle, calling the inversion operation module to calculate s6=s5 -1;
In the fifth clock cycle, calling the first multiplication operation module to calculate bl=s2×s6Calling the second multiplication operation module to calculate bh=ah×s6Further, b (x) and b are calculatedhx+bl;
Wherein s is0,ah,s1,al,s2,s3,s4,s5,s6,bl,bhAre all finite fields GF (2)n) E is a finite field GF (2)n) Is constant.
The controller 1 is connected to the addition module 4, the first multiplication module 5, the second multiplication module 6, the first square operation module 7, the second square operation module 8, and the inversion module 9, respectively. The input port further comprises a port clk for inputting a clock signal. The controller is also used for analyzing the clock signal. The clock signal is a single-bit signal, takes the value of 0 or 1 and represents low level or high level, and low levelGoing high represents the beginning of a clock cycle. The addition module includes a module for calculating GF (2)n) A logic gate circuit for addition; the first multiplication module and the second multiplication module respectively comprise a module for calculating GF (2)n) A lookup table structure and calculation circuit for multiplication; the first squaring module and the second squaring module respectively comprise a computing module for computing GF (2)n) A squared look-up table structure and a calculation circuit; the inversion operation module comprises a calculation module for calculating GF (2)n) An inverted look-up table structure and a calculation circuit.
Further, the addition module comprises n xor logic gates for the finite field GF (2)n) C (x) and d (x), calculating ei=ci+diFurther obtain the addition result
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,d(x)=dn-1xn-1+dn-2xn-2+...+d0,e(x)=en- 1xn-1+en-2xn-2+...+e0I-0, 1, n-1, n ≧ 1, + is finite field GF (2)n) Addition of cn-1,cn-2,...,c0,dn-1,dn-2,...,d0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
The finite field GF (2)n) The addition of (2) uses exclusive or logic gates, so that the addition block comprises n exclusive or logic gates for computing GF (2)n) The addition of two known elements c (x) and d (x) e (x) ═ c (x) + d (x). In a specific operation, e is calculated for i 0,1i=ci+diThe result of the addition operation is obtained
Further, theThe first squaring operation module and the second squaring operation module are respectively used for aiming at a finite field GF (2)n) C (x) from the first column of the pre-established square look-up tableiObtaining ciElement e of the second column of the rowiFurther obtain the square operation result of c (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,e(x)=en-1xn-1+en-2xn-2+...+e0,i=0,1,...,n-1,cn-1,cn-2,...,c0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
It should be noted that the first squaring module and the second squaring module have the same structure and are used for calculating the finite field GF (2)n) The square e (x) of (c), (x) c (x)2. In concrete operation, firstly, looking up c in the first column of the square lookup tableiAfter finding, c in the square lookup tableiThe element in the second column of the row is ciThe result of the square operation of (d) is stored in (e)iThe square operation result of c (x) can be obtained
Further, the first squaring module and the second squaring module are respectively used for aiming at a finite field GF (2)n) Is calculated as β ═ α for each element α of2modp (x) and stores α in a first column of a table and β in a second column of the table where α is located to create the square lookup table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1And beta are both finite fields GF (2)n) Of (2) is used.
It should be noted that before the first squaring module and the second squaring module operate, a square lookup table needs to be established in the modules. For finite field GF (2)n) For each element of (a), calculating its square, e.g. GF (2)n) The element being alpha, calculating beta as alpha2mod p (x) and stores α in a first column of the table and β in a second column of the table where α is located. In the finite field GF (2)n) After each element of (1) and its square result are correspondingly stored in the table, the table is used as a square lookup table.
Further, the first multiplication module and the second multiplication module are respectively used for the finite field GF (2)n) C (x) and d (x), all c are found from the first column of the pre-established multiplication look-up tableiFrom ciLooking up d in the second column of rowsiObtaining the found diThird column element e of the rowiFurther obtain the multiplication result of c (x) and d (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,d(x)=dn-1xn-1+dn-2xn-2+...+d0,e(x)=en- 1xn-1+en-2xn-2+...+e0,cn-1,cn-2,...,c0,dn-1,dn-2,...,d0,en-1,en-2,...,e0Are all finite fields GF (2)n) I is 0,1, n-1, n is more than or equal to 1.
