When implementing a cryptographic algorithm, efficient operations have high relevance both in hardware and in software. Since a number of operations can be performed via polynomial multiplication, the arithmetic of polynomials over finite fields plays a key role in real-life implementations—e.g., accelerating cryptographic and cryptanalytic software (pre- and post-quantum) (Chou in Accelerating pre-and post-quantum cryptography. Ph.D. thesis, Technische Universiteit Eindhoven, 2016). One of the most interesting papers that addressed the problem has been published in 2009. In Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009), Bernstein suggests to split polynomials into parts and presents a new recursive multiplication technique which is faster than those commonly used. In order to further reduce the number of bit operations (Bernstein in High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html) required to multiply n-bit polynomials, researchers adopt different approaches. In CMT: Circuit minimization work. http://www.cs.yale.edu/homes/peralta/CircuitStuff/CMT.html a greedy heuristic has been applied to linear straight-line sequences listed in Bernstein (High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html). In 2013, D’angella et al. (Applied computing conference, 2013. ACC’13. WEAS. pp. 31–37. WEAS, 2013) skip some redundant operations of the multiplication algorithms described in Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009). In 2015, Cenk et al. (J Cryptogr Eng 5(4):289–303, 2015) suggest new multiplication algorithms. In this paper, (a) we present a “k-1”-level recursion algorithm that can be used to reduce the effective number of bit operations required to multiply n-bit polynomials, and (b) we use algebraic extensions of F 2 combined with Lagrange interpolation to improve the asymptotic complexity.
Polynomial multiplication over binary finite fields : new upper bounds / A. De Piccoli, A. Visconti, O.G. Rizzo. - In: JOURNAL OF CRYPTOGRAPHIC ENGINEERING. - ISSN 2190-8508. - 10:3(2020 Sep), pp. 197-210. [10.1007/s13389-019-00210-w]
Polynomial multiplication over binary finite fields : new upper bounds
A. De Piccoli;A. Visconti;O.G. Rizzo
2020
Abstract
When implementing a cryptographic algorithm, efficient operations have high relevance both in hardware and in software. Since a number of operations can be performed via polynomial multiplication, the arithmetic of polynomials over finite fields plays a key role in real-life implementations—e.g., accelerating cryptographic and cryptanalytic software (pre- and post-quantum) (Chou in Accelerating pre-and post-quantum cryptography. Ph.D. thesis, Technische Universiteit Eindhoven, 2016). One of the most interesting papers that addressed the problem has been published in 2009. In Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009), Bernstein suggests to split polynomials into parts and presents a new recursive multiplication technique which is faster than those commonly used. In order to further reduce the number of bit operations (Bernstein in High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html) required to multiply n-bit polynomials, researchers adopt different approaches. In CMT: Circuit minimization work. http://www.cs.yale.edu/homes/peralta/CircuitStuff/CMT.html a greedy heuristic has been applied to linear straight-line sequences listed in Bernstein (High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html). In 2013, D’angella et al. (Applied computing conference, 2013. ACC’13. WEAS. pp. 31–37. WEAS, 2013) skip some redundant operations of the multiplication algorithms described in Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009). In 2015, Cenk et al. (J Cryptogr Eng 5(4):289–303, 2015) suggest new multiplication algorithms. In this paper, (a) we present a “k-1”-level recursion algorithm that can be used to reduce the effective number of bit operations required to multiply n-bit polynomials, and (b) we use algebraic extensions of F 2 combined with Lagrange interpolation to improve the asymptotic complexity.
| File | Dimensione | Formato | |
|---|---|---|---|
|
26_AV_PolynomialProduct.pdf
Open Access dal 18/04/2020
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
362.61 kB
Formato
Adobe PDF
|
362.61 kB | Adobe PDF | Visualizza/Apri |
|
DePiccoli2019_Article_PolynomialMultiplicationOverBi.pdf
accesso riservato
Descrizione: online first
Tipologia:
Publisher's version/PDF
Dimensione
333.08 kB
Formato
Adobe PDF
|
333.08 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
s13389-019-00210-w.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
388.42 kB
Formato
Adobe PDF
|
388.42 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
