TWI330333B - - Google Patents

Description

1330333 IX. Description of the invention: [Technical field to which the invention belongs]

^Special species of the GF (2m) of the former line of the Ming Dynasty is a parallel convolution of the heart. The multiplication of the squad, especially the kind of innovation of the multiplier speed of the Wei Lai and the scale road complex. ^ GF(2) [Prior Art] Multiplier Related Issues Regarding the prior art, China has unveiled the patented technology in the Republic of China Patent Gazette, which can be enumerated as follows:

^ (10) singular lion (four) "limited field G Ming cell array power and circuit" invention special 2, bulletin number 440789 "multiplier" invention patent case. 3^ 告, No. (6) No. (10) Yuan semi-parallel processing type Groovy field multiplier invention patent case. 』 4, Announcement No. 360845 "Array Multiplier Architecture and Method" invention patent case. 5. Announcement No. 405086 "Fast Regular Multiplier Architecture" invention patent case. ', the description of the finite field GF (2m) is as follows: >, in the finite field GF (2m) 'effective algebra operation (including addition, multiplication, division, and index operations) extensive job should correct the error Code and material technology, decoding of Binary BCH Code, encoding and decoding of RS code (Reed_s〇1〇_c〇de) and encryption of digital information in secure communication (S-e Communication) Decryption (Encrypti〇n and Decryption), etc. 'But nevertheless, the multiplication of GF(2m) and the operation of negating elements are still quite complicated. Therefore, for multiplication in GF(2m), scholars have proposed fast algorithms and fast circuits. 'Examples such as Itoh-Tsuju, Sunar-Koc, Hasan, etc.; and these multiplier architectures are based on special polynomials, including all-one polynomial (AOP) 'isometric polynomial (ESp) and trinomial polynomial, in addition, scholars Guo and Wang And developed a two-stage multiplier, which is composed of a general multiplication unit and a descending-human processing unit. In the Finite Field (FiniteFieid) (5F (2m) including 2m elements, where m is a positive integer, which can be represented as three main types of substrates, including: Normal Basis (NB), Double Substrate (Dua) Basis, DB) and Polynomial Basis 'PB; where the polynomial base (PB) representation is used, the field element fire X) eGF(r) is transmitted through the w vector (n2,..., a. ) For the set κ '丨, •······2, χ51} is expressed as: 5 1330333

A(x) = am_txm '+** + a2x2 + a}x + aQ f where " is qing",) generates S(generat〇r) and is in the basic domain (9) egr〇und in two causes: ' The field element of which is the linear combination of the unique (-e) polynomial; H Γ丨Ϊ is known to represent this transformation, and the polynomial addition and modulus are performed) polynomial method, which means presence (field) The gradation of the elements is ml or less. ^者' In the ultra-large-scale integrated circuit technology (VLSI), array == route, three _ series:, _ suspect (SystGii〇, , ^ early ==) and official (Pipeline); array of the processor The advantage is that the basic cell (the face of the existing shrink multiplier most (LeaStSignifiC-b^-t) i, a 7C product; although these shrink multipliers are suitable for error correction code, but the password is correct In terms of application, it has a very complicated circuit and a long calculation delay. The waiting time of the multiplier to be added requires a pulse delay, and the scholar g(10) is a method of g. The low complex multiplication described above is based on the material technology*, but its circuit structure traces. The shrinkage road will produce a very long turn. _ m very money Galois field (GF) or finite field (FiniteField) Γ ι The public t-fff code system is important, especially the two public recording passwords. The elliptical algorithm is called "to the polynomial base column", :, use some widely-distributed polynomials, such as one A plurality of two P〇lyn_ls 'AQP-like trinoms (TrinGmials) have a miscellaneous In the VLS^ design process, distributed in finite field (contact 6 & (four) systolic columnar, the arithmetic operation is basically dependent on the _ circuit to quickly perform calculations, their common properties support structure The characteristics of the 'such as: - sex, input / output balance, simple and have & then, design, * most of the heart contraction _ silk ruler and the algorithm is classified as ^ first Input (LSB-F_car column and highest symbol bit first into m ^ ^ some multipliers are relays_cafe such as % itemi=^);; 6 1330333 results and not completely paste the original parallelization; therefore, they are The whole line is wasted in need of a large area and latency (Latency). Recently, another scholar Li (4) used the inner product of definitions such as full- (M-〇ne) and equidistant (EqUally_Spaced) polynomial to achieve efficiency. The heart of the collection, the array of silk method H 'which has a low extension of the low complex of the pro; but unfortunately, can not be simple full polynomial and non-simple congruent space polynomial non-f rare. For example: such as WS100, for one The value of the class w of the polynomial is not simple and only 2 '4, Sichuan, d, 28, 36, 52, 58, 60, 66, 82 and 1 〇〇. The traditional Montgomery multiplication distributed in GF (2",) is as follows: In 1985, Montgomery multiplication, to achieve efficient integer modulus Silk method; in 1998, scholars Koc and Acar used the Montgomery technique distributed in the finite field multiplication of the Qing dynasty to prove that the modulus multiplication was defined by the male 5(8)/r modPW, which produced the field of (4) 2 „,) Ask the post or the domain) and S (W〇; r1 (x) eGF (n 'especially, Shanghai (nine) represents the elemental order) multiplication anti-7L. Another scholar Wu (Wu) for the GF (2 ",) bit-parallel multiplication, is generated by ρ(χ) = /, + 乂 + i trinomial-based field (Field, domain) ), and by selecting you) =? condition, then # is distributed over GF(2",) low complexity Montgomery multiplier; and because ρ(χ) and (4) are relative prime X, and two polynomials And knowledge) exists in the cut and the characteristics of the towel; therefore, the multiplication of J(x) and 5(x) in Montgomery can be defined as follows: Step 1. Γ(χ) = 4(χ)β(χ) Step 2 · t/(x) = TXx)/^)mod 7?(χ) Step 3, (Γ(χ) = (Γ〇) + (/(λ:)Ρ(λ:))/7?(χ) _}ρ(χ) As mentioned earlier, Montgomery multiplication is a complex arithmetic operation involving three steps: traditional multiplication modulus multiplication and division. Another scholar, Bajard et al., suggests distributing Montgomery multipliers, however, those multipliers are Irregularly designed and not suitable for systolic array architecture. Therefore, how to provide a lower hardware complexity, lower latency, and suitability for VLSI systems than other cardiac contraction array multipliers Regular phase The multiplier of the interconnected structure and the modular architecture is the main subject to be solved by the inventors. SUMMARY OF THE INVENTION The object of the present invention is to propose a special kind of low complexity distributed in a finite field GF (2m). The bit parallel parallel cardiac contraction array Montgomery multiplier, which is applied in the yLSI design, is distributed in the finite field GF (2m) cardiac contraction array structure arithmetic operation, is dependent on the rule circuit, the second implementation 7 1330333 • fast calculation, Its common nature provides structural features such as consistency, input/output balance, simple and regular design; while the invention is mainly composed of Irredudble All One Polynomials and Irregular Trinomial (irredudble steals) (10) conversion method, the comeback is distributed in the ίλΡ (2Π1) bit parallel heart contraction ^ array Montgomery multiplier. Therefore 'for the above purpose', the multiplier of the invention is composed of all polynomials (eight _〇• Polynomial, A0P) and the finite field generated by Trinomial to reduce the complexity of the field multiplier. Bottom: (1) The expression polynomial form of the all-one polynomial/>(1) = ?"+production|+.._ + especially + 1 is called the all-one polynomial (八丨1〇1^ _ Polynomial, AOP) 'It is irreducible, if and ifiy if w + 1 疋i and 2 w +1 is the primitive m〇dui〇. (ii) The expression of the trinomial is a polynomial of degree W/>(x), if it is said to be almost a primitive (aim〇st primitive) or almost irreducible (almost irreducible) then /> 〇) * P and P(JC) has a primitive factor or an inducible factor of r, where 〇sw — and we call it exponent r and increment (increase) ) w - r. For example, the trinomial; c16 + ? + j is almost primitive (almostprimitive) has an exponent of 13 and is incremented by 3 because: xI6+x3 + 1=(x3+a;2+1)//)(jc) where Ζ )(λ:) = χ +x + λ:11+χ9 + χ6 + χ5+χ4+χ2+1 is the calculation of the primitive φ, in the ring (r丨ng) Μ(2)/(χΆι) More efficient than in the domain (fleid) GF(2)/j0(4); scholars Brent and Zimmermann argue that trinomials have the following characteristics: - i) form The trinomial form of / + / + 1 is an almost primitive polynomials, and there is GCD(w, ") = l. 2) The trinomial form of the form π + / + ι is an almost primitive polynomial (ahli〇st primitive polynomials), and GCD(w,«) is an odd number. [Embodiment] The present invention proposes a low-complexity systolic array Montgomery multiplier with a finite field GF (2m), which provides two types in a finite field GF (2m), including: : All-One Polynomial (AOP) base multiplier (as shown in Figure 8 1330333 and Figure 2); t See the first figure, which is a full polynomial (An_〇nep〇 Lynomia丨, AOp) Circuit architecture diagram of the base multiplier 'In the first figure, the circuit is a full polynomial base multiplier to implement a low complexity multiplier with binomial reduction, which comprises a U cell circuit as shown in the second figure Architecture 2丨, consisting of a 2-input and gate 22 (AND gate), a 2-input mutex or gate 23 (XOR gate) and three 1-bit latches 24'25 and 26 gamma <:11) The composition, because it can calculate ^4〇)5 (do-/^〇(1〇:", +1), therefore, the first picture can also be called the all-one polynomial base (Aii-〇ne p〇iynom丨ai_Based) Montgomery multiplier; the multiplier is distributed in (7), and the (χ + 1)ρ+1 condition is established, using the all-one polynomial...+ χ + 1 reduction process is Using the binomial x'" + i; therefore, the present invention will use the binomial jcm +1 reduction for the AOP-based multiplier distributed over it.顼彳1 Implement a low complexity multiplier. In the finite field (Galois field) GF (2", -1), the element is distributed in (4) 2), whose element expression is male) = α„, + , apply x , " +1 polynomial multiplication module proves the following theorem. Theorem 1: Assume that the distribution is in GF (rV two elements are ♦)~〆-, + ···cutting (four) and = ...+ + 3⁄4, where field (field) is not simplistic by the degree ^ 5 Α{ χ)^ό A polynomial (irreducible All-One Polynomials ' ΑΟΡ) constructed. because? , the product of king β(χ) is: m-\ Α(χ)Β{χ) = ^ /=*0 ΙΜ-1 m-1 <ia> \^i+js:even Σ « 7=0 < i+J-odd X' (1) Proof. Because = 1, the product of j(x) and 5(χ) is calculated as m-1 /77-1 (2) Αχ)Β(χ)=ΣΣα<ί- Λχ' /=0 7=0 where </>> represents a modulo modul and is an integer. In the following two cases, even/and odd numbers are discussed separately; Condition 1: Even ί False 6 and skin number Α: 疋 an even number, whose circumference is j. Selected as 9 1330333 m~\ 1 m-\ i + k : Therefore, to substituting Xt-vA, get I /77-1

/Μ-I Σω<,-7Α = Σ; Next, let the variable moxibustion be an odd number' with a range of k=0 k~evcn i — k — \ /u λ =<->

I m m-\ Σ~, Α+ Έα<'- ./=0 J> where, get +]

—I 2__ w-1 m-\ Σβ<',Α + Έα<'-Λ = Σa b /=0 II /77-1 I k=odd ^^ ) >< ) > • Household 疒H +1 * - Condition 2: Odd, · Foot hypothesis variable A: is an even number, the range is; 7• is selected as / + 1 m-\ • 1 <j<m-\ M 0<j<-; because jit, ==lt;^Azl> full /-1 a _. 2 nj~\ nj-\ Σα<.-Λ + Σ^'-νΑ where &β<,·νΑ+ Σα<, -)Α = Σ', _\卜卜i.; y =0 _/+1 _ I m-\ I 7=0 广ί + 1+j^/j /77-1

/+1 m-\ I have a leaf I

I m-Ι I k=even k=Q <-><--> Let the variable A: be an odd number whose range is o^hw-l, _/ is selected as satisfying / + 1 M-\ , nr i + k /+1 i + \ ^ m~\ j /77-1 Σα<,^Α= Σ" 6 ,+* as indicated above, the final multiplication of 'd and oo oo can be expressed as i=/+lk=\ <1_><^_> A 7 k=odd 10 1330333 m-\ A{x)B{x) = Yj /»0 m-\ /M-1 Σ a^, b X· , /+y.=mw

sodJ g for every -y=h household lunch '1 VV, define a row vector Mumn her r) /+j=even (3) for W'=[冰n W...W ί’

L 〇,Ά,',,...(w_",'J where z_ + y = even (even), (4) if z_ + 7' = 〇dd (odd), then ', /«-1 is in the line Vector W, the sum of all items is equal to fab ” uh B , y=0 Ά <ψ 7=f"Beer# and W, at m XW moment f+j=evcn i+j=ocid 2 2 array 1[% In the middle, it represents the first, and the row vector. The structure of the w matrix is expressed as follows: W: 1 X ... xm-X 'M; 0,0 ^0,1 ^0,(/^-1) Wl,0 · _W(m-", 0 w("卜丨),0 ... vt^ (5) In the formula, »this record, the number of points is counted), then the multiplication of the simple, is regular And simple, and by the full benefit of the method; to make m a positive integer, and let ^ (0 -q + i(jn _ m〇(^ m (6) 1330333 where lSMm-l, 〇L "-l and>. Assume that if the value of "is fixed" and GCO(«,m) = l ', then, ton) is arranged in the complete residual set 〇^1(11^561;)丨0,丨, 2, _', 》?-1}. Observe the matrix evaluation in equation (5), the line/row vector %, hypothesis/fixed to OUw-Ι, then 1) if / + y = even (even) , then << ΐ±ΐ > + < ίζΐ ·. 2 2 2) If, + y = 〇dd (odd), then «[ + j±} > + < Lzlzl .. 2 2

Using equation (6), the above characteristics are obtained as follows: one] »-< ql· π(ι) > ° i — j — \ 7: — »=< q + π(ί) > ο a) If i + _/ = even (even), |jj <π<ί±1>+π<ί 2 b) If / + _/ = odd (odd), then <π< 1 +Χί1 >+ π< 2 c) Right / = 1, Bay 1J < min + >= ζη-1. Therefore, applying the above characteristics, equation (1) can be rewritten as follows: m-]

Α(χ)Β(χ) = Σ (Σ \ l+Jx /=0 7=0 π(<->/Τ(<->) /+j=even ~ where 妒+ Σ 7= 0 <π{<· ^ . /+7 + 1 ^ /-/_] X >7(<-^―>/r(<-^L_L>) / + j-ndd " 7-1 = LW<^n>x<q"{i)> /=0 /nl w ' <tf+/r(t)> =J »» /+j^even 2 ' m-1 y =0 / + js=Q(JJ (7) Σ 'Now, consider Montgomery multiplication' to calculate you)^;^-,.^"^). Β(χ)^ = Β{χ)χ~η mod(^ + 1) = Σύ<^>χ' (8) Clearly, β〇〇<-") is cyclically shifted by SCc), ie, in element β (^ by generation <> + «&gt Enter the subscript of \; therefore, fire; cW^fmodO^+l) can be obtained based on equation (7), such as 12 1330333 A(x)B(x)x~"m〇cj(x»> + = A(x)B(x)^n) m-1 m~\ =Σ ( Σ « b ^ yab (9) 1+ J =0</</ Calculated by two-element shift arrangement (7)x-nmod( Xm+l), the embodiment of which can refer to the first #-type binomia base multiplier described in Example 2, and has a finite field generated by the GCD)=1 condition to realize a low complexity multiplier .

About the non-simple trinomial x", + χ» +] form with GCO(w,w)=丨位元·parallel systolic array Montgomery multiplier, scholar Brent and Zimmerman (Brent fine Immermann) 〇jt4 ^(almost primitive trinomials) xm +^ + 1 ^ ^ f 'Meet the condition of GC£»(m,") = i, and most of them are not simple and satisfy the ^^(3)(9)=i bar ^ ' =, the present invention uses the trinomial formula) =?, ", +1 form and (10) (call = 1, to reduce, over-private', and can obtain low complexity bits, parallel cans, and derivatives Montgomery multiplier. :Male)=~-丨x '+· · m % and off)=6",—〆,-丨+...+&+ is distributed over GF(n^4, where field (domain) From the incomprehensible trinomial (irredu knock tri_ial) pw and with GC£>(w, ") = 1 construct. Suppose the product 叩)

+ xn+l + V + r0 is a / (8) and 5 (χ) one ~, one production 2 + . General multiplication, 'which

^m-\ " a0^m~\ + a\^m~2 ^----+ am 々Q tm = a^m-\ + a2^m~2 + '' * + 〇A hm~2 ~ am-\^m~\ Consider the intermediate multiplication decomposition as follows: 0 T (x) = 7J (x) + T2 + (jc)jcm+, i 13 (10) 1330333 where GW = 'w+"HXm 丨+. _ · +丨I + (,

Ti(x) = t2m.2xm n 2 + · ·· + tni+ll+ix + tm+ll Give the intermediate product you) 5(7)=+ 7Ά)Λ” + K, both Koc and Acar use the all-one polynomial The reduction process, using the binomial xm+l ·, is performed on the Montgomery multiplication d(x)5(x)x-" m〇d(x", + 丨), and the equation (11) is as follows: x)B(x)x~nm〇d(xm +1) = T' ^ + Τ^χ~ _+ 忑(2)(χ +" = Τ2{χ) + Τ^χ)χη,+T,{x )xm-n (11)

= T2(x) + T,(x) + Tt(x)xm-n So 'if the trinomial x", +x"+l is calculated in Montgomery multiplication, it can be expressed as follows: ♦) from K ” ηκκ1 (χ"Ά D = unique touch two + ±^±i) =T2 (χ) + r3 (χ)χιη + Tx {x)xm~n + Τχ (x) (12) =(7; (x) + T,(x) + η (x)xm-/l) + (Τ, (χ) + τ3(χ)χη) = K(x) + G(x) where (13) (14) Κ(χ) = Τ2 (χ) + Τ3(χ) + 7; (x)xm = /J(x)5(jcKnmod(xn,+l) G(x) = 7j(x) + Τ3(χ)χη From Λ: (7) and G〇) relationship '(?(χ) Each relationship is included in the polynomial /:(χ); in other words, the polynomial G(x) can be from the ruler (χ) = water x) S(x)x_”mod The (xm+l) calculation is chosen; therefore, from equation (13): fire 〇〇 = γ4(χ)5(; φ:_η mod(xm +1) and equation (9). A(x)B(x )x~" mod(xm +1) m-\=y ( Σ a /-76 ... ώ ;=〇小了>< returned to /+j-evcn /77-1Σ- b y-〇 1+ household tj~\ 1330333 κ(χ)=Σ (Σ α t'~Jb π(<--> ' ml /-0 7*0 i+j^ev&i w-1 o,+ small Force >, >><η+π{<)> (15) Acupuncture. (=0

X Therefore, the polynomial ruler 0) is obtained, as in equation (16): (16) you) = < + pain eve + · + + ... + I·, 〆 ". , -1), the same as G(x), available formula (17): you) = pain > + g<f_(1)〆...(1 7)

Moreover, if '0 to -2', then each relation term of G(X) is ~+π(ω>, which can be calculated by λ<</+rush+η>; in short, it is established by trinomials. The bit-parallel systolic array of Montgomery multipliers is implemented as follows: Step 1. Because of the function in equation (11) Λ: (χ) by ruler 0) = (AW + GO) + ” = X(x)s (x)x_" mod(xm +1) is defined, so 'the first graph can be used to implement the ruler (X) calculation. Step 2. In equations (16) and (17), respectively, from the relationship between the ruler (X) and G(x), the first map can be reconfigured to produce two polynomial rulers (7) and G(x), which are shown in The multiplication unit of the three figures. Step 3. Finally calculate the sum of fire (X) and G(x) and complete the sum step. In other words, this product,

D(1)=male)5〇)χ-η mod(xm + / +1) ^<ι/+π(0)>Χ <"+/了(0)> + d <</ ten

X has - A < g +; r < towel + 0; (/ +; γ (φ mod2, if 0 < i < m - 2 then < 9 + coffee - 丨 >> = so trinomial (trinomials) A bit-parallel systolic array Montgomery multiplier is established, which can be referred to the following description of Embodiment 3. In summary, the present invention has three embodiments, which are described as follows: Example 1: Let (3F(24) ) Two elements, known as male) = $>〆 and =. Assume, = 01 = 15 15 1330333 As indicated above, the Montgomery multiplication of this binomial (as a reduction of the all-one polynomial) can be summarized as follows. ) placed in the position (_ /, 0 relationship term (term), such as the relationship term (y,, ·) indicates that the relationship term (y, /) all coefficients are the coefficients of the diagonal relationship term (term). The term (2, 2) is α IX, the relationship term (1, 1) is 6, and (3, 3) is ringing containing the % coefficient. Similarly, the relationship term (3, 1) is the recognition and relationship term (2). 2) The ringing and relationship term (1, 3) is the inclusion factor (refer to the calculation formula (3)). 2) The all-one polynomial Montgomery multiplication, by umbrella) wind x) x-"m〇d(x The », +1) calculation can be obtained from binomial-based multiplication. Just as the first figure can also provide mod(x", +1) multiplication 'by two vectors (nine) outside... where,) and (6., &|, ·. A |) are transferred into two vectors ("Language~ ",...,'_|>) and (6-.)>,6<_>,~9_^ From the above summary, the circuit in the first figure can calculate the fire m〇d(x", +丨); Therefore, the first map is also called the Montgomery multiplier of the All-〇ne p〇lynomial_Based. Example 3: We will use the <^(2) primitive trin〇mial? + / + 〗 to illustrate this novelty in the (3) (7) bit-parallel systolic array Montgomery multiplier. Let the two elements be as follows ==4χ4 + α3χ3 + α2χ2 + % + and 5(x) = V4 + V3 + V2 + 4 + 6. The field (fldd, also known as the domain) GF(25) is produced by the primitive trin〇miai / + /+1 distributed in milk 2). Montgomery multiplication is represented by the slide rule (x) = male) B(JC)x-2m〇d(x5+1) as follows: aib3 \^3\ a4bi a2b1 a2b4

I 84^4 1I

Sgbi 32^0 33〇b0 a2^2 [^3^4 I a〇b〇I aib2 + 3gb^ 3(3^2 agb〇3-)13〇^<1+/Γ(1)> ^ <1+Λ·(2)>^<1+Λ·(3)>^<1+/γ(4)> Calculation formula (4) 1330333 • From the above multiplication polynomial G(7) based on the equation (17), can be expressed as: G(x) = 〇〇b0 + (α, ό0 + a0bx) x + («3ό4 + α463) χ 2 + aJ) Ax3 = (αφΑ + a4b3)x<U!!W&gt + + aAb, x <Unm> + (α,6〇+ a〇b,)x<Uir{i)> • Obviously, every item in the GW center 丨+Λ(,)> can be found and There is a ruler (χ) 々<ι+τ〇♦Each item 0 where the Montgomery multiplier of the first figure is used to implement the Montgomery multiplication of the trinomial-based (trin〇mial_Based), as shown in the third figure' It comprises a multiplication unit 31 and a summation unit 32; wherein the multiplication unit 31 comprises the V cell 33 of the fourth figure and the Q cell 34 of the fifth figure, as shown in the fourth figure, the V cell circuit architecture 41 consists of a 2_AND AND gate 42 (AND gate), two 2· inputs of mutual exclusion or gate 43, 44 (XOR gate) and four 1-bit latches (Latch) 45, 46, 47 and 48; and as in the fifth Shown in the figure The Q cell circuit architecture 51 consists of a 2-input and gate 52 (ANDgate) a 2-input mutex or gate 53 (X〇Rgate) and four i-bit latches 54, 55, 56 and 57 ( Latch). Therefore, the result of the multiplication unit 31 in the third graph is based on two basic cells (V cell 33 and Q cell 34), producing two polynomial scales (4) and ^(7); and, by the coefficient g<_'> is easy In the first (, '+ι) line is generated; finally, in the third figure, the total unit 兀U is combined by m W cells 35 to perform the sum of the ruler (1) and the mortar; as shown in the sixth figure Each w cell circuit structure 61 includes a 2_input mutual exclusion or gate 62 (x〇R job). A bit of the gate locks 63 (Latch) to complete, + Φ two maps use three cell types (V Cell 33, Q cell 34 and W cell 35) were subjected to Montgomery multiplication by Tnnomial. As described above, the parallel cardiac contraction array Montgomery multiplication II of the present invention requires only m + l delay, and the maximum computational delay is required in each cell - 2 input and gate 52 (ANDgate) and a 2-input mutual exclusion Or gate 53 (x〇Rgate) is delayed. .. 'τ', a special type of finite element GF(2) parallel systolic array Montgomery multiplier, which is a pair of finite field GF (special polynomial m in n, yielding a simple multiplier' To apply to the all-one polynomial (Α0Ρ)Ρ(χ) = χηι_ι+χΐη_2+ +χ + ι reduction process in which the coefficients of all elements are equal to 0 or 丨, the multiplier includes a product unit · eight circuits of the product unit The structure is composed of (m+1)2 identical cells to form a (iv) X (m+1) array, the per-u cell comprising at least three input signal lines and at least three output lines, and Each U-cell consists of a 2-input and gate, a 2-input mutex or idle, and three 1330333 1-bit latches; the circuit characteristics of the multiplier are _ _ two elements B in the finite field GF(2m) Perform a product operation to obtain a representation of the __third element c, its singular A and the - polynomial base (Κ..., αTM-|), the finite field gf 〇 =, B and C are The equation X''' + 1 produces, and α is the indecomposable polynomial ', and the decomposable multiple arguments) = + y represents the y. The g product of the thorn ^ = ^4(χ)β (the product of Λ〇 is fire x) jB(JC) = g /*=0 m~\ OT-| Σ waa: 'calculation · The calculation formula f α 6 + f , , >=〇午令户? With a definition, there is a line to I+J^ndd - 2 ~ Ask the vector) as W, =K, Wi ;,...5MWi)/. Where the brother line vector w = [Μ, 1, 士士ο / ,. . Dingmeni L /, J is not like, + household _ (even), then in the coefficient ^ > and, respectively, by the coefficient w And J> 5 2 < Ding > (v) 丨). ('+丨) The expression is determined. Where the first/row vector w = [~], if...=〇,.eight... ^number) then in the ~ expression, the system \i+J=even (colu imn number a < one > and gas (a) _丨> 'Differently by coefficient> Vu洳^ + 2 □ (factory 1) (the expression of the sum is determined „ where each U cell of the multiplier is the execution (even), then ίΓ, = ί/切, brother y column where i + 7,even aJ+Ul "+«,W><(,+7>/2> is calculated, or ^ , . even is done with ', +fl<( , +7+,)/2>Wi his calculation. k 4 right...=〇dd (odd number), where the all-one polynomial base /^)=χίΒ-, + γ_2 in the reduction 'to get male' 5) X) X-', mody + J) is the first. 1 From a polynomial + (where the finite field GF (2m) of all the elements boast θ:., so that the silk ruler calculates the Yanlong f to (four) ^ ^Decomposition of all-multiple seems to be generated in which all elements of the finite field GF (2m) are special. The two-term polynomial of the knife solution that can provide ♦))) x-"m〇d(m)~ The produced (WA-丨) is transferred into two vectors (α_.α · a , then by two vectors (a., ~... gas-,) and the right-handed β of the finite field GF(2m) <" +_&g t;,—(丨)>, '九帅卜,〇. There are a few 々 々 何 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三1) 'Xi Xiong' 5(χ)χ-” mod(xm + ^+1 Η) 20 1330333 is calculated by the function &(X), where the ruler (7) is the same as you =) 2 ( X) +,3 (X) + 7; (X) where all elements of the finite field GF(2m) are produced by the indecomposable trinomial χ„, + / + i 'and GC'. l 'g卩 function you) Every-relationship is included in the polynomial you; that is, the polynomial G〇) can be calculated from your) = ♦ small "&" mQd (m) calculation. Where all elements of the finite % GF(2m) are calculated by the sum of the 'and GCZ' (W, „) = 1 'by you) and 咏) generated by the indecomposable trinomial γ; the product Z) (x) = J(x)5(x)jT" mod(xm + χη +!) is available for £>(χ) = d.

X <^+/τ(0)>«Ι+π(])> +----hd is there; if 〇仏m_2, then all the transitions of the finite field GF(2m) are not The decomposed trinomial ^+x,, +1 produces '^0^) = 1, that is, the multiplier includes - multiplication unit and - summation unit; , the circuit structure of multiplication single 7G is v cell and Q cell Composition, forming an array of m χ m. The mother-cell contains at least three round-in signal lines and three output signal lines; the V-cell contains - 2_ rounds of people and gates, and two 2_ inputs of mutual exclusion or The gate and the four sputum loose, the meta-stem cells contain a 2-wheel entry and gate, a 2_ input mutual exclusion or gate and four 1-position structures are composed of w cells to form a 1 x claw array; Two %3^ at least two input signal lines and one output signal line; and w<i+/T(〇>S<l+;r(/):>十Λ<1+·?Γ(〇> DT 'ΤΤ ο The maximum delay of the wave delay per pulse period is - and between and - a mutual exclusion or question, where all elements of the finite % GF (2m) are produced by indecomposable, The calculation delay of the multiplier only needs m+1 pulse period, and the evening term hx +1 The present invention has been described with respect to the preferred embodiments of the present invention. The present invention can be modified and modified without departing from the scope of the invention. Should be covered in the scope of definition. > [Simple diagram of the diagram] The first diagram: is the architecture diagram of the A〇P-bit-parallel cardiac contraction array multiplier slice distributed in GF(24) of the present invention. Fig. is a detailed circuit diagram of the U cell of the present invention.

The second figure is a bit-integrated parallel-contracted Montgomery multiplier produced by the x5+x2+l field of the present invention. Figure 4: The detailed v-cell circuit of the third figure. Figure 5: Detailed Q cell circuit in the third figure. Figure 6: Detailed W cell circuit in the third figure.

The spirit and principle of this application in the following patent application scope [main component symbol description] 11 U cell 12 first-order-1 bit gate 13 second-order-1 bit mask 14 third-order-1 bit mask 15 four Step-1 bit pick-up gate 21 U cell circuit architecture 22 2 input and gate 23 2 input mutual exclusion or gate 24 1 bit pick-up gate 25 1 bit gate 26 26-bit pick-up gate 31 multiplication unit 32 total unit 33 V cell 34 Q cell 35 W cell 41 V cell circuit architecture 42 2 input and gate 43 2 input mutual exclusion or gate 44 2 input mutual exclusion or gate 45 1 bit gate 46 46 1 bit gate 47 1 bit gate 48 1 bit 7L pick up 51 Q cell circuit architecture 52 2 input and gate 53 2 input mutual exclusion or between 54 1 bit pick up 55 55 1 bit gate 56 1 bit pick up gate 22 1330333 57 1 bit gate 2 Input Mutual Exclusion or Gate 61 W Cell Circuit Architecture 62 63 1 Bit Gate

twenty three

Claims (1)

1330333 X. The scope of application for patents: multiplication,, =, - division, special face money yuan parallel heart thank _ shape Mengge bow profit =,:, GF (n special polynomial ~, = applied to all-polynomial (AOP )作)=严|+ 系数 的 的 ( 四 四 四 四 四 四 四 四 四 四 四 四 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县 县- 2 inputs and between, - 2 input mutual exclusion or gate and three of which the circuit characteristics of the multiplier are for the finite field GF m , the two element B is subjected to the product operation), so that a c is Thanks a lot of 4, to, A, B and the resulting, and. For the indivisible: === I Γ by 72 ', ~. Indicates the intermediate product of the 7th item and the order). . Shen Hao special fiber, the nuclear field of the item _ Tao Shu turned the bit parallel heart receiving ^ Montgomery (four) its towel lion) / m~\ J (x) 5 (; c) = t / =: 〇 / Calculate ^ m-1 ab + V ab , /:.午午々<ψ> \,+J^n ,+ ί^οώ/ Please refine the energy field GF of the second item (n of the special type of parallel parallel heart, shrink array Montgomery multiplier, where The 〒Άν; % household 疋 has a row vector (column vector) for W, = i + J ^ even i ^ jf = 〇 dd [w.., w 4 ; Tree field GF (2m) (four) special position of the parallel heart transfer column type Montgomery method & ζ · row vector w number), then in the expression of ~, the coefficient ~ and + household _ ( Evenly by the coefficient wu-η. (Ά 表示 确定 24 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 , , , , , , , , , , , , , , , Where the third vector w = [wJ, if (odd), then in the expression, the coefficient α is equal to the gas, respectively by the coefficient ^) (, +1) and you. - ". (di) The expression is determined. The special type of parallel line of the limited field 2 "1) mentioned in the scope of the patent application scope is applied to receive the Montgomery multiplier, wherein each of the multipliers is a sieve line. And trii)' then proceed ~, '=~+α卿丨) The calculation of the eight-shun. The visceral range of the first field of the finite field GF (2m) is parallel to the heart-receiving array of Montgomery multipliers, which is the whole one (9)w~. ..+x+1 can be calculated from the binomial polynomial, +1 reduction, and: 2 &4(χ)β〇)ΛΓ;, mody +1). k piece 8, as claimed in the patent scope The all-polynomial of the finite decomposition of the seven items is generated so that the multiplier si has a 二=2, which can be provided by the non-integral, and can provide water for the two sides (α. ...eight and team ν·.Α丨) transferred into two vectors & , / law, then d + Zheng Jiu + ·, · " nine + coffee to). ''call),, β·-Ι)) and ω Such as Shen paste flap i tearing Mei G Ming duck miscellaneous bit flat ~ heart contraction array Montgomery multiplier, which limited field certificate (7) 仃 decomposable three _ type ~ "+ twin, _ (_ (relative =林...'th learning K"m()d(~"+1) calculation, can be obtained by the function you) = number of gigabits - "mod (x", +1) and you) = dip) + version + gamma Production. Also, "Zhong 1 Bu as claimed patent scope!! 10 items of the limited cardiac contraction array Montgomery multiplier, which makes the finite field (GF (2m) gj bit parallel 25 1330333 relationship 疋 L 3 in the evening (x); that is, the polynomial 夂(4)=firex)5(;c);c-〃m〇d(;cm +!) is calculated. u 匕攸12, as described in the scope of patent application 帛u Field GF (2m) special kind of bit parallel systolic phase Montgomery multiplier, the towel of the limited field ah 2) all elements are produced by the indecomposable trinomial polynomial ?, "+1", and (10) (call = 1, by you) and %^ to complete the sum calculation; the product £)(7)=J(8)5(cafe-"m〇d W +丨) can get D(x) ~ d. <ί/+/Τ (0)> X <(/+π(0)> + d X <y+/T( I )><^+/T(/?/-])>^<ν+ Λ·(/ϊϊ~1 )> Then there are ^/+, τ(,)> = k<c,+,ni)> + 9<?+^,)> mod2 , , V 1 « WJJ&gt 13. A special type of finite field GF (2m) as described in claim 12 of the patent scope _ cardiac contraction array Montgomery multiplier, where all _ 仃 decomposable three of the finite field GF (2m) The polynomial ~ +1 is generated, and) =: de-multiply and - sum unit; the circuit structure including the multiplication single 7L is composed of V cells and Q cells, forming an array of claws and claws. Each cell contains at least Three input signal lines and three output signal lines; , each -V cell contains -2-input and gate, two 2_input mutually exclusive or closed and meta-lock; 1 per-Q cell contains -2 Input and gate, - 2_ input mutual exclusion or gate and four element lock gate. 14. A special tumbling parallel systolic array Montgomery multiplier of the limited field GF (2m) as described in claim 13 of the patent application, wherein the circuit structure of the summation unit is a fine composition to form a 1×m array; Each of the W cells includes at least two rounding signal lines and one output signal line; and the sigma-W cells comprise a 2-input mutual sluice gate and a 1-bit thyristor to complete ^<1+Λ·(/)> ~ ^<l+ir(/)>^<Ι + /τ(/)>®Ί" 15. The limited field GF as described in the scope of the patent application (2m) special type of parallel systolic array Montgomery multiplier, where the maximum wave delay per pulse period requires one gate and one mutex or gate calculation time. And 26 1330333. I6, a special type of parallel systolic array Montgomery multiplier of the limited field GF (2m) as described in claim 14 of the patent application, wherein all elements of the finite field GF (2rn) are not The decomposed binomial polynomial X〃+X"+1 produces that the multiplier's computational delay requires only the pulse period. 17, a finite field GF (2m) special type of parallel parallel systolic array Montgomery 'multiplier, used in all-One Polynomial (AOP) base multiplier, including u cell circuit architecture It consists of a 2_ input AND gate, a 2_ input mutual exclusion or • gate (x〇R gate) and 3 丨_bit locks (丨atch), because it can calculate ♦_K”m 〇d(x'"+1) is also the base of the all-one polynomial (Au_〇nep〇丨卿 mialBasecW^ φ Gomley multiplier; the multiplier is distributed in GF(2), at (χ + 1) />(χ) = χ", +1 condition is established, using the all-one polynomial = + reduction process, is often done using binomial X"' +1; so will be distributed on 丨) A polynomial multiplier (AOP-based multiplier) using a binomial (b-iv+i reduction polynomial to achieve a low complexity multiplier. ' ' 18. A special finite field GF(2m) Category of Parallel Heart Contraction Array Montgomery Multiplication Method 'Using the Montgomery Multiplier to Realize the Trinomial_Base and 丨11〇〇^17 3 (1) Like the Commeli multiplication, it includes a multiplication unit and a summation unit; wherein the multiplication unit contains V cells and Q cells; the result of the multiplication unit is based on two basic cells (v cells and Q cells), producing a two polynomial /: ( =) and G(x); and, by 0, 3, the coefficient g is simple, and is generated in the third + 1) line; the unit is composed of m w cells combined to perform the ruler (χβσ( The sum of 7 (χ); , the calculation of the circuit structure of each W cell; accordingly, the three cell types (V cells, Q cells, and W cells) are used to perform the Montgomery multiplication by Tri_ial. For example, the special type of bit-parallel systolic array material Marley multiplier of the limited field GF (2m) described in claim 18 of the patent scope, the v-cell circuit structure of the towel is composed of -2_ input. AND gate) 'Two 2-input mutexes or gates (X〇R gate) and four 〖bits of latches (Latch). 20. The finite field GF (2m) as described in claim 18 Special type of parallel parallel cardiac contraction array material ageing device, its towel Q cell circuit architecture, by - 2 input and gate (AND gate) - a 2_ input mutual exclusion or gate (x〇Rgate) and four i-bit inquiries (four) post 27 1330333. 2 Bu as claimed in the scope of claim 18 Field GF (2m) special type of parallel parallel cardiac contraction array Montgomery multiplier, where each W cell circuit structure contains a 2-input mutual exclusion gate (XOR gate) and a 1-bit padlock ( Latch). Η—, schema: as the next page 28