TW201404108A - Semi-systolic Gaussian normal basis multiplier - Google Patents
Semi-systolic Gaussian normal basis multiplier Download PDFInfo
- Publication number
- TW201404108A TW201404108A TW101124568A TW101124568A TW201404108A TW 201404108 A TW201404108 A TW 201404108A TW 101124568 A TW101124568 A TW 101124568A TW 101124568 A TW101124568 A TW 101124568A TW 201404108 A TW201404108 A TW 201404108A
- Authority
- TW
- Taiwan
- Prior art keywords
- gaussian
- multiplier
- systolic
- elements
- regular
- Prior art date
Links
Landscapes
- Complex Calculations (AREA)
Abstract
Description
本發明係關於公開金鑰加密系統的乘法技術,特別是指一種半心臟收縮型(semi-systolic)的高斯正規基底乘法器。 The present invention relates to a multiplication technique for a public key encryption system, and more particularly to a semi-systolic Gaussian regular base multiplier.
GF(2m)為公開金鑰加密系統常用的有限場之一,多用於進階加密標準(AES)、橢圓曲線加密法(ECC)、及成對(pairing-based)加密法等,進行二進位制的運算,其中的m代表該有限場GF(2m)所採用的位元數量。當該有限場GF(2m)採用正規基底(normal basis)時,其所屬元素可表示為階次小於m的二進位多項式。此類的有限場GF(2m)對於加法的計算,係為相同階次(weight)之係數的模數2(modulo-2)運算,這可藉由互斥或閘來實現。正規基底(normal basis)適用於平方的運算,其可藉由移位的運算來實現。然而,乘法的運算對於正規基底則較難實現。為解決此問題,本發明採用高斯正規基底(Gaussian normal basis),以期建構較佳的乘法演算法。 GF(2 m ) is one of the limited fields commonly used in public key cryptosystems. It is mostly used in Advanced Encryption Standard (AES), Elliptic Curve Cryptography (ECC), and pairing-based cryptography. The operation of the carry system, where m represents the number of bits used by the finite field GF(2 m ). When the finite field GF(2 m ) adopts a normal basis, the element to which it belongs can be expressed as a binary polynomial of order less than m. The finite field GF(2 m ) of this class is a modulo-2 operation of the coefficients of the same order for the addition, which can be achieved by mutual exclusion or gate. The normal basis applies to the squared operation, which can be implemented by a shift operation. However, multiplication operations are more difficult to implement for regular substrates. To solve this problem, the present invention uses a Gaussian normal basis to construct a better multiplication algorithm.
有鑑於此,在本發明的一方面,一實施例提供一種半 心臟收縮型高斯正規基底乘法器,用以對一元素A與一元素B進行乘積運算,以得到一元素C,其中該等元素A、B及C皆屬於一m位元有限場GF(2m)中之元素,該有限場GF(2m)的正規元素及型式t(type-t)高斯正規基底分別為α及{,,,...,},該元素A可表示為,該元素B可表示為,該元素C可表示為,其中各元素係數ai、bi及ci等於0或1,該乘法器包括:一轉換單元,可將該型式t高斯正規基底{,,,...,}轉換為一多項式基底{γ 0,γ 1,...,γ mt },其中對於1imt,0jm-1,0kt-1而言,,且τ為一預先設定的數;該轉換單元並將該等元素A、B轉換為以該多項式基底{γ 0,γ 1,...,γ mt }為基底的元素A’及B’,該元素A’可表示為,該元素B’可表示為,其中==0且=a j ,=b j ;該轉換單元並將該等元素A’及B’分別重新整理成及,其中對於1im-1及0kt而言,=0且,=0且;一乘積模組,連接至該轉換單元,對於1it及0j t而言,接收該A’i及B’j,並計算等於;以及一逆轉換單元,連接至該乘積 模組並接收該,藉以計算,並將該多項式基底{γ 0,γ 1,...,γ mt }之元素轉換為該型式t高斯正規基底{,,,...,}之元素C。 In view of this, in an aspect of the present invention, an embodiment provides a semi-systolic Gaussian normal matrix multiplier for performing a product operation on an element A and an element B to obtain an element C, wherein the elements a, B and C belong to a m-bit finite field GF (2 m) of elements in the finite field GF (2 m) elements and regular pattern t (type-t) are Gaussian normal substrate and {α , , ,..., }, the element A can be expressed as , the element B can be expressed as , the element C can be expressed as , wherein each element coefficient a i , b i and c i is equal to 0 or 1, the multiplier comprises: a conversion unit, the type t Gaussian regular basis can be { , , ,..., } converted to a polynomial basis { γ 0 , γ 1 ,..., γ mt }, where for 1 i Mt,0 j M-1,0 k For t-1, And τ is a predetermined number; the conversion unit converts the elements A, B into elements A' and B' based on the polynomial base { γ 0 , γ 1 , ..., γ mt } , the element A' can be expressed as , the element B' can be expressed as ,among them = =0 and = a j , = b j ; the conversion unit and reorganize the elements A' and B' into and , for 1 i M-1 and 0 k t, =0 and , =0 and a product module connected to the conversion unit for 1 i t and 0 j t , receive the A' i and B' j and calculate equal And an inverse conversion unit connected to the product module and receiving the By calculation And the element of the polynomial base { γ 0 , γ 1 ,..., γ mt } Converted to this type t Gaussian regular basis { , , ,..., Element C.
