CN108804075A - A kind of efficient Montgomery Multiplications building method based on special five formulas - Google Patents
A kind of efficient Montgomery Multiplications building method based on special five formulas Download PDFInfo
- Publication number
- CN108804075A CN108804075A CN201810601428.XA CN201810601428A CN108804075A CN 108804075 A CN108804075 A CN 108804075A CN 201810601428 A CN201810601428 A CN 201810601428A CN 108804075 A CN108804075 A CN 108804075A
- Authority
- CN
- China
- Prior art keywords
- multiplier
- formulas
- montgomery
- present
- formula
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/38—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
- G06F7/48—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
- G06F7/52—Multiplying; Dividing
- G06F7/523—Multiplying only
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Complex Calculations (AREA)
Abstract
The invention discloses a kind of efficient Montgomery Multiplications building methods based on special five formulas, devise finite fieldGF(2 m ) a upper low complex degree Montgomery bit parallel multiplier A kind.What the multiplier calculated is by a kind of special irreducible five formulasx m +x m‑1+x k +x+ 1 generated finite field multiplier.The present invention, can be by finite field using generalized polynomial base squarer and a kind of algorithm PCHS algorithms of dividing and ruling proposed recentlyGF(2 m ) on multiplication be divided intomThe combination of/2 second son polynomial multiplications and Montgomery/GPB square operations, the multiplication constructed has the features such as simple in structure, therefore can efficiently realize.Compared with the most fast similar multiplier of present speed, the multiplier that the present invention is constructed can about save 1/4 logic gate, and required time complexity can match with the parallel multiplier without using algorithm of dividing and ruling is proposed before.
Description
Technical field
The invention belongs to computers and information technology field, specifically, being related to a kind of based on the efficient of special five formulas
Montgomery Multiplications building method.
Background technology
Finite field gf (2m) (Galois Field) more in Combination Design, coding theory, computer algebra and cryptography etc.
There is important application in a field.More and more people begin one's study GF (2m) comultiplication efficient realization.The main reason is that
GF(2m) complicated arithmetical operation include inverting to may be by multiplying with power operation to realize.Nowadays, due to more next
More gates are incorporated into one single chip, so bit parallel multiplier A kind framework becomes very universal.In recent years, many
Bit parallel GF (2m) multiplier is suggested, to obtain lower room and time complexity.The range that these schemes cover
Very extensively, including situations such as different basis representation and generator polynomial.Wherein, polynomial basis (Polynomial Basis, PB)
It is wide with irreducible trinomial purposes ratio.However, irreducible trinomial is not all existing on any domain.As can not
The distribution of the about replacement multinomial of trinomial, irreducible five formulas is wider, more.There is document supposition, has given arbitrary
At least there is irreducible five formula in number m >=4.
Present invention contemplates that the GF (2 indicated using PBm) on multiplication by polynomial multiplication and a Modular reduction structure
At.In general, the efficiency of the PB multipliers based on five formulas will be less than trinomial because five formulas during mould yojan more
For complexity.Therefore, using five formulas of special shape, the methods of polynomial basis is made a variation to save the side in space, time complexity
Case is suggested successively.A kind of new algorithm PCHS algorithms of dividing and ruling using square operation, (Park- are used in the prior art
Chang-Hong-Seo,PCHS).It is suitable for designing bit parallel multiplier A kind using I types and II types multinomial.Their side
Method requires to carry out efficient square operation to five formulas.But, the square operation of five formulas is not very simple.Hariri and
Reyhani-Masoleh gives a kind of based on special five formula xm+xk+1+xk+xk-1The Meng Gema of+1 (3 < k < (m-3)/2)
Sharp square operation.Park gives the specific formula and complexity of general five formula square operations.According to theirs as a result, being apparent from
General five formulas square at least need 3m/2 XOR gate XOR and 3TXTime delay (TXIndicate the time delay of XOR gate XOR), it compares
Under, five formulas of II types square more efficiently, it only needs the XOR gate and 2T of 3m/2XTime delay.Cilardo proposes one
Variant-generalized polynomial base (GeneralizedPolynomialBasis, GPB) of the new PB of kind, optimizes irreducible five
The multiplier architecture of formula.Particularly, he also proposed five formulas of two kinds of new types:
Type C.1:xm+xm-1+xk+ x+1, (m-1 > k > 1),
Type C.2:xm+xm-k1+xk2+xk1+1,(m-k1> k2> k1> 1),
And give corresponding optimal GPB parameters.He claims that the GPB multipliers of these types are not less than best special defects
Five formulas of type.On the basis of Cilardo works, Xiong and Fan give C.1 five formula x of typem+xm-1+xk+x+1,Efficient GPB least squares equations.