The finite field GF (2)n) The multiplication of (c) uses and logic gates. The first and second multiplication modules have the same structure and are used for calculating the finite field GF (2)n) The multiplication e (x) of two known elements c (x) and d (x) of (a), (b), (c), (x) and (x). In concrete operation, firstly looking up c in the first column of the multiplication lookup tableiThe first column of a general multiplication look-up table has a plurality of ciFind out all ciFrom each ciLooking up d in the elements of the second column of rowsiAfter finding, c isiAnd diThe third instance element of the row stores to eiThe multiplication result of c (x) and d (x) is obtained
Further, the first multiplication module and the second multiplication module are respectively used for the finite field GF (2)n) Calculating δ ═ α × β modp (x), and storing α in a first column of a table, β in a second column of the table where α is located, and δ in a third column of the table where β is located, to build the multiplication look-up table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1Delta is a finite field GF (2)n) Of (2) is used.
It should be noted that before the first multiplication module and the second multiplication module operate, a multiplication lookup table needs to be established in the modules. For finite field GF (2)n) Computing a multiplication of any two elements of (e.g. GF (2))n) Is calculated as α and β, and α is stored in the first column of the table, β is stored in the second column of the table in which α is located in the row, and δ is stored in the third column of the table in which α and β are located. In the finite field GF (2)n) After every two elements of (1) and the multiplication result thereof are correspondingly stored in the table, the table is used as a multiplication lookup table.
Further, the inversion operation module is configured to target the finite field GF (2)n) C (x) from the first column of the pre-established inversion look-up tableiIf c is foundiThen obtain ciElement e of the second column of the rowiFurther obtain the inversion operation result of c (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,e(x)=en-1xn-1+en-2xn-2+...+e0,i=0,1,...,n-1,cn-1,cn-2,...,c0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
It should be noted that the inversion module is used for calculating the finite field GF (2)n) The inversion of the known element c (x), e (x) c (x)-1. In concrete operation, firstly, looking up c in the first column of the square lookup tableiIf c is not foundiThen explain ciNo inverse element, if found, invert c in the lookup tableiThe element in the second column of the row is ciThe result of inversion of (d) is stored in (e)iObtaining the inversion operation result of c (x)
Further, the inversion operation module is further configured to target the finite field GF (2)n) Is calculated as β ═ α for each element α of- 1modp (x) and stores α in a first column of a table and β in a second column of a row of the table in which α is located to construct the inversion lookup table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1Delta is a finite field GF (2)n) Of (2) is used.
It should be noted that before the inversion operation module runs, an inversion lookup table needs to be established in the module. For finite field GF (2)n) Each element (except the zero-element) of (f), computing an inversion, e.g. GF (2)n) The element being alpha, calculating beta as alpha-1mod p (x) and stores α in a first column of the table and β in a second column of the table where α is located. In willFinite field GF (2)n) After each element and the inversion result thereof are correspondingly stored in the table, the table is used as an inversion lookup table.
The working process of the complex finite field inversion device provided by the embodiment of the present invention is described below by taking n as an example, which is 4.
The input port operand a (x) is the complex finite field GF ((2)4)2) May be expressed in the form of a polynomial:
a(x)=ahx+al,
ah,alis a finite field GF (2)4) Of (2) is used.
The operand b (x) of the output port is the complex finite field GF ((2)4)2) May be expressed in the form of a polynomial:
b(x)=bhx+bl,
bh,blis a finite field GF (2)4) Of (2) is used.
The clock signal clk at the input port is a single bit signal with a clock period of 50 nanoseconds.
