WO2023080892A1 - Method and architecture for computing extension field arithmetic in a cryptosystem - Google Patents

Method and architecture for computing extension field arithmetic in a cryptosystem Download PDF

Info

Publication number
WO2023080892A1
WO2023080892A1 PCT/US2021/058053 US2021058053W WO2023080892A1 WO 2023080892 A1 WO2023080892 A1 WO 2023080892A1 US 2021058053 W US2021058053 W US 2021058053W WO 2023080892 A1 WO2023080892 A1 WO 2023080892A1
Authority
WO
WIPO (PCT)
Prior art keywords
field
extension
arithmetic
cryptosystem
computer processing
Prior art date
Application number
PCT/US2021/058053
Other languages
French (fr)
Inventor
Brian KOZIEL
Rami El-Khatib
Original Assignee
Pqsecure Technologies, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pqsecure Technologies, Llc filed Critical Pqsecure Technologies, Llc
Priority to PCT/US2021/058053 priority Critical patent/WO2023080892A1/en
Publication of WO2023080892A1 publication Critical patent/WO2023080892A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Abstract

A computer processing cryptosystem that includes a computational logic unit in a computer processing device operably configured to perform extension field arithmetic and having an extension field operation unit with a plurality of field arithmetic units operably configured to perform prime finite field arithmetic in parallel utilizing numerical inputs received in the extension field operation unit to generate at least one numerical output from the extension field operation unit.