Based on the formula of C.1 five formula GPB squarers of type, divide and rule algorithm in conjunction with PCHS, we can construct it is a kind of efficiently
Five formula bit parallel multiplier A kinds of C.1 type.
Invention content
It is an object of the present invention to propose a kind of efficient Montgomery Multiplications construction side based on special five formulas
Method.This method main thought is the expansion algorithm of the GPB square operations and PCHS methods in conjunction with the prior art, constructs C.1 type
Five formula xm+xm-1+xk+x+1,Efficient bit parallel multiplier A kind.It should be noted that GPB square operations etc.
Valence is in Montgomery square operation.Therefore what the multiplier constructed the present invention is based on GPB squarers calculated is montgomery multiplication.
In addition, utilizing existing reciprocal polynomial characteristic, it was demonstrated that when reversion outputs and inputs coefficient, can utilize same as above
Structure is executed about five formula xm+xm-1+xm-k+x+1,Montgomery multiplication.
Its technical solution is as follows:
A kind of efficient Montgomery Multiplications building method based on special five formulas, includes the following steps:
Assuming that finite field gf (2m) it is by five formula f (x)=x of an irreducible C.1 typem+xm-1+xk+ x+1,
It is generated.Domain GF (2m) on element using set 1, x ..., xm-1It is that polynomial basis indicates.Enable A, B ∈ GF (2m) it is more
Any two element of finite field under item formula expression:
A (x)=am-1xm-1+am-2xm-2+…+a1x+a0,
B (x)=bm-1xm-1+bm-2xm-2+…+b1x+b0.
Wherein ai,When m is arbitrary odd number.A, B is split as respectively:
A=A1 2+xA2 2And B=x-1B1 2+B2 2,
Wherein
So polynomial multiplication AB can write:
Wherein C=A1+A2, D=B1+B2.
Obviously, equation (1) can reduce by a sub- polynomial multiplication, but can increase by three additions simultaneously.Its core is thought
Want to be similar to Karatsuba algorithms.Equation (1) can expand to the case where m is even number[21]Such case and the previous case
It is slightly different.A, B is divided into now:
Specification
A=A1 2+xA2 2, B=B1 2+xB2 2
It is therein
So polynomial multiplication AB can write again:
We use γ (x) ∈ GF (2m) indicating Montgomery parameter, then montgomery multiplication indicates as follows:
A(x)·B(x)·γ(x)modf(x).(3)
Equation (1) (2) is brought into (3), equation (3) can be extended to by the present invention:
When m is odd number
AB γ=[(A1 2+xA2 2)(x-1B1 2+B2 2)] γ=(A1B1)2γ(1+x-1)+(A2B2)2γ(1+x)+(CD)2γ,
Wherein C=A1+A2, D=B1+B2.
When m is even number:
AB γ=[(A1 2+xA2 2)(x-1B1 2+B2 2)] γ=(A1B1)2γx(1+x-1)+(A2B2)2γx(1+x)+(CD)2γ
x,
Wherein C=A1+A2, D=B1+B2.
Montgomery multiplication is all converted to three square operations by above-mentioned two expression formula.In order to utilize GPB squares of public affairs
Formula selects following γ (x) as Montgomery parameter:
As f (x)=xm+xm-1+xkWhen+x+1, R=xm-k+xm-k-1+1.Therefore, equation (4) has in both cases
Identical variation, i.e.,:
AB γ=(A1B1)2R(1+x-1)+(A2B2)2R(1+x)+(CD)2R.(5)
Such extension can reduce the classification quantity of Montgomery Multiplications, and corresponding Montgomery square operation
It can also keep simplest form.
It is apparent from A1B1,A2B2Number with CD is at most m-1.Following symbol is used in reporting remaining part:
Particularly,In coefficient ciIt is as follows:
When m is odd number:
When m is even number:
Similarly, it can obtain about diSpecific formula.The calculating of CD is slightly different.C=A1+A2, D=B1+B2's
It calculates and needs additional TXTime delay.If m is even number, enableIt can obtain:
If m is odd number, the number of C, D are at most m/2-1, are enabledSo it is
Number eiFor:
It is apparent from coefficient e in (8)iIt needsTime delay;If m is even number, the e in (9) formulaiIt needsTime delay.
In addition, time complexity formula shows other than sub-fraction C.1 five formulas of type, the time delay of polynomial multiplication CD
Equal to A1B1And A2B2Time delay.Only when m be odd number andWhen, the calculating of CD and A1B1With
A2B is compared to more TXTime delay, and if only if m=2i+1,i>0。
Next, by calculating A1B1,A2B2Montgomery square (or GPB squares) operation with CD obtains S1,S2,S3's
As a result it and mutually adds up.According to S1,S2,S3Different delay, multiplier computation sequence is as follows:
Wherein (S1+S2) indicate S1+S2Result.