The controller calculates GF ((2)4)2) B (x) a (x)-1In which GF ((2))4)2) Is q (x) x2+ x +9, the procedure is as follows:
the controller receives input operands a (x) and a clock signal, and waits for the clock signal to turn from a low level to a high level;
in the first clock period, the controller calls a first square operation module to calculate s0=ah 2,s0,ahIs a finite field GF (2)4) An element of (1); the controller calls a second square operation module to calculate s1=al 2,s1,alIs a finite field GF (2)4) An element of (1); the controller calls the addition operation module to calculate s2=ah+al,s2,ah,alIs a finite field GF (2)4) An element of (1);
in the second clock cycle, the controller calls for the first multiplication operationModule calculation s3=al×s2,s3,al,s2Is a finite field GF (2)4) An element of (1); the controller calls a second multiplication operation module to calculate s4=s0×9,s4,s0Is a finite field GF (2)4) An element of (1);
in the third clock period, the controller calls an addition operation module to calculate s5=s4+s3,s5,s4,s3Is a finite field GF (2)4) An element of (1);
in the fourth clock period, the controller calls an inversion operation module to calculate s6=s5 -1,s6,s5Is a finite field GF (2)4) An element of (1);
in the fifth clock period, the controller calls the first multiplication operation module to calculate bl=s2×s6,bl,s2,s6Is a finite field GF (2)4) An element of (1); the controller calls a second multiplication operation module to calculate bh=ah×s6,bl,ah,s6Is a finite field GF (2)4) An element of (1);
finally, b (x) bhx+blIs a (x) ═ ahx+alIs output to the output port by the controller.
In the embodiment of the invention, in the complex finite field inversion operation, multiplication operation, square operation and inversion operation are carried out based on the lookup table, and compared with the finite field inverter in the prior art, the operation efficiency is effectively improved, and the method can be widely applied to various engineering fields.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (8)
1. A composite finite field inversion device based on a lookup table is characterized by comprising a controller, an input port, an output port and an arithmetic unit;
the input port is used for inputting a composite finite field GF ((2)n)2) The inversion operand a (x);
the controller is used for calling the arithmetic unit to perform inversion operation on the inversion operand a (x) to obtain a composite finite field GF ((2)n)2) The inversion result b (x) of (a);
the operator is used for running addition operation and multiplication operation, square operation and inversion operation based on a lookup table;
the output port is used for outputting the inversion operation result b (x);
the polynomial expression of the inverse operand a (x) is a (x) ═ ahx+al;
The polynomial expression of the inversion result b (x) is b (x) ═ bhx+bl;b(x)=a(x)-1;
Wherein, ah,al,bh,blAre all finite fields GF (2)n) An element of (1);
the arithmetic unit comprises an addition operation module, a first multiplication operation module, a second multiplication operation module, a first square operation module, a second square operation module and an inversion operation module;
the input port is also used for inputting a clock signal;
the controller is specifically configured to invoke the first square operation module to calculate s in a first clock cycle0=ah 2Calling the second square operation module to calculate s1=al 2Calling the addition operation module to calculate s2=ah+al;
In the second clock cycle, calling the first multiplication operation module to calculate s3=al×s2Calling the second multiplication operation module to calculate s4=s0×e;
In the third clock cycle, calling the addition operation module to calculate s5=s4+s3;
In the fourth placeClock period, calling the inversion operation module to calculate s6=s5 -1;
In the fifth clock cycle, calling the first multiplication operation module to calculate bl=s2×s6Calling the second multiplication operation module to calculate bh=ah×s6Further, b (x) and b are calculatedhx+bl;
Wherein s is0,ah,s1,al,s2,s3,s4,s5,s6,bl,bhAre all finite fields GF (2)n) E is a finite field GF (2)n) Is constant.
2. The lookup table based complex finite field inversion device as claimed in claim 1, wherein said addition operation block comprises n xor logic gates for GF (2) finite fieldn) C (x) and d (x), calculating ei=ci+diFurther obtain the addition result
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,d(x)=dn-1xn-1+dn-2xn-2+...+d0,e(x)=en-1xn-1+en-2xn-2+...+e0I-0, 1, n-1, n ≧ 1, + is finite field GF (2)n) Addition of cn-1,cn-2,...,c0,dn-1,dn-2,...,d0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
3. The lookup table based complex finite field inversion apparatus of claim 1, wherein the first squaring module and the second squaring module are respectively used for GF (GF)2n) C (x) from the first column of the pre-established square look-up tableiObtaining ciElement e of the second column of the rowiFurther obtain the square operation result of c (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,e(x)=en-1xn-1+en-2xn-2+...+e0,i=0,1,...,n-1,cn-1,cn-2,...,c0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
4. The lookup table based complex finite field inversion device of claim 3 wherein the first squaring module and the second squaring module are further configured to target the finite field GF (2)n) Is calculated as β ═ α for each element α of2modp (x) and stores α in a first column of a table and β in a second column of the table where α is located to create the square lookup table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1And beta are both finite fields GF (2)n) Of (2) is used.