Description

METHOD AND ARCHITECTURE FOR COMPUTING EXTENSION FIELD ARITHMETIC IN A CRYPTOSYSTEM
FIELD OF THE INVENTION
The present invention relates generally to hardware, systems, implementation, and methods directed towards the computation of extension field arithmetic, and, more particularly, relates to performing such arithmetic faster than the state-of-the-art.
BACKGROUND OF THE INVENTION
Finite field arithmetic acts as a cornerstone in many communication and cryptography applications. The performance of such arithmetic can greatly accelerate or inhibit applications, such as sending secure data over a communication channel or performing verification of a digital signature. Here, we primarily deal with prime field arithmetic, where all arithmetic is modulo a prime number.
Depending on the purpose, finite field arithmetic can be extended from a single base field to multiple fields in what is called extension field. In extension field arithmetic, computations become more complex with the introduction of an irreducible polynomial and arithmetic between multiple base fields. When implementing such computations in a cryptosystem implementation or communication application, speed may be of the highest priority.
Therefore, a need exists to overcome design limitations and provide a new faster architecture and method for extension fields.
SUMMARY OF THE INVENTION The invention provides a computer processing cryptosystem that overcomes the hereinafore- mentioned disadvantages of the heretofore-known devices and methods of this general type and that provides a computer architecture configured to process computations for extension fields faster than known systems and methods.
With the foregoing and other objects in view, there is provided, in accordance with the invention, a computer processing cryptosystem having at least one field computational logic unit in a computer processing device operably configured to perform extension field arithmetic and having an extension field operation unit with a plurality of field arithmetic units operably configured to perform prime finite field arithmetic in parallel utilizing numerical inputs received in the extension field operation unit to generate at least one numerical output from the extension field operation unit.
In accordance with another feature, an embodiment of the present invention includes the plurality of field arithmetic units being operably configured to perform at least one of the following prime finite field operations: Field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
In accordance with yet another feature, an embodiment of the present invention also includes the plurality of field arithmetic units being operably configured to perform any combination of the following prime finite field operations: Field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
In accordance with a further feature of the present invention, the field computational unit is operably coupled to at least one memory unit resident on the computer processing system. In accordance with an exemplary feature of the present invention, the numerical inputs and the at least one numerical output from the extension field operation unit are operably configured for use in an elliptic curve cryptosystem, a pairing-based cryptosystem, or an isogeny-based cryptosystem.
In accordance with another feature of the present invention, the at least one field computational logic unit performs extension field addition by parallelizing at least a plurality of field additions with the plurality of field arithmetic units.
In accordance with a further feature of the present invention, the at least one field computational logic unit performs extension field subtraction by parallelizing at least a plurality of field subtractions with the plurality of field arithmetic units.
In accordance with yet another feature of the present invention, the at least one field computational logic unit performs extension field multiplication by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
In accordance with a further feature of the present invention, the at least one field computational logic unit performs extension field squaring by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
In accordance with another feature of the present invention, the at least one field computational logic unit performs extension field squaring by parallelizing at least a plurality of field multiplications, at least a plurality of field squaring operations, and at least a plurality of field additions. Also in accordance with the present invention, a computer-implemented method for performing extension field arithmetic for use in a cryptosystem is disclosed that includes providing extension field arithmetic numerical inputs to at least one field computational logic unit resident on a computer processing system, receiving the extension field arithmetic numerical inputs at an extension field operation unit and performing extension field arithmetic by parallelizing field arithmetic operations utilizing the extension field arithmetic numerical inputs through use of a plurality of field arithmetic units residing in the extension field operation unit, and generating at least one numerical output as a result of the extension field arithmetic.
In accordance with another feature, an embodiment of the present invention includes performing any combination of the following prime finite field operations with the plurality of field arithmetic units: Field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
In accordance with yet another feature, an embodiment of the present invention also includes providing the extension field arithmetic numerical inputs from at least one memory unit resident on the computer processing system to the at least one field computational logic unit resident on the computer processing system.
In accordance with a further feature, an embodiment of the present invention also includes utilizing the extension field arithmetic numerical inputs and the at least one numerical output in an elliptic curve cryptosystem, a pairing-based cryptosystem, or an isogeny -based cryptosystem. In accordance with another feature, an embodiment of the present invention also includes performing extension field addition by parallelizing at least a plurality of field additions with the plurality of field arithmetic units.