Beneficial effects of the present invention are:
The efficient Montgomery Multiplications constructed the present invention is based on special five formulas with it is most fast based on irreducible at present
The bit parallel multiplier A kind of five formulas is compared, and the present invention can save about 1/4 space complexity.The present invention will be based on for the first time
Square algorithm of dividing and ruling (PCSH methods) expand to the modular multiplications of irreducible five formulas of C.1 type, this type it is irreducible
Five formula distributions are wide, quantity is more, the multiplier given by the present invention can be applied to realize.The improved computational methods of the present invention are effective
The data sharing between multinomial is utilized in ground, and gives specific complexity analyzing, while being proved using reciprocal property
Two kinds C.1 type five formulas have identical realization circuit.The space complexity of the method for the present invention is with original based on PCHS
The multiplier space complexity of method is roughly the same, and time complexity is not higher than the general multipliers for algorithm of not dividing and ruling previously
Or Montgomery Multiplications.
Specific implementation mode
Technical scheme of the present invention is described in more detail with reference to specific implementation mode is met.
1, pre-knowledge
This section present invention briefly introduces basic concepts, including PCHS algorithms, C.1 the GPB quadratic sums one of five formulas of type
A little necessary lemma.
1.1PCHS methods and its extension
PCHS methods are that one kind of polynomial multiplication optimization is divided and ruled algorithm, it is according to x number of undefined term by a multinomial
Resolve into two submultinomials.But method originally is only applicable to the polynomial multiplier that number is odd number, the prior art will
It is extended to adapt to polynomial multiplication of the number as even number.Assuming that It isTwo on [x]
A multinomial, m are arbitrary odd numbers.A, B is split as respectively:
A=A1 2+xA2 2, B=x-1B1 2+B2 2
Wherein
So polynomial multiplication AB can write:
Wherein C=A1+A2, D=B1+B2.
Obviously, equation (1) can reduce by a sub- polynomial multiplication, but can increase by three additions simultaneously.Its core is thought
Want to be similar to Karatsuba algorithms.Equation (1) can expand to the case where m is even number, and such case slightly has with the previous case
It is different.A, B is divided into now:
A=A1 2+xA2 2, B=B1 2+xB2 2
It is therein
So polynomial multiplication AB can write again:
Wherein C=A1+A2, D=B1+B2Obviously, further include square operation in addition to addition and multiplication in equation (2).In order to
Efficient multiplier is constructed, these formula should be combined with quick square operation.In the prior art, Park et al. is utilized weak
Reciproccal basis (WeakDualBasis, WDB) has constructed least squares equation, and the Montgomery that they also use trinomial simultaneously is flat
Side.
GPB squares of five formulas of 1.2C.1 types
For accurate description GPB square operations, the present invention introduces the definition of GPB first:
Define 1:Given GF (2m) on ordered set M={ xi| 0≤i≤m-1 } and R (x) ∈ GF (2m) *, then ordered set
{R(x)xi| 0≤i≤m-1 } it is generalized polynomial base about M.
Obviously, it is assumed that A, B, C ∈ GF (2m) it is polynomial basis, f (x) is GF (2m) on generator polynomial.Use GPB tables
The multiplication on domain shown defines CR=ARBR modf (x) similarly, and GPB square operations can be expressed as
CR=(AR)2modf(x).
It is to be particularly noted that GPB parameters R is the element of a non-zero.The both sides of above-mentioned equation divided by R, obtain C=
A2R modf (x), it is believed that it is montgomery multiplication, and wherein R is exactly Montgomery parameter.In fact, GF (2m) on
Montgomery multiplication and GPB multiplication it is inherently identical.Notice that the GPB least squares equations provided in the prior art are to multiply
The PB of product C is indicated, rather than its GPB is indicated.C.1 five formulas of type are xm+xm-1+xk+ x+1, corresponding GPB parameters R is R=xm-k+
xm-k-1+1.Xiong et al. gives the specific formula of above-mentioned five formulas GPB square operations.It is strange that but they, which simply show m,
Number,The case where.In appendix A, the present invention their result promote and give for all m and(or) Montgomery/GPB least squares equations.
1.3 reciprocal polynomial
In the prior art, some describes one about the irreducible function f's (x) in finite field and it is reciprocal
MultinomialBetween similitude critical nature.Related definition and lemma are as follows.
Define 2:Assuming that f (x)=pmxm+pm-1xm-1+…+p1x+p0It is the F that number is m2On a multinomial, it is reciprocal
MultinomialIt is defined as
If f (x) is irreducible, then its reciprocal polynomialIt is also irreducible.Definition mapping ψ is as follows:
Wherein A ∈ F2[x]/(f),Then the present invention can be obtained by following lemma.
1. ψ of lemma is dijection and has following property:
1, ψ is to add operation isomorphism, from F2[x]/(f) is arrivedOn Additive Maps be
2, to arbitrary A ∈ F2[x]/(f) present invention has
3, ψ is to multiplying isomorphism, from from F2[x]/(f) is arrivedOn montgomery multiplication mapping be
(5) about the proof of lemma (1) in.Based on above-mentioned lemma, Cilardo also gives the multiplication of reciprocal polynomial
Device property.His conclusion can be summarized as following lemma.
Lemma 2:The GPB multipliers of given irreducible function f (x) and its parameter R (x), which can also be executed, to be had
Parameter R (x-1)·x-(m-1)Reciprocal polynomial f (x) multiplication, specific method is:Multiplier architecture is constant, inputs system of polynomials
Number reverses input, output result inverted order to read.
The present invention will expand the result of the 4th part using these properties.
The Montgomery Multiplications of five formulas of 2.C.1 types
The combination of PCHS methods and GPB methods based on extension, this section propose a kind of illiteracy brother of new five formulas of C.1 type
Horse profit multiplier.
Assuming that finite field gf (2m) by five formula f (x)=x of an irreducible C.1 typem+xm-1+xk+ x+1 (1 < k <) is raw
At domain GF (2m) on element using polynomial basis 1, x ... xm-1Indicate.Enable A, B ∈ GF (2m) it is that polynomial basis indicates
Any two element:
A (x)=am-1xm-1+am-2xm-2+…+a1x+a0,
B (x)=bm-1xm-1+bm-2xm-2+…+b1x+b0.
Wherein ai,bi∈F2.
With γ (x) ∈ GF (2m) indicating Montgomery parameter, then montgomery multiplication indicates as follows:
A(x)·B(x)·γ(x)modf(x).(3)
Equation (1) (2) is brought into (3), equation (3) can be extended to by the present invention:
When m is odd number
AB γ=[(A1 2+xA2 2)(x-1B1 2+B2 2)] γ=(A1B1)2γ(1+x-1)+(A2B2)2γ(1+x)+(CD)2γ,
Wherein C=A1+A2, D=B1+B2.
When m is even number:
AB γ=[(A1 2+xA2 2)(x-1B1 2+B2 2)] γ=(A1B1)2γx(1+x-1)+(A2B2)2γx(1+x)+(CD)2γ
x,
Wherein C=A1+A2, D=B1+B2.
Montgomery multiplication is all converted to three square operations by above-mentioned two expression formula.In order to utilize GPB squares of public affairs
Formula, the present invention select following γ (x) as Montgomery parameter:
As f (x)=xm+xm-1+xkWhen+x+1, R=xm-k+xm-k-1+1.Therefore, montgomery multiplication (4) is in both feelings
There is identical variation under condition:
AB γ=(A1B1)2R(1+x-1)+(A2B2)2R(1+x)+(CD)2R.(5)
Such extension can reduce the classification quantity of Montgomery Multiplications, and corresponding Montgomery square operation
It can also keep simplest form.
It is apparent from A1B1,A2B2Number with CD is at most m-1.In reporting remaining part, the present invention uses following symbol:
Next, the present invention makes a concrete analysis of S respectively1,S2And S3Specific calculating.
2.1A1B1,A2B2With the complexity of CD.
This section brief analysis calculates S1,S2And S3Required polynomial multiplication A1B1,A2B2With the complexity of CD.According to it
Preceding description,In coefficient ciIt is as follows:
When m is odd number:
When m is even number:
Similarly, it can obtain about diSpecific formula.If m is odd number, c0=0, dm-1=0, if m is even number,
There is cm-1=dm-1=0.It is easy to find coefficient c in (6)iCalculating need (m altogether2- 1)/4 and door, (m2- 4m+3)/4 exclusive or
Men HeTime delay.When m is even number, (m is needed2- 1)/4 and door, (m2- 4m+3)/4 XOR gates andTime delay.A1B1Time & Space Complexity and A2B2It is identical.
The calculating of CD is slightly different.C=A1+A2, D=B1+B2Calculating need the XOR gate of m-1 and additional TXTime delay.
If m is even number, enableIt can obtain:
If m is odd number, the number of C, D are at most m/2-1, are enabledSo it is
Number eiFor:
It can be found that coefficient e in (8)iIt needs ((m+1)2)/4 gate, ((m-1)2)/4 XOR gate,Time delay., whereas if m is even number, the e in (9) formulaiNeed m2/ 4 gates, (m2-4m+4)/4
A XOR gate,Time delay.
In addition, time complexity formula shows other than sub-fraction C.1 five formulas of type, the time delay of polynomial multiplication CD
Equal to A1B1And A2B2Time delay.Only when m be odd number andWhen, the calculating of CD and A1B1With
A2B is compared to more TXTime delay, and if only if m=2i+1,i>0.In fact, the present invention demonstrate number [7,1025] it
Between irreducible five formulas of C.1 type, find only as 24.
Example 2.1:Consider in GF (25) on using PB indicate domain multiplication and irreducible trinomial x5+x4+x2+ x+1. by
It is odd number in its number, the present invention selects γ=x3+x2+ 1 is used as Montgomery parameter.Assuming that It is GF (25) on any two element, A, B be split as A=A by the present invention1+xA2 2, B=x-1B1+B2 2,
Wherein
A1=a4x2+a2x+a0,A2=a3x+a1,
B1=b3x2+b1x,B2=b4x2+b2x+b0.
According to equation (1) and (3), the present invention has
ABR=(A1 2+xA2 2)(x-1B1 2+B2 2) R=[(A1B1)2(1+x-1)+(A2B2)2(1+x)+(CD)2] R=S1+S2+
S3,
Here C, D are respectively
Then it can obtain
A1B1=(a4b3)x4+(a2b3+a4b1)x3+(a0b3+a2b1)x2+a0b1x,
A2B3=(a3b4)x3+(a1b4+a3b2)x2+(a1b2+a3b0)x+a1b0,
CD=u2v2x4+(u1v2+u2v1)x3+(u0v2+u1v2+u2v0)x2+(u0v1+u1v0)x+u0v0
It is apparent from A from above formula1B1,A2B2, the Time & Space Complexity of CD.In this example, CD ratios A1B1,A2B2It is more
One TXTime delay.
2.2S1,S2,S3Calculating
According to description before, S is calculated1,S2,S3Key be calculate A1B1,A2B2With the Montgomery square or GPB of CD
Square operation.With reference to the Montgomery in appendix A/GPB squares, C.1 five formulas of type are divided into 8 classes by the present invention, are then divided respectively
Analyse S1,S2,S3Calculating under classifying at this 8 kinds.8 kinds of classification situations are specific as follows:
1, m is odd number, and k is even number, 1<k<(m-1)/2;
2, m is odd number, and k is even number, k=(m-1)/2;
3, m is odd number, and k is odd number, 1<k<(m-1)/2;
4, m is odd number, and k is odd number, k=(m-1)/2;
5, m is even number, and k is odd number, 1<k<m/2;
6, m is even number, and k is odd number, k=m/2;
7, m is even number, and k is even number, 1<k<m/2;
8, m is even number, and k is even number, k=m/2.
The above situation corresponds to different Montgomery square formula, therefore can also obtain different S1,S2,S3Calculation formula.
The present invention mainly provides two kinds of typical situations and calculates details, i.e.,:Situation 1 and situation 5.
Situation 1:Define Montgomery square (A1B1)2R modf (x) areThe present invention can obtain following put down
Square formula:
Because of xm+xm-1+xk+ x=1, so x-1=xm-1+xm-2+xk-1+ 1. then the present invention can obtain:
Θ indicates set { 0, k-1, m-2, m-1 }.The present invention replaces z with the expression formula in (10)i,S1Coefficient by equation
(13) it provides.S2Calculating and S1Computational methods it is the same.A2B2Montgomery square expression be defined asIt obtains:
Θ indicates group { 0,1, k, m-1 } .S2Coefficient provided by equation (14).
When using binary tree by S1And S2When addition, it is found that their each coefficient ri+siBy being at most added by 7 values
It obtains, this illustrates S1+S2Parallel Implementation at most needExclusive or gate delay.In table 1, the present invention summarizes and S1
+S2The specific number that relevant each coefficient calculates.Present invention discover that other than the coefficient of part, their major parts therein are by 6
Item composition.Work as c0=dm-1When=0, to obtain S1+S2Coefficient, need the XOR gate of 5m-2 altogether.
Table 1:R in situation 1i+siRequired item number
Situation 5:In this case, S1And S2Transformation and situation 1 (11) with proposed in (12) be as, but cover
Montgomery least squares equation is different.Specific coefficient formula provides in (15), (16).
Table 2 illustrate in this case, S1+S2Parallel Implementation be at most also required toXOR gate.The present invention
Other several S are given in Appendix B1And S2Specific formula.In this case, cm-1=dm-1=0, therefore
A has been calculated1B1And A2B2Later, S in order to obtain1+S2Also need to the XOR gate of 5m-1.Equally, the present invention can also be easily
Obtain S in the case of other1+S2Time delay, it can be seen that all these calculating can be in 3TXWhen Yanzhong complete.
Table 2:R in situation 5i+siRequired item number
And then the present invention considers S3Calculating.After calculating CD, it is flat that the present invention need to only execute a Montgomery
Side can be obtained by S3.According to the Montgomery square formula provided in (10) and appendix A, 2T is neededXTime delay and be no more thanXOR gate can realize such operation.In addition, as stated before, C=A1+A2And D=B1+B2It is parallel
Operation needs additional TXTime delay.In addition, the circuit delay of CD is equal to A1B1And A2B2(other than a small number of several multinomials).?
These all circuit delays add up, present invention discover that S3Actually and S1+S2There is the same time delay.So the two are expressed
Formula can be with parallel computation.Finally, the present invention is only needed S1+S2And S3It is added together and can be obtained by as a result, thus needing m
Obtain XOR gate and TXTime delay.Computation sequence can arrange as follows
Wherein (S1+S2) indicate S1+S2Result.The present invention summarizes the space of each calculating section above in table 3
The result of complexity.
Table 3:Space complexity in formula (17) per part
It is apparent from 1 by table 3, the multiplier complexity of 3 two kind of situation.
1 multiplier of situation:
With door quantity:
XOR gate quantity:
Time delay:
5 multiplier of situation:
With door quantity:
XOR gate quantity:
Time delay:
The computational methods of other several situations are identical as the method for situation 1 and 5.Finally, the present invention summarizes these in table 4
The theoretic room and time complexity of multiplier.In particular, the complexity of the multiplier of other several situations is almost and feelings
Condition 1 and 5 it is identical.
Table 4:C.1 the complexity of five formula Montgomery Multiplications of type
Example 3.2:Consider S in example 3.11,S2,S3Calculating be easy to get S on the basis of appendix A, B formula1,S2,S3
Coefficient it is as follows:
Obviously, S1+S2Each coefficient at most formed by 7, therefore can be in 3TXMiddle completion calculates;S3Each coefficient
At most include 4 items, it can be in 2TXMiddle completion calculates.Therefore, S1,S2,S3Calculating can be provided by (17).3. reciprocal property
So far, the present invention only analyzes C.1 five formula f (x)=x of typem+xm-1+xk+ x+1 exists(or)
When Montgomery Multiplications.According to the description of 2.3 sections, it is apparent fromIt is the reciprocal more of f (x)
Item formula, andIt is upper irreducible.Obviously,(or) such five formulas also belong to
C.1 five formulas of type.By lemma 2 it is found that by selecting suitable GPB parameters, f (x) andGPB multiplier circuits can be with
It is identical.It should be noted that GPB multiplication is equivalent to the montgomery multiplication with identical parameters.But due to the present invention
Montgomery multiplication is realized using different structure and different parameter γ (square journey (4)), so conclusion is not direct
's.
In this section, the present invention, which will demonstrate that, to be established about f (x) and its reciprocal polynomial using identical circuitBased on square Montgomery Multiplications.
Theorem 1:With parameter γ (x-1)·x-(m-1)MultinomialBased on square Montgomery Multiplications electricity
Road is identical as with the circuit of polynomial f (x) of parameter γ (x).
Before proving above-mentioned theorem, the present invention first introduces a symbol in relation to proving.Given number q<The GF of m-1
(2m) elements that indicate of the PB in domainWherein q is hq≠ 0 maximal index.It is expressed as?
That isIndicate that the coefficient of h (x) is the reversion from 0 to q.Please note that such symbol withIt is different.Such as h (x)=h1x+
h0It is GF (25) on element, whenWhen,It proves:First, by lemma 1 present invention understands that F2[x]/
(f) andThe two quotient rings are isomorphisms, and the 2.3 section mapping ψ are dijections.Any F2The multiplication of [x]/(f) can
It reflectsOn.As shown in (5), method of the invention is by F2The montgomery multiplication of [x]/(f) is divided into three parts, i.e.,
AB γ=S1+S2+S3, therefore:
Then the present invention analyzes the mapping of each section in above-mentioned expression formula.By lemma 1 and property 1 and 2, the present invention has
ψ((A1B1)2R(1+x-1))=ψ (A1B1)2R·(1+x),
ψ((A2B2)2R (1+x))=ψ (A1B1)2R·(1+x-1).(19)
Again by lemma 1 and property 3, it is easy to get
ψ((AiBi)2R)=ψ ((AiBi)2)·ψ(R)·x-m=ψ2(AiBi)2·ψ(R)·x-2m, i=1,2,
ψ((CD)2R)=ψ ((CD)2)·ψ(R)·x-m=ψ2(CD)2·ψ(R)·x-2m.(20)
It has also been found that ψ (AiBi)=ψ (Ai)ψ(Bi)x-m(to i=1,2), ψ (CD)=ψ (C) ψ (D) x-mIn addition, Ai,
Bi, the number of C, D is at most(if m is even number, for), that is to say, that these expression formulas at most by(or)
A non-zero entry composition.Therefore, ψ (Ai),ψ(Bi), ψ (C), ψ (D) may be considered by moving to leftCertain ratio
What spy obtained.For example, if m is odd number,If m is even number,Therefore, the present invention has
If m is odd number, expression above is substituted into (19), (20), equation (18) can be written as:
Particularly,So deg (A2B2X)=m-1. is easily verified thatWith
Number be all m-1. due to R=xm-k+xm-k-1+ 1, so ψ (R)=xk+xk+1+xm, x is multiplied by both sides simultaneously-1, obtain
WhereinIt isIt is reciprocal.
If m is even number, the conversion of ψ (AB γ) is just slightly different,
Present invention contemplates that (xk-1+xk+xm-1)x-2m+2=(xk-m+xk-m+1+1)x-m+1=R (x-1)·x-(m-1)=R ' (x),
This in the prior art proposeOptimal GPB parameters be identical.It enables
If m is odd number,
Or
If m is even number
SoBe segmented intoIdentical 3 parts, and corresponding Montgomery square fortune
Calculate withIt is related with R '.By lemma 2, present invention understands that f (x) about GPB (Montgomery) squares of R withAbout R's '
It is identical.Therefore, S ' is calculated1,S′2,S′3Circuit and S1,S2,S3Circuit it is identical.In addition, according toDefinition,It may be constructedThat is A, B's is inverse.
In addition, if the present invention is not split montgomery multiplication AB γ, and according to lemma 2 in the prior art
Method of proof, then the Montgomery parameter for being readily available f (x) is γ '=γ (x-1)·x-(m-1)In short, only needing simply
Reverse input coefficient simultaneously read output factor in reverse order, f (x) based on square Montgomery Multiplications circuit
WithMultiplier it is identical.
4. comparing and discussing
Since irreducible trinomial has good performance, irreducible five formulas are often in the domain that irreducible trinomial is not present
On be used as substitute multinomial, and often consider be five formulas special shape.Such five formulas include I types, II types,
C.1 type, C.2 type.
In table 5, the present invention is according to room and time complexity to several different types of bits of irreducible five formulas
Parallel multiplier compares.This invention particularly focuses on five formulas of above-mentioned proposed several specific types.In addition to specific
Description outside, all these multipliers are all indicated using polynomial basis.Other than extremely individual, method of the invention and I types and
The multiplier of five formulas of II types is equally fast, but can save general 1/4 logic gate.With the C.1 and C.2 GPB before type
Multiplier is compared, and method of the invention is slower 2T than best resultX(for certain domains, it is only necessary to 1TXTime delay).In addition, this hair
Bright method matches with original PCHS multipliers on Time & Space Complexity.
The foregoing is only a preferred embodiment of the present invention, protection scope of the present invention is without being limited thereto, it is any ripe
Those skilled in the art are known in the technical scope of present disclosure, the letter for the technical solution that can be become apparent to
Altered or equivalence replacement are each fallen in protection scope of the present invention.
5. annex
Square formula of 5.1 five formulas of irreducible C.1 type
1.m is odd number, and k is even number, 1<k<(m-1)/2:
2.m is odd number, and k is even number, k=(m-1)/2:
3.m is odd number, and k is odd number, 1<k<(m-1)/2:
4.m is odd number, and k is odd number, k=(m-1)/2:
5.m is even number, and k is odd number, 1<k<m/2:
6.m is even number, and k is odd number, k=m/2:
7.m is even number, and k is even number, 1<k<m/2:
8.m is even number, and k is even number, k=m/2:
5.2 S1And S2Coefficient formula
1.m odd k be even number, 1<k<(m-1)/2:
2.m is odd number, and k is even number, k=(m-1)/2:
3.m is odd number, and k is odd number, 1<k<(m-1)/2
4.m is odd number, and k is odd number, k=(m-1)/2:
5.m even k be odd number, 1<k<m/2:
6.m even k are odd number, k=m/2:
7.m even k be even number, 1<k<m/2:
8.m even k are even number, k=m/2:
Claims (3)
1. a kind of efficient Montgomery Multiplications building method based on special five formulas, it is characterised in that:After extension
PCHS divides and rules irreducible five formula of the algorithm fusion based on C.1 type, i.e. f (x)=xm+xm-1+xk+ x+1) square operation, in turn
Reduce the space complexity of multiplier, and ensure that time complexity is still within a lower level, detail include with
Lower step:
According to x number of undefined term of input A (x) and B (x), the input multinomial A (x) and B (x) for dividing multiplier are A1,A2,
B1,B2Part;Calculate separately polynomial multiplication A1B1,A2B2, CD=(A1+A2)(B1+B2);Parallel computation S1=(A1B1)2R(1+x-1) modf (x), S2=(A2B2)2R (1+x) modf (x) and S3=(CD)2R mod f(x);S1,S2,S3Addition obtains finally
As a result.
2. the efficient Montgomery Multiplications building method according to claim 1 based on special five formulas, feature exist
In:Have the general multipliers of m/2 number of three calculating;Three about f (x)=xm+xm-1+xkThe squarer of+x+1;One fixed number
The NOR gate circuit of amount calculates S1+S2+S3。
3. the efficient Montgomery Multiplications building method according to claim 1 based on special five formulas, feature exist
In:According to the lemma of reciprocal polynomial and related inference, designed multiplier circuit can be directly used in calculating based on it is reciprocal C.1
Five formula f (x)=x of typem+xm-1+xm-kFinite field multiplier defined in+x+1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810601428.XA CN108804075A (en) | 2018-06-12 | 2018-06-12 | A kind of efficient Montgomery Multiplications building method based on special five formulas |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810601428.XA CN108804075A (en) | 2018-06-12 | 2018-06-12 | A kind of efficient Montgomery Multiplications building method based on special five formulas |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108804075A true CN108804075A (en) | 2018-11-13 |
Family
ID=64085290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810601428.XA Pending CN108804075A (en) | 2018-06-12 | 2018-06-12 | A kind of efficient Montgomery Multiplications building method based on special five formulas |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108804075A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023226173A1 (en) * | 2022-05-24 | 2023-11-30 | 上海阵方科技有限公司 | Modular multiplication operation method based on number-theoretic transform prime |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200710715A (en) * | 2006-11-24 | 2007-03-16 | Univ Lunghwa Sci & Technology | Finite field GF(2m) specific bit-parallel systolic array type Montgomery multiplier |
-
2018
- 2018-06-12 CN CN201810601428.XA patent/CN108804075A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200710715A (en) * | 2006-11-24 | 2007-03-16 | Univ Lunghwa Sci & Technology | Finite field GF(2m) specific bit-parallel systolic array type Montgomery multiplier |
Non-Patent Citations (1)
| Title |
|---|
| YIN LI等: "Efficient Square-Based Montgomery Multiplier for All Type C.1 Pentanomials", 《IEEE》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023226173A1 (en) * | 2022-05-24 | 2023-11-30 | 上海阵方科技有限公司 | Modular multiplication operation method based on number-theoretic transform prime |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Silverman | The arithmetic of dynamical systems | |
| Huh | The maximum likelihood degree of a very affine variety | |
| Lakshmikantham et al. | Theory of difference equations numerical methods and applications | |
| Bartoli et al. | Exceptional scattered polynomials | |
| Kepley et al. | Quantum circuits for F _ 2^ n F 2 n-multiplication with subquadratic gate count | |
| Bartoli et al. | On the classification of exceptional scattered polynomials | |
| Hoefkens et al. | Computing validated solutions of implicit differential equations | |
| Chen et al. | Note on scalar multiplication using division polynomials | |
| CN108804075A (en) | A kind of efficient Montgomery Multiplications building method based on special five formulas | |
| Kacwin et al. | On the orthogonality of the Chebyshev–Frolov lattice and applications | |
| Bittmann | Quantum Grothendieck rings as quantum cluster algebras | |
| Wright | The Jacobian Conjecture: ideal membership questions and | |
| Bartoli et al. | Towards the full classification of exceptional scattered polynomials | |
| Küstner et al. | Lattice paths and negatively indexed weight-dependent binomial coefficients | |
| Nazarov et al. | Macdonald operators at infinity | |
| Nagayama et al. | Complexities of graph-based representations for elementary functions | |
| Lewis et al. | An algorithmic approach to the polydegree conjecture for plane polynomial automorphisms | |
| Wang et al. | Contractivity and exponential stability of solutions to nonlinear neutral functional differential equations in Banach spaces | |
| Allamigeon et al. | Certification of inequalities involving transcendental functions: combining SDP and max-plus approximation | |
| Lu et al. | Monomial ideals with regular quotients and some edge rings | |
| Cho | Asymptotic Semicircular Law Induced by p-Adic Number Fields Q p Over Primes | |
| Li et al. | Efficient square-based montgomery multiplier for all type C. 1 pentanomials | |
| Lee et al. | Design of a digit-serial multiplier over GF (2 m) using a karatsuba algorithm | |
| Arenas-Carmona et al. | An almost mixing of all orders property of algebraic dynamical systems | |
| de Amo et al. | A family of singular functions and its relation to harmonic fractal analysis and fuzzy logic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Li Yin Inventor after: Zhang Yu Inventor after: Ma Xingpo Inventor after: Chen Qing Inventor after: Qi Chuanda Inventor before: Li Yin Inventor before: Ma Xingpo Inventor before: Chen Qing Inventor before: Zhang Yu Inventor before: Qi Chuanda |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181113 |