該乘積模組包含m2個計算單元,用以針對各該A’i與B’j係數來計算,使得等於。各計算單元包含一及閘、一互斥或閘及二個單位元鎖存器。 The product module includes m 2 calculation units for calculating the A' i and B' j coefficients for each Make equal . Each computing unit includes a gate, a mutex or gate, and two unit cell latches.
該逆轉換單元包含一互斥或閘及一筒移位器。該互斥或閘串接該筒移位器,且該筒移位器接收該,並使該的資料向右移動m或(m+1)個位元。 The inverse conversion unit includes a mutex or a gate and a cylinder shifter. The mutually exclusive or brake is connected to the barrel shifter, and the barrel shifter receives the And make this The data is moved to the right by m or (m+1) bits.
以下將參照隨附之圖式詳細描述及說明本發明之特徵、目的、功能,及其達成所使用的技術手段;但所列舉之實施例僅為輔助說明,以利對本發明有更進一步的認知與瞭解,並不因此限制本發明的範圍及技術手段。而為了說明上的便利,圖式中各裝置組件係以概略的、誇張的、或簡要的方式表示,且各構成要素的尺寸並未完全為其實際尺寸。 The features, objects, and functions of the present invention, as well as the technical means for achieving the same, are described in detail with reference to the accompanying drawings. It is understood that the scope and technical means of the invention are not limited thereby. For the convenience of description, each device component in the drawings is represented in a rough, exaggerated, or brief manner, and the dimensions of the constituent elements are not completely the actual size.
首先假設α及{,,,...,}分別為該有限場GF(2m) 的正規元素及型式t之高斯正規基底,則α GF(2m)且該有限場GF(2m)的元素A可表示為,元素B可表示為,其中各元素係數ai及bi為二進位制的係數,其值為0或1;也就是說,對於i=0,1,2,...,m-1而言,a i ,b i {0,1}。上述的正規基底及其所衍生的元素具有下列的特徵:(1),(2)(A+B)2=A 2+B 2。 First assume that α and { , , ,..., } is the normal element of the finite field GF(2 m ) and the Gaussian regular base of the type t, respectively, α GF(2 m ) and the element A of the finite field GF(2 m ) can be expressed as , element B can be expressed as , wherein each element coefficient a i and b i is a binary coefficient, and its value is 0 or 1; that is, for i=0, 1, 2, ..., m-1, a i , b i {0,1}. The above-mentioned regular substrate and the elements derived therefrom have the following characteristics: (1) , (2) ( A + B ) 2 = A 2 + B 2 .
倘若上述的m及t皆為正整數且(mt+1)為非偶數的質數,又假設γ為有限場GF(2mt)之不可分解的第(mt+1)根,則對於任何有限場GF(2mt+1)之不可分解的第t根,其元素可稱為GF(2)之上的型式(m,t)之高斯週期。藉此,α為GF(2m)中的正規元素,且{,,,...,}為GF(2m)的正規基底。該型式(m,t)之高斯週期所代表的型式t之高斯正規基底具有下列的特徵:(1),(2)τ t =1 mod mt+1,(3)γ mt+1=γ (mt+1)mod(mt+1)=1。 If the above m and t are both positive integers and (mt+1) is a non-even prime number, and γ is the indecomposable (mt+1) root of the finite field GF(2 mt ), then for any finite field The indecomposable t-th root of GF(2 mt+1 ), its elements It can be called the Gaussian period of the pattern (m, t) above GF(2). Thereby, α is a regular element in GF(2 m ), and { , , ,..., } is a regular base of GF(2 m ). The Gaussian regular substrate of the type t represented by the Gaussian period of the pattern (m, t) has the following characteristics: (1) , (2) τ t =1 mod mt+1, (3) γ mt +1 = γ ( mt +1) mod ( mt +1) =1.
當對元素A與元素B進行乘積運算而得到元素C時,該元素C可表示為,亦屬於型式t之高斯正規基底的元素,且各元素係數ci為0或1之二進位制係數。本發明所提出者為半心臟收縮型高斯正規基底乘法器,其運算將包含各元素由型式t之高斯正規基底{,,,...,}
至多項式基底{γ 0,γ 1,...,γ mt }的轉換,其中對於1imt,0jm-1,0kt-1而言,,且τ為一預先設定的正整數;則該等元素A、B將被轉換為以該多項式基底{γ 0,γ 1,...,γ mt }為基底的元素A’、B’,其可分別表示為及,其中==0且=a j ,=b j 。經過如下的計算整理:
藉此,元素A’與B’的乘積C '可計算如下:
根據上述的方程式,本發明實施例之計算的乘積模組方塊圖可如圖1所示,該乘積模組100包含m2個U計算單元110,用以針對各該A’i與B’j係數來計算,使得等於。各U計算單元110的電路圖可如圖2所示,其包含一及(AND)閘111、一互斥 或(XOR)閘112及二個單位元鎖存器(latch)113及114;該及閘111用以執行乘法的運算,該互斥或閘112用以執行加法的運算,該單位元鎖存器113/114用以執行資料串列的延遲一位元。該U計算單元具有三個輸入端ain,bin,cin及三個輸出端aout,bout,cout,經過該U計算單元110的運算後,aout仍維持其輸入值ain,bout為其輸入值bin延遲一位元,cout為ain與bin相乘後,再與cin相加所得的值,再延遲一位元。在如圖2的實施例中,ain由該U計算單元110的左側輸入,而aout由該U計算單元110的右側輸出;bin由該U計算單元110的左上角輸入,而bout由該U計算單元110的右下角輸出;cin由該U計算單元110的上端輸入,而cout由該U計算單元110的下端輸出;如此可方便多個U計算單元110排列成矩陣的型式,以建構的乘積模組100。 According to the above equation, the calculation of the embodiment of the present invention The product module block diagram can be as shown in FIG. 1. The product module 100 includes m 2 U calculation units 110 for calculating the A'i and B'j coefficients. Make equal . The circuit diagram of each U computing unit 110 can be as shown in FIG. 2, and includes an AND gate 111, a mutually exclusive or (XOR) gate 112, and two unit cell latches 113 and 114; The gate 111 is used to perform a multiplication operation, the mutex or gate 112 is used to perform an addition operation, and the unit cell latch 113/114 is configured to perform a delay one bit of the data string. The U calculation unit has three input terminals a in , b in , c in and three output terminals a out , b out , c out . After the operation of the U calculation unit 110, a out still maintains its input value a in b out is delayed by one bit for its input value b in , c out is the value obtained by multiplying a in with b in , and then added with c in , and then delaying one bit. In the embodiment of FIG. 2, a in is input from the left side of the U calculation unit 110, and a out is output from the right side of the U calculation unit 110; b in is input from the upper left corner of the U calculation unit 110, and b out Outputted by the lower right corner of the U calculation unit 110; c in is input by the upper end of the U calculation unit 110, and c out is output by the lower end of the U calculation unit 110; thus, it is convenient to arrange the plurality of U calculation units 110 into a matrix type. To construct Product module 100.
至於的乘積模組100,請參照圖1,該m2個U計算單元110可排列成矩陣的型式,各U計算單元標示成Ux,y,其中x代表其所在的列號,y代表其所在的行號;該等U計算單元110的排列方式為:對角線上設置計算單元Ui,i,並往右設置m-1個U計算單元,因此共有m2個U計算單元110。在如圖1的實施例中,a’im~a’im+m-1分別作為對角線計算單元U0,0~Um-1,m-1的ain輸入,b’jm~b’jm+m-1分別作 為第0列計算單元U0,0~U0,m-1的bin輸入,2m-1個0分別作為第0列計算單元U0,0~U0,m-1及對角線計算單元U0,m-1~Um-1,2m-2的cin輸入。藉由如圖1之該等U計算單元110的矩陣排列,以及相鄰的該等U計算單元110之間的輸入/輸出端的連結,該乘積模組100可計算出的各係數。 As for For the product module 100, please refer to FIG. 1. The m 2 U calculation units 110 can be arranged in a matrix form, and each U calculation unit is labeled as U x, y , where x represents the column number in which it is located, and y represents its location. The row numbers of the U calculation units 110 are arranged by setting the calculation unit U i,i on the diagonal and m-1 U calculation units to the right, thus sharing m 2 U calculation units 110. In the embodiment of Fig. 1, a' im ~ a' im + m-1 is input as a in of the diagonal calculation unit U 0,0 ~U m-1,m-1 , respectively, b' jm ~b ' jm+m-1 is input as b in of the 0th column calculation unit U 0,0 ~U 0,m-1 , respectively, 2m-1 0 as the 0th column calculation unit U 0,0 ~U 0,m -1 and the c in input of the diagonal calculation unit U 0,m-1 ~U m-1,2m-2 . The product module 100 can be calculated by the matrix arrangement of the U calculation units 110 as shown in FIG. 1 and the connection of the input/output terminals between the adjacent U calculation units 110. The coefficients of each.
接著進行前述基底轉換的逆轉換程序,藉由該以計算,並將該多項式基底{γ 0,γ 1,...,γ mt }之元素轉換為該型式t高斯正規基底{,,,...,}之元素C。由上述的方程式可推導出下式
接下來以4位元的有限場GF(2m)及型式3的高斯正規基底為例,說明本發明實施例的操作。在本實施例中,元素A及B可分別表示為及,並選用τ值為3,則A及B可推導如下:
上式中的A’及B’可重新整理如下:
根據上述的方程式,本實施例的乘積模組101之方 塊圖可如圖5所示,該乘積模組包含(42)或16個U計算單元110,用以針對各該A’i與B’j係數來計算,各U計算單元110如圖2所示,在此不再贅述。的各係數被安排在具相對應權重的位置上,其結果整理如表1。 According to the above equation, the embodiment The block diagram of the product module 101 can be as shown in FIG. 5. The product module includes (4 2 ) or 16 U calculation units 110 for calculating the A' i and B' j coefficients. Each U computing unit 110 is shown in FIG. 2 and will not be described again. The coefficients of each are arranged at positions with corresponding weights, and the results are summarized in Table 1.
A’與B’的乘積C '可表示為,如此則可將表1中第γ t 列的各項係數相加,可得到C '的係數,例如為。因此,C的係數則可直接由C '的係數而得到:
唯以上所述者,包含:特徵、步驟、結構、及其它類似的效果,僅為本發明之實施範例,亦可為該領域所屬的技藝人士在依本發明申請專利範圍進行均等變化及修飾,仍將不失本發明之要義所在,亦不脫離本發明之精神和範圍,故都應視為本發明的進一步實施狀況,當不能以之限制本發明的範圍。 The above description includes the features, the steps, the structure, and the like, and is only an embodiment of the present invention, and may be equally modified and modified by those skilled in the art according to the scope of the present invention. The scope of the present invention is not to be construed as limiting the scope of the present invention.
100/101‧‧‧乘積模組 100/101‧‧‧Product Module
110‧‧‧計算單元 110‧‧‧Computation unit
111‧‧‧及閘 111‧‧‧ and gate
112‧‧‧互斥或閘 112‧‧‧ Mutual exclusion or gate
113/114‧‧‧單位元鎖存器 113/114‧‧‧Unit Latches
200‧‧‧互斥或閘 200‧‧‧mutual exclusion or gate
300‧‧‧筒移位器 300‧‧‧Canister shifter
310‧‧‧單位元鎖存器 310‧‧‧Unit Latch
320‧‧‧多工選擇器 320‧‧‧Multiplex selector
圖1為根據本發明實施例之計算的乘積模組的方塊示意圖。 1 is a calculation in accordance with an embodiment of the present invention A block diagram of the product module.
圖2為U計算單元的電路圖。 2 is a circuit diagram of a U calculation unit.
圖3為本發明實施例之半心臟收縮型高斯正規基底乘法器對於C '計算的示意圖。 Embodiment 3 FIG embodiment of the present invention, half of the heart contraction substrate Gaussian normal multiplier for computing a schematic C '.
圖4為上述實施例之筒移位器的電路圖。 Fig. 4 is a circuit diagram of the cartridge shifter of the above embodiment.
圖5為根據本發明實施例之計算的乘積模組的方塊示意圖(m=4,t=3)。 Figure 5 is a calculation in accordance with an embodiment of the present invention A block diagram of the product module (m=4, t=3).
100‧‧‧乘積模組 100‧‧‧Product Module
200‧‧‧互斥或閘 200‧‧‧mutual exclusion or gate
300‧‧‧筒移位器 300‧‧‧Canister shifter
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW101124568A TW201404108A (en) | 2012-07-09 | 2012-07-09 | Semi-systolic Gaussian normal basis multiplier |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW101124568A TW201404108A (en) | 2012-07-09 | 2012-07-09 | Semi-systolic Gaussian normal basis multiplier |
Publications (1)
Publication Number | Publication Date |
---|---|
TW201404108A true TW201404108A (en) | 2014-01-16 |
Family
ID=50345721
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW101124568A TW201404108A (en) | 2012-07-09 | 2012-07-09 | Semi-systolic Gaussian normal basis multiplier |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW201404108A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104252332A (en) * | 2014-08-20 | 2014-12-31 | 哈尔滨工业大学深圳研究生院 | Multiplier and multiplier processing element for ellipse cipher apparatus |
CN113836851A (en) * | 2021-09-23 | 2021-12-24 | 山东华翼微电子技术股份有限公司 | II-type optimal normal base and polynomial base conversion circuit |
-
2012
- 2012-07-09 TW TW101124568A patent/TW201404108A/en unknown
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104252332A (en) * | 2014-08-20 | 2014-12-31 | 哈尔滨工业大学深圳研究生院 | Multiplier and multiplier processing element for ellipse cipher apparatus |
CN104252332B (en) * | 2014-08-20 | 2018-09-18 | 哈尔滨工业大学深圳研究生院 | A kind of multiplier processing unit and multiplier for elliptic curves cryptosystem device |
CN113836851A (en) * | 2021-09-23 | 2021-12-24 | 山东华翼微电子技术股份有限公司 | II-type optimal normal base and polynomial base conversion circuit |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6682041B2 (en) | Processing method of fully homomorphic encryption based on modulo arithmetic | |
Karakoyunlu et al. | Efficient and side-channel-aware implementations of elliptic curve cryptosystems over prime fields | |
JP4180024B2 (en) | Multiplication remainder calculator and information processing apparatus | |
Banerjee | Reversible cryptographic hardware with optimized quantum cost and delay | |
TW201404108A (en) | Semi-systolic Gaussian normal basis multiplier | |
KR100508092B1 (en) | Modular multiplication circuit with low power | |
US8527570B1 (en) | Low cost and high speed architecture of montgomery multiplier | |
JP4170267B2 (en) | Multiplication remainder calculator and information processing apparatus | |
CN111510292B (en) | Method, system, device and storage medium for randomly generating hill high-order key matrix | |
KR100478974B1 (en) | Serial finite-field multiplier | |
CN103023659B (en) | ECC (elliptic curve cryptosystem) encryption hardware device with expandable parameter bit width | |
Lee | Low-Latency Bit-Parallel Systolic Multiplier for Irreducible x m+ x n+ 1 with gcd (m, n)= 1 | |
El-Razouk et al. | New Bit-Level Serial GF (2^ m) Multiplication Using Polynomial Basis | |
CN108008934B (en) | Composite finite field inversion device based on lookup table | |
JP3823107B2 (en) | Basis transformation method and basis transformation device in finite field | |
JP6457911B2 (en) | Scalar multiplier | |
Lu et al. | A programmable VLSI architecture for computing multiplication and polynomial evaluation modulo a positive integer | |
KR100946256B1 (en) | Scalable Dual-Field Montgomery Multiplier On Dual Field Using Multi-Precision Carry Save Adder | |
Liu et al. | Multiprecision multiplication on ARMv8 | |
Monfared et al. | A new multiplicative inverse architecture in normal basis using novel concurrent serial squaring and multiplication | |
Trujillo-Olaya et al. | Hardware architectures for inversion in GF (2 m) using polynomial and gaussian normal basis | |
Realpe-Muñoz et al. | High-Performance Architectures for Finite Field Inversion Over GF (2163) | |
Poomagal et al. | Modular multiplication algorithm in cryptographic processor: A review and future directions | |
KR20030082255A (en) | Finite field multiplier having improved structure of linear feedback shift register | |
Hassan et al. | A Booth-like modulo operator |