In accordance with a further feature, an embodiment of the present invention also includes performing extension field subtraction by parallelizing at least a plurality of field subtractions with the plurality of field arithmetic units.
In accordance with an additional feature, an embodiment of the present invention also includes performing extension field multiplication by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
In accordance with another feature, an embodiment of the present invention also includes performing extension field squaring by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
The term “efficient” is defined, with respect to the implementation of extension field arithmetic in a computer system, as one that performs operations in fewer stages such as through better scheduling or parallelization than the state-of-the-art. The invention provides a hardware, system, implementation, and method for efficiently implementing extension field arithmetic.
Other features that are considered as characteristic for the invention are set forth in the appended claims. As required, detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one of ordinary skill in the art to variously employ the present invention in virtually any appropriately detailed structure. Further, the terms and phrases used herein are not intended to be limiting; but rather, to provide an understandable description of the invention. While the specification concludes with claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures, in which like reference numerals are carried forward. The figures of the drawings are not drawn to scale.
Before the present invention is disclosed and described, it is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting. The terms “a” or “an,” as used herein, are defined as one or more than one. The term “plurality,” as used herein, is defined as two or more than two. The term “another,” as used herein, is defined as at least a second or more. The terms “including” and/or “having,” as used herein, are defined as comprising (i.e., open language). The term “coupled,” as used herein, is defined as connected, although not necessarily directly, and not necessarily mechanically. The term “providing” is defined herein in its broadest sense, e.g., bringing/coming into physical existence, making available, and/or supplying to someone or something, in whole or in multiple parts at once or over a period of time. Also, for purposes of description herein, the terms “upper”, “lower”, “left,” “rear,” “right,” “front,” “vertical,” “horizontal,” and derivatives thereof relate to the invention as oriented in the figures and is not to be construed as limiting any feature to be a particular orientation, as said orientation may be changed based on the user’s perspective of the device. Furthermore, there is no intention to be bound by any expressed or implied theory presented in the preceding technical field, background, brief summary or the following detailed description.
As used herein, the terms “about” or “approximately” apply to all numeric values, whether or not explicitly indicated. These terms generally refer to a range of numbers that one of skill in the art would consider equivalent to the recited values (i.e., having the same function or result). In many instances these terms may include numbers that are rounded to the nearest significant figure. In this document, the term “longitudinal” should be understood to mean in a direction corresponding to an elongated direction of any processing chip. The terms “program,” “software application,” and the like as used herein, are defined as a sequence of instructions designed for execution on a computer system. A “program,” “computer program,” or “software application” may include a subroutine, a function, a procedure, an object method, an object implementation, an executable application, an applet, a servlet, a source code, an object code, a shared library/dynamic load library and/or other sequence of instructions designed for execution on a computer system.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views and which together with the detailed description below are incorporated in and form part of the specification, serve to further illustrate various embodiments and explain various principles and advantages all in accordance with the present invention. FIG. 1 is a schematic diagram depicting the primary embodiment of this invention where a computer processing system uses a field computational unit consisting of multiple arithmetic units to efficiently perform extension field operations.
FIG. 2 is an additional schematic diagram depicting this invention where one or more memory units are used to hold inputs and outputs of a field extension operation.
FIG. 3 is a schematic diagram depicting an embodiment of this invention where a field computational unit contains two separate memory units and adder circuits to perform a quadratic extension field addition by parallelizing lower level field additions.
FIG. 4 is a schematic diagram depicting an embodiment of this invention where a field computational unit contains two separate memory unit and subtraction circuits to perform a quadratic extension field subtraction by parallelizing lower level field subtractions.
FIG. 5 is a schematic diagram depicting another embodiment of this invention where a field computational unit contains two field multiplication units and one field addition/sub traction unit to efficiently parallelize field multiplication and addition operations to perform quadratic extension field multiplication.
FIG. 6 is a schematic diagram depicting an embodiment of this invention where two field multiplication and two field addition/sub traction units are utilized in parallel to compute the operations necessary for quadratic extension field squaring. FIG. 7 is a schematic diagram depicting yet another vision of this invention where three field addition/sub traction units and two field multiplication units are utilized in parallel to compute a quadratic extension field squaring.
FIG. 8 is a process flow diagram depicting an exemplary computer-implemented method for performing extension field arithmetic for use in a cryptosystem in accordance with the present invention.
DETAILED DESCRIPTION
While the specification concludes with claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures, in which like reference numerals are carried forward. It is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms.
The present invention provides a novel and efficient hardware, systems, implementation, and methods for efficiently implementing extension field arithmetic by efficiently sequencing and parallelizing base field arithmetic in a computer processing device.
Finite field arithmetic provides a solid foundation for applications such as communication or cryptology. For instance, the use of discrete value in a range allows one to correct errors in a noisy signal or agree on shared secrets over a public channel. In particular, we focus on field arithmetic as is used by cryptosystems. Elliptic curve cryptography, RSA, and Diffie-Hellman are all examples where the protocol is built upon many finite field arithmetic operations that are performed at a lower level.
Extension field arithmetic can be viewed as an extension of finite field arithmetic where there are multiple finite field elements involved. Extension field arithmetic provides the basis for many cryptosystems ranging from elliptic curve cryptography, pairing-based cryptography, and isogeny- based cryptography. Examples of elliptic curve cryptography include, but are not limited to, elliptic curve Diffie-Hellman key exchange (ECDH), elliptic curve digital signature algorithm (ECDSA), Edwards curve digital signature algorithm (EdDSA), and password authenticated key exchange by juggling for elliptic curves (ECJPAKE). Pairing-based cryptography generally focuses on the use of pairings between elements of cryptographic groups to accomplish a cryptographic goal, such as key agreement. Lastly, isogeny-based cryptography refers to the use of isogenies on elliptic curves and their use in cryptography. Examples of isogeny-based schemes include, but are not limited to, the supersingular isogeny Diffie-Hellman (SIDH) key exchange, commutative supersingular isogeny Diffie-Hellman (CSIDH) key exchange, the supersingular isogeny key encapsulation (SIKE) mechanism, and the short quaternion and isogeny signature (SQISign). When extension field provides a basis for these schemes, fast extension field arithmetic is necessary for good performance.
For the following, we consider finite field arithmetic as defined over a large prime p. Thus, in the base field, all arithmetic is computed modulo p. For instance, let us consider elements a, b, and c, all in a finite field Fp where all arithmetic is modulo p. For finite field addition, we can perform c = a + b, where all elements a, b, and c, are in the range [0, p-1]. Thus, if the sum of a and b is greater than p, then the sum c would be reduced by subtracting by p, or c = a + b — p. Multiplication works by a similar principle where we perform c = a X b, however reducing the product of a and b modulo p is much more complicated to perform efficiently. Many other examples of field operations exist including, but not limited to, squaring (c = a2 = a x a), exponentiation (c = ak where k is a scalar), inversion (c = a-1 where a x a-1 = 1), square root ( where ), and
Figure imgf000012_0002
Figure imgf000012_0001
isomorphisms and isogenies (creating mappings between finite fields). Note that field subtraction and field addition are nearly identical as they are both implemented as an addition, but subtraction is addition with an inverted second component, thus we consider the use of a field addition/sub traction unit as a single unit.
Extension field arithmetic then extends the base finite field arithmetic to utilize multiple elements of a base field. For instance, the quadratic extension field is defined over and contains two elements
Figure imgf000012_0003
of a base field defined over p. Consider elements A, B, and C all in a quadratic extension field .
Figure imgf000012_0004
Further let element A = {a0, a1}, B = {b0, b1}, and C = {c0, c1}, where the lowercase value is a value defined over Fp. Subscript 0 then represents the lower field element and subscript 1 represents the higher field element. To account for multiplication and other quadratic extension field arithmetic we utilize the irreducible polynomial i2 + 1, which means that
Figure imgf000012_0005
. This polynomial is not required, but merely used for the many examples provided in this document. Different polynomials may require additional multiplications or additions. Lastly, using this polynomial, we can represent A = ia1 + a0, B = ib1 + b0, and C = i c1 + c0. Now extension field arithmetic can be defined such as addition C = A + B = i (a1 +b1 )+(a0 + b0) or multiplication C = A x B = i(a0b1 + a1b0) + (a0b0 — a1b1)- Note that using these simple formulas that an addition requires 2 Fp additions and
Figure imgf000013_0001
Figure imgf000013_0002
multiplication requires 4 Fp multiplications, 1 Fp addition, and 1 Fp subtraction. For brevity, this example goes to quadratic extension fields ( ), it is simple to extend to an arbitrary exponent. The
Figure imgf000013_0003
number of required low-level computations will grow as well as the size of the irreducible polynomial. Lastly, other examples of field operations exist including, but not limited to, squaring (C = A2 = A x A), exponentiation (C = Ak where k is a scalar), inversion (C = A-1 where A x A-1 = 1), square root (
Figure imgf000013_0004
where ), and isomorphisms and isogenies (creating mappings between
Figure imgf000013_0005
finite fields).
This invention centers on the use of parallelization and clever scheduling to achieve speedups in extension field arithmetic. For instance, with the quadratic extension field addition or multiplication, these computations could be done in several stages. Quadratic extension field addition could be performed by performing both additions ((a1 + b1) and (a0 + b0)) in parallel and storing the results once available. Quadratic extension field multiplication in this example could be performed by computing the 4 partial products (a0b1, a1b0, a0b0, and a1b1) in parallel through the use of four field multiplication units and then adding the results ((a0b1 + a1b0) and (a0b0 — a1b1)) with two field addition units, resulting in a two stage approach. By utilizing more field arithmetic units, the total number of stages necessary to compute the result are reduced. In the above examples, quadratic extension field addition would normally require two stages of field addition, but now requires only one stage of field addition, so long as two field addition units are ready. Likewise, the field multiplication would normally require four stages of field multiplication and two stages of field addition, but with additional field arithmetic units now only requires one stage of field multiplication and one stage of field addition.
The primary embodiment of this invention it to efficiently schedule and parallelize base finite field arithmetic among multiple arithmetic units to achieve extension field arithmetic unit as is shown in FIG. 1. Notably, a field computational unit is a part of a computer processing cryptosystem 100 tasked with performing field operations and extension field operations. When performing an extension field operation on some inputs, the extension field operations are split amongst 2 or more arithmetic units 106a-n resident inside the field computational unit, namely an extension field operation unit 104, to produce results that are sent as outputs 110. Said another way, the one or more field computational logic unit(s) 102 in a computer processing device are operably configured to perform extension field arithmetic and has an extension field operation unit 104 with a plurality of field arithmetic units 106a- n therein, wherein “n” represents any number greater than two. In preferred embodiments, the extension field operation unit 104 has only two field arithmetic units 106a-n.
The plurality of field arithmetic units 106a-n are operably configured to perform prime finite field arithmetic in parallel utilizing numerical inputs 108 received in the extension field operation unit 104 to generate one or more numerical output(s) 110 from the extension field operation unit 104. The numerical inputs 108 may be initial inputs or could be intermediate inputs. The plurality of field arithmetic units 106a-n are also operably configured to perform at least one of or a combination of the following prime finite field operations: Field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies. In one embodiment, the numerical inputs 108 and the at least one numerical output 110 from the extension field operation unit 104 are operably configured for use in an elliptic curve cryptosystem, a pairing-based cryptosystem, or an isogeny-based cryptosystem.
As is shown in FIG. 2, this can easily be extended by adding one or more memory units 200, 202 inside the computer processing system which are designed to load and store intermediate and final results needed by the extension field arithmetic unit. A memory unit could be, but is not limited to, static or dynamic memory, whether it is read from a read-only memory unit, random access memory unit, flip-flops, or internally stored values. Additionally, the results of these extension field operations can be operably used for elliptic curve cryptography, pairing-based cryptography, and isogeny-based cryptography. Said another way, the field computational unit 102 is operably coupled to at least one memory unit 200 resident on the computer processing system 100.
Additional visions of this invention can be seen as specific examples of extension field arithmetic that we illustrate through quadratic extension field arithmetic. The first and simplest is the use of multiple field addition/subtraction units to perform extension field arithmetic. As shown in FIG. 3, quadratic extension field addition can be parallelized by performing the base finite field additions through the use of two separate finite field adders. Similarly, FIG. 4 shows that quadratic extension field subtraction can be parallelized by performing the base finite field subtractions through the use of two separate finite field subtractors. This could be implemented with a single memory unit (such as RAM), but we show two distinct memory units which allows the implementation to write the outputs simultaneously to memory. Such is needed if a RAM only has one write port. This saves the latency of one write operation. It is simple to extend this to arbitrarily large extension field. For instance, a cubic extension field implementation would require three elements over Fp and thus require at least three individual field addition units.
When applying this invention to extension field multiplication, this invention shows that a field computational unit can perform multiple field multiplications in parallel and add their results. As is shown in FIG. 5, quadratic extension field multiplication can be efficiently performed by doing two stages consisting of at least two field multiplications and at least one field addition. One more interpretation could be performing a single stage of at least four field multiplications and at least two field additions. This invention is not limited the simple irreducible polynomials used for example. Larger irreducible polynomials result in more multiplications and additions that can again be performed in parallel. Furthermore, one may employ other series of computations to generate the results. For instance, quadratic extension field multiplication can also be performed by using the relation A X B = i(a0b1 + a1b0) + (a0 +a1 )(b0 — b1) + a0b1 — a1b0 which now only requires the computation of three partial products (a0b1, a1b0, and (a0 +a1 )(b0 — b1)). Rearrangement of terms can be done based on the irreducible polynomial and size of the extension field to allow for more parallelization and a reduction of needed field arithmetic units.
This invention can also be applied to extension field squaring, as is exemplified in FIGS. 6-7. Extension field squaring is a simplified version of extension field multiplication where the operands are the same. Because the same value is used twice, some of the arithmetic can be simplified. As is the case for quadratic extension field, A2 = A x A = i(2a0a1) + (a0 + a1)(a0 — a1), which requires the computation of two field multiplications and three field addition/subtractions. FIG. 6 illustrates an embodiment of this invention for quadratic extension field squaring by dividing the operations into three stages: 1) two field additions; 2) two field multiplications; and 3) one field addition. When done in parallel, the total cost of a quadratic extension field operation is two field additions and one field multiplication. This approach requires at least two field multipliers and at least two field adder/sub tractors. FIG. 7 then shows a faster version that requires at least two field multipliers and at least three field adder/sub tractors. FIG. 7 shows that this squaring operation can be done with three addition/subtractions being performed in the first stage and two field multiplications being performed in the second page. In parallel, the latency will be one field addition and one field multiplication. Another interpretation for squaring could be one stage of three field multipliers and one stage of two field addition/sub traction units to compute .
Figure imgf000017_0001
Said another way and with reference to FIGS. 3-7, the one or more field computational logic unit(s) perform extension field addition by parallelizing at least a plurality of field additions with the plurality of field arithmetic units. Additionally, the one or more field computational logic unit(s) perform extension field subtraction by parallelizing at least a plurality of field subtractions with the plurality of field arithmetic units. Furthermore, the one or more field computational logic unit(s) perform extension field multiplication by parallelizing at least a plurality of field multiplications and at least a plurality of field additions. Additionally, the one or more field computational logic unit(s) perform extension field squaring by parallelizing at least a plurality of field multiplications and at least a plurality of field additions. Additionally, the one or more field computational logic unit(s) perform extension field squaring by parallelizing at least a plurality of field multiplications, at least a plurality of field squaring operations, and at least a plurality of field additions.
With reference now to FIG. 8 in combination with FIGS. 1-7, one exemplary computer-implemented method for performing extension field arithmetic for use in a cryptosystem is depicted. The process may begin at step 800 and immediately proceed to step 802 of providing extension field arithmetic numerical inputs to at least one field computational logic unit resident on a computer processing system. In one embodiment, the process includes providing the extension field arithmetic numerical inputs from at least one memory unit resident on the computer processing system to the at least one field computational logic unit resident on the computer processing system. Additionally, the process includes utilizing the extension field arithmetic numerical inputs and the at least one numerical output in an elliptic curve cryptosystem, a pairing-based cryptosystem, or an isogeny-based cryptosystem.
The process may also include step 804 of receiving the extension field arithmetic numerical inputs at an extension field operation unit and performing extension field arithmetic by parallelizing field arithmetic operations utilizing the extension field arithmetic numerical inputs through use of a plurality of field arithmetic units residing in the extension field operation unit. Next, the process may include performing any combination of the following prime finite field operations with the plurality of field arithmetic units that includes field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
In one embodiment, the process includes performing extension field addition by parallelizing at least a plurality of field additions with the plurality of field arithmetic units, performing extension field subtraction by parallelizing at least a plurality of field subtractions with the plurality of field arithmetic units, performing extension field multiplication by parallelizing at least a plurality of field multiplications and at least a plurality of field additions, performing extension field squaring by parallelizing at least a plurality of field multiplications and at least a plurality of field additions, and performing extension field squaring by parallelizing at least a plurality of field multiplications, at least a plurality of field squaring operations, and at least a plurality of field additions.
Lastly, the process may include the step 806 of generating at least one numerical output as a result of the extension field arithmetic. Thereafter, the process may terminate in step 808. Other steps in the process may be utilized to carry out the present invention, however. Although FIG. 8 shows a specific order of executing the process steps, the order of executing the steps may be changed relative to the order shown in certain embodiments. Also, two or more blocks shown in succession may be executed concurrently or with partial concurrence in some embodiments. Certain steps may also be omitted in FIG. 8 for the sake of brevity. In some embodiments, some or all of the process steps included in FIG. 8 can be combined into a single process.
Various modifications and additions can be made to the exemplary embodiments discussed above without departing from the scope of the present disclosure. For example, while the embodiments described above refer to particular features, the scope of this disclosure also includes embodiments having different combinations of features and embodiments that do not include all of the above described features.

Claims

CLAIMS What is claimed is:
1. A computer processing cryptosystem comprising: at least one field computational logic unit in a computer processing device operably configured to perform extension field arithmetic and having: an extension field operation unit with a plurality of field arithmetic units operably configured to perform prime finite field arithmetic in parallel utilizing numerical inputs received in the extension field operation unit to generate at least one numerical output from the extension field operation unit.
2. The computer processing cryptosystem according to claim 1, further comprising: the plurality of field arithmetic units are operably configured to perform at least one of the following prime finite field operations: field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
3. The computer processing cryptosystem according to claim 1, further comprising: the plurality of field arithmetic units are operably configured to perform any combination of the following prime finite field operations: field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
4. The computer processing cryptosystem according to claim 1, wherein: the field computational unit is operably coupled to at least one memory unit resident on the computer processing system.
5. The computer processing cryptosystem according to claim 1, wherein: the numerical inputs and the at least one numerical output from the extension field operation unit are operably configured for use in an elliptic curve cryptosystem, a pairing-based cryptosystem, or an isogeny-based cryptosystem.
6. The computer processing cryptosystem according to claim 1, wherein: the at least one field computational logic unit performs extension field addition by parallelizing at least a plurality of field additions with the plurality of field arithmetic units.
7. The computer processing cryptosystem according to claim 1, wherein: the at least one field computational logic unit performs extension field subtraction by parallelizing at least a plurality of field subtractions with the plurality of field arithmetic units.
8. The computer processing cryptosystem according to claim 1, wherein: the at least one field computational logic unit performs extension field multiplication by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
9. The computer processing cryptosystem according to claim 1, wherein: the at least one field computational logic unit performs extension field squaring by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
10. The computer processing cryptosystem according to claim 1, wherein: the at least one field computational logic unit performs extension field squaring by parallelizing at least a plurality of field multiplications, at least a plurality of field squaring operations, and at least a plurality of field additions.
11. A computer-implemented method for performing extension field arithmetic for use in a cryptosystem comprising the steps of: providing extension field arithmetic numerical inputs to at least one field computational logic unit resident on a computer processing system; receiving the extension field arithmetic numerical inputs at an extension field operation unit and performing extension field arithmetic by parallelizing field arithmetic operations utilizing the extension field arithmetic numerical inputs through use of a plurality of field arithmetic units residing in the extension field operation unit; and generating at least one numerical output as a result of the extension field arithmetic.
12. The method according to claim 11, further comprising: performing any combination of the following prime finite field operations with the plurality of field arithmetic units: field addition, field subtraction, field multiplication, field squaring, field inversion, field square root, field exponentiation, field isomorphisms, or field isogenies.
13. The method according to claim 11, further comprising: providing the extension field arithmetic numerical inputs from at least one memory unit resident on the computer processing system to the at least one field computational logic unit resident on the computer processing system.
14. The method according to claim 11, further comprising: utilizing the extension field arithmetic numerical inputs and the at least one numerical output in an elliptic curve cryptosystem, a pairing-based cryptosystem, or an isogeny-based cryptosystem.
15. The method according to claim 11, further comprising: performing extension field addition by parallelizing at least a plurality of field additions with the plurality of field arithmetic units.
16. The method according to claim 11, further comprising: performing extension field subtraction by parallelizing at least a plurality of field subtractions with the plurality of field arithmetic units.
17. The method according to claim 11, further comprising: performing extension field multiplication by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
18. The method according to claim 11, further comprising: performing extension field squaring by parallelizing at least a plurality of field multiplications and at least a plurality of field additions.
19. The method according to claim 11, further comprising: performing extension field squaring by parallelizing at least a plurality of field multiplications, at least a plurality of field squaring operations, and at least a plurality of field additions.
PCT/US2021/058053 2021-11-04 2021-11-04 Method and architecture for computing extension field arithmetic in a cryptosystem WO2023080892A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2021/058053 WO2023080892A1 (en) 2021-11-04 2021-11-04 Method and architecture for computing extension field arithmetic in a cryptosystem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2021/058053 WO2023080892A1 (en) 2021-11-04 2021-11-04 Method and architecture for computing extension field arithmetic in a cryptosystem

Publications (1)

Publication Number Publication Date
WO2023080892A1 true WO2023080892A1 (en) 2023-05-11

Family

ID=86241652

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2021/058053 WO2023080892A1 (en) 2021-11-04 2021-11-04 Method and architecture for computing extension field arithmetic in a cryptosystem

Country Status (1)

Country Link
WO (1) WO2023080892A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140229786A1 (en) * 2011-08-26 2014-08-14 Oxford Brookes University Digital error correction
US20170169735A1 (en) * 2010-06-01 2017-06-15 Peter Lablans Cryptographic Machines With N-state Lab-transformed Switching Devices

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170169735A1 (en) * 2010-06-01 2017-06-15 Peter Lablans Cryptographic Machines With N-state Lab-transformed Switching Devices
US20140229786A1 (en) * 2011-08-26 2014-08-14 Oxford Brookes University Digital error correction

Similar Documents

Publication Publication Date Title
Öztürk et al. Low-power elliptic curve cryptography using scaled modular arithmetic
Knezevic et al. Faster interleaved modular multiplication based on Barrett and Montgomery reduction methods
Lutz et al. High performance FPGA based elliptic curve cryptographic co-processor
US7904498B2 (en) Modular multiplication processing apparatus
Li et al. High-Performance Pipelined Architecture of Elliptic Curve Scalar Multiplication Over GF (${2}^{m} $)
US8862651B2 (en) Method and apparatus for modulus reduction
US8417760B2 (en) Device and method for calculating a multiplication addition operation and for calculating a result of a modular multiplication
Ghosh et al. Core based architecture to speed up optimal ate pairing on FPGA platform
Saxena et al. State of the art parallel approaches for RSA public key based cryptosystem
Gutub et al. Scalable VLSI architecture for GF (p) Montgomery modular inverse computation
Paar Implementation of cryptographic schemes 1
US9042543B2 (en) Method for arbitrary-precision division or modular reduction
Venkatesh et al. Reconfigurable architecture to speed-up modular exponentiation
Gutub et al. Serial vs. parallel elliptic curve crypto processor designs
KR101977873B1 (en) Hardware-implemented modular inversion module
WO2023043467A1 (en) A method and architecture for performing modular addition and multiplication sequences
WO2023080892A1 (en) Method and architecture for computing extension field arithmetic in a cryptosystem
Safieh et al. Area efficient coprocessor for the elliptic curve point multiplication
Rodríguez et al. An FPGA arithmetic logic unit for computing scalar multiplication using the half-and-add method
Zhang et al. A high performance pseudo-multi-core ECC processor over GF (2 163)
Smyth et al. An adaptable and scalable asymmetric cryptographic processor
Judge et al. A hardware-accelerated ECDLP with high-performance modular multiplication
Massolino et al. Low power Montgomery modular multiplication on reconfigurable systems
Lim et al. Elliptic curve digital signature algorithm over GF (p) on a residue number system enabled microprocessor
Zhao et al. Exploring the speed limit of SM2

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21963457

Country of ref document: EP

Kind code of ref document: A1