5. The lookup table based complex finite field inversion device of claim 1 wherein the first multiplication module and the second multiplication module are respectively used for GF (2)n) C (x) and d (x), all c are found from the first column of the pre-established multiplication look-up tableiFrom ciLooking up d in the second column of rowsiObtaining the found diThird column element e of the rowiFurther obtain the multiplication result of c (x) and d (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,d(x)=dn-1xn-1+dn-2xn-2+...+d0,e(x)=en-1xn-1+en-2xn-2+...+e0,cn-1,cn-2,...,c0,dn-1,dn-2,...,d0,en-1,en-2,...,e0Are all finite fields GF (2)n) I is 0,1, n-1, n is more than or equal to 1.
6. The lookup table based complex finite field inversion device of claim 5 wherein the first multiplication module and the second multiplication module are further configured to target the finite field GF (2)n) Calculating δ ═ α × β modp (x), and storing α in a first column of a table, β in a second column of the table where α is located, and δ in a third column of the table where β is located, to build the multiplication look-up table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1Delta is a finite field GF (2)n) Of (2) is used.
7. The lookup table based complex finite field inversion device of claim 1 wherein the inversion operation module is configured to target the finite field GF (2)n) C (x) from the first column of the pre-established inversion look-up tableiIf c is foundiThen obtain ciElement e of the second column of the rowiFurther obtain the inversion operation result of c (x)
Wherein c (x) cn-1xn-1+cn-2xn-2+...+c0,e(x)=en-1xn-1+en-2xn-2+...+e0,i=0,1,...,n-1,cn-1,cn-2,...,c0,en-1,en-2,...,e0Are all finite fields GF (2)n) Of (2) is used.
8. The lookup table based complex finite field inversion device of claim 7 wherein the inversion operation module is further configured to target the finite field GF (2)n) Is calculated as β ═ α for each element α of-1modp (x) and stores α in a first column of a table and β in a second column of a row of the table in which α is located to construct the inversion lookup table;
where mod is a modulo operation, p (x) xn+pn-1xn-1+.. +1 is the finite field GF (2)n) Irreducible polynomial of (a), pn-1,pn-2,...,p1Delta is a finite field GF (2)n) Of (2) is used.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711259902.7A CN108008934B (en) | 2017-12-04 | 2017-12-04 | Composite finite field inversion device based on lookup table |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711259902.7A CN108008934B (en) | 2017-12-04 | 2017-12-04 | Composite finite field inversion device based on lookup table |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108008934A CN108008934A (en) | 2018-05-08 |
| CN108008934B true CN108008934B (en) | 2021-09-07 |
Family
ID=62056279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711259902.7A Active CN108008934B (en) | 2017-12-04 | 2017-12-04 | Composite finite field inversion device based on lookup table |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108008934B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108897526B (en) * | 2018-06-29 | 2022-10-21 | 深圳职业技术学院 | Compound finite field inverter based on multiple square operations and inversion method thereof |
| CN108874367B (en) * | 2018-06-29 | 2022-05-13 | 深圳职业技术学院 | Compound finite field inverter based on power operation and inversion method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4994995A (en) * | 1990-03-14 | 1991-02-19 | International Business Machines Corporation | Bit-serial division method and apparatus |
| CN1688121A (en) * | 2005-06-16 | 2005-10-26 | 北京中星微电子有限公司 | AES add decipher circuit optimization method and multiplex sbox module |
| CN102521211A (en) * | 2011-11-17 | 2012-06-27 | 华南理工大学 | Parallel device for solving linear equation set on finite field |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200834411A (en) * | 2007-02-06 | 2008-08-16 | Univ Nat Chiao Tung | Method of accomplishing finite field divider structure |
