CN101739233B - Semi-sequential input Galois multiplier and executing method thereof - Google Patents

Semi-sequential input Galois multiplier and executing method thereof Download PDF

Info

Publication number
CN101739233B
CN101739233B CN200810176062A CN200810176062A CN101739233B CN 101739233 B CN101739233 B CN 101739233B CN 200810176062 A CN200810176062 A CN 200810176062A CN 200810176062 A CN200810176062 A CN 200810176062A CN 101739233 B CN101739233 B CN 101739233B
Authority
CN
China
Prior art keywords
multiplier
multiplication
order
galois
compound
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200810176062A
Other languages
Chinese (zh)
Other versions
CN101739233A (en
Inventor
颜志旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial Technology Research Institute ITRI
Original Assignee
Industrial Technology Research Institute ITRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial Technology Research Institute ITRI filed Critical Industrial Technology Research Institute ITRI
Priority to CN200810176062A priority Critical patent/CN101739233B/en
Publication of CN101739233A publication Critical patent/CN101739233A/en
Application granted granted Critical
Publication of CN101739233B publication Critical patent/CN101739233B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Error Detection And Correction (AREA)

Abstract

The invention relates to a semi-sequential input Galois (GF2n) multiplier and an executing method thereof. The GF(2n) multiplier comprises two GF(2m) multipliers of single base field, at least one constant multiplier and a plurality of single GF(2m) summator. High-order and low-order elements of the complex field of one of two operands of the GF(2n) multiplier are respectively parallelly input to the two base field GF(2m) multipliers, but high-order and low-order elements of the complex field of the other operand are sequentially input to the two base field GF(2m) multipliers, and a plurality of GF(2m) part of multiplication results are generated. The plurality of GF(2m) part of multiplication results are calculated by the constant multiplier and the plurality of single GF(2m) summators to generate a high-order element and a low-order element in a multiplication result of GF((2m)2), and then the high-order element and the low-order element are returned to the GF(2n) field by mapping, thereby completing the GF(2n) multiplication.

Description

Galois multiplier and its manner of execution partly imported in proper order
Technical field
The invention relates to the Galois multiplier (Galois Field Multiplier) and its manner of execution of a kind of (Semi-Sequential) partly in proper order input.
Background technology
(Galois Counter Mode-AdvancedEncryption Standard, GCM-AES) technology has been used for Internet Protocol security (IPsec) environment to Galois count mode-advanced encryption standard.Also adopt the GCM-AES algorithm as preset encryption and decryption computing among network (Ethernet) second layer safety standard MACsec very much in second.And used Galois field (Galois Field) GF (2 in the GCM-AES algorithm 128) multiplying realize a conspicuous order function (Hash Function), this makes the hardware cost that on hardware is realized, significantly improves GCM-AES.Single GF (2 128) hardware size of multiplier just is equal to one 128 AES core engine.When being incorporated into the Ethernet mac controller to the MACsec controller that has GCM-AES, the cost that GCM-AES influenced is higher than regular meeting.
GF (2 n) be a finite field (Finite Field), the defined space of original (Primitive) polynomial expression by n rank has 2 nIndividual element, each unit have n position, and this n position is exactly the polynomial coefficient of this element:
b 0+b 1x+…+b n-1x n-1
B wherein iBe the element among the GF (2), just 0 or 1.Suppose to constitute GF (2 n) the original polynomial expression in space is g (x), then GF (2 n) the element multiplication can be considered two steps: at first, two elements carry out the general polynomial multiplication earlier; And then the deconv that obtains got its remainder with g (x).And GF (2 n) the element additive operation, logically just be equal to the XOR computing of n position.
When n is a very big positive integer, for example 128, then GF (2 n) multiplication need pay very high computing cost.So, can use compound (Composite Field) