When implementing a cryptographic algorithm, efficient operations have high relevance both in hardware and in software. Since a number of operations can be performed via polynomial multiplication, the arithmetic of polynomials over finite fields plays a key role in real-life implementations—e.g., accelerating cryptographic and cryptanalytic software (pre- and post-quantum) (Chou in Accelerating pre-and post-quantum cryptography. Ph.D. thesis, Technische Universiteit Eindhoven, 2016). One of the most interesting papers that addressed the problem has been published in 2009. In Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009), Bernstein suggests to split polynomials into parts and presents a new recursive multiplication technique which is faster than those commonly used. In order to further reduce the number of bit operations (Bernstein in High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html) required to multiply n-bit polynomials, researchers adopt different approaches. In CMT: Circuit minimization work. http://www.cs.yale.edu/homes/peralta/CircuitStuff/CMT.html a greedy heuristic has been applied to linear straight-line sequences listed in Bernstein (High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html). In 2013, D’angella et al. (Applied computing conference, 2013. ACC’13. WEAS. pp. 31–37. WEAS, 2013) skip some redundant operations of the multiplication algorithms described in Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009). In 2015, Cenk et al. (J Cryptogr Eng 5(4):289–303, 2015) suggest new multiplication algorithms. In this paper, (a) we present a “k-1”-level recursion algorithm that can be used to reduce the effective number of bit operations required to multiply n-bit polynomials, and (b) we use algebraic extensions of F 2 combined with Lagrange interpolation to improve the asymptotic complexity.

Polynomial multiplication over binary finite fields : new upper bounds / A. De Piccoli, A. Visconti, O.G. Rizzo. - In: JOURNAL OF CRYPTOGRAPHIC ENGINEERING. - ISSN 2190-8508. - (2019 Apr 17). [Epub ahead of print] [10.1007/s13389-019-00210-w]

Polynomial multiplication over binary finite fields : new upper bounds

A. De Piccoli;A. Visconti;O.G. Rizzo
2019-04-17

Abstract

When implementing a cryptographic algorithm, efficient operations have high relevance both in hardware and in software. Since a number of operations can be performed via polynomial multiplication, the arithmetic of polynomials over finite fields plays a key role in real-life implementations—e.g., accelerating cryptographic and cryptanalytic software (pre- and post-quantum) (Chou in Accelerating pre-and post-quantum cryptography. Ph.D. thesis, Technische Universiteit Eindhoven, 2016). One of the most interesting papers that addressed the problem has been published in 2009. In Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009), Bernstein suggests to split polynomials into parts and presents a new recursive multiplication technique which is faster than those commonly used. In order to further reduce the number of bit operations (Bernstein in High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html) required to multiply n-bit polynomials, researchers adopt different approaches. In CMT: Circuit minimization work. http://www.cs.yale.edu/homes/peralta/CircuitStuff/CMT.html a greedy heuristic has been applied to linear straight-line sequences listed in Bernstein (High-speed cryptography in characteristic 2: minimum number of bit operations for multiplication, 2009. http://binary.cr.yp.to/m.html). In 2013, D’angella et al. (Applied computing conference, 2013. ACC’13. WEAS. pp. 31–37. WEAS, 2013) skip some redundant operations of the multiplication algorithms described in Bernstein (in: Halevi (ed) Advances in Cryptology—CRYPTO 2009: 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp 317–336. Springer Berlin Heidelberg, Berlin, Heidelberg, 2009). In 2015, Cenk et al. (J Cryptogr Eng 5(4):289–303, 2015) suggest new multiplication algorithms. In this paper, (a) we present a “k-1”-level recursion algorithm that can be used to reduce the effective number of bit operations required to multiply n-bit polynomials, and (b) we use algebraic extensions of F 2 combined with Lagrange interpolation to improve the asymptotic complexity.
polynomial multiplication; Karatsuba; two-level seven-way recursion algorithm; binary fields; fast software implementations
Settore INF/01 - Informatica
Settore MAT/02 - Algebra
17-apr-2019
Article (author)
File in questo prodotto:
File Dimensione Formato  
26_AV_PolynomialProduct.pdf

embargo fino al 17/04/2020

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 362.61 kB
Formato Adobe PDF
362.61 kB Adobe PDF Visualizza/Apri
DePiccoli2019_Article_PolynomialMultiplicationOverBi.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 333.08 kB
Formato Adobe PDF
333.08 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2434/640967
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 1
social impact