| US8923510B2 (en) * | 2007-12-28 | 2014-12-30 | Intel Corporation | Method and apparatus for efficiently implementing the advanced encryption standard |
| CN101572602A (en) * | 2008-04-28 | 2009-11-04 | 陈婧 | Finite field inversion method based on hardware design and device thereof |
| CN101788900B (en) * | 2009-01-22 | 2012-07-18 | 北京大学 | Method and system for deciphering elliptic curve cryptosystem based on DNA self-assembly technology |
| CN107015782A (en) * | 2017-04-12 | 2017-08-04 | 深圳职业技术学院 | A kind of Galois field multiplier based on irreducible trinomial |
-
2017
- 2017-12-04 CN CN201711259902.7A patent/CN108008934B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4994995A (en) * | 1990-03-14 | 1991-02-19 | International Business Machines Corporation | Bit-serial division method and apparatus |
| CN1688121A (en) * | 2005-06-16 | 2005-10-26 | 北京中星微电子有限公司 | AES add decipher circuit optimization method and multiplex sbox module |
| CN102521211A (en) * | 2011-11-17 | 2012-06-27 | 华南理工大学 | Parallel device for solving linear equation set on finite field |
Non-Patent Citations (1)
| Title |
|---|
| 有限域运算和多变量公钥密码硬件的优化和设计;易海博;《中国博士学位论文全文数据库 信息科技辑》;中国学术期刊(光盘版)电子杂志社;20150815(第8期);第6-10页、第19-21页、表2-1、表2-2、表3-6 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108008934A (en) | 2018-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110351087B (en) | Pipelined Montgomery modular multiplication operation method | |
| US20120057695A1 (en) | Circuits for modular arithmetic based on the complementation of continued fractions | |
| US8862651B2 (en) | Method and apparatus for modulus reduction | |
| Liu et al. | High performance FPGA implementation of elliptic curve cryptography over binary fields | |
| CN108008934B (en) | Composite finite field inversion device based on lookup table | |
| CN107885486B (en) | Composite finite field inversion device based on search tree | |
| JP4180024B2 (en) | Multiplication remainder calculator and information processing apparatus | |
| Gutub et al. | Scalable VLSI architecture for GF (p) Montgomery modular inverse computation | |
| EP1600852B1 (en) | Method and apparatus for calculating a modular inverse | |
| Yan et al. | An implementation of Montgomery modular multiplication on FPGAs | |
| JP4170267B2 (en) | Multiplication remainder calculator and information processing apparatus | |
| CN103023659A (en) | ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width | |
| CN113467752B (en) | Division operation device, data processing system and method for private calculation | |
| CN108874367B (en) | Compound finite field inverter based on power operation and inversion method thereof | |
| Rahimzadeh et al. | Radix-4 implementation of redundant interleaved modular multiplication on FPGA | |
| Al-Khaleel et al. | An elliptic curve cryptosystem design based on FPGA pipeline folding | |
| Dong-Mei | A fast implementation of modular inversion over gf (2m) based on fpga | |
| KR100946256B1 (en) | Scalable Dual-Field Montgomery Multiplier On Dual Field Using Multi-Precision Carry Save Adder | |
| CN109358836B (en) | Composite domain division device based on table structure | |
| US20230042366A1 (en) | Sign-efficient addition and subtraction for streamingcomputations in cryptographic engines | |
| TWI403952B (en) | A large integer modulus index chip structure for signature cryptography | |
| Lin et al. | An efficient algorithm for computing modular division over GF (2 m) in elliptic curve cryptography | |
| KR20020086005A (en) | Inverse operator for elliptic curve cryptosystems | |
| US20240012615A1 (en) | Fast modular multiplication of large integers | |
| Amiri et al. | Concurrent reconfigurable architecture for mapping and encrypting a message in Elliptic Curve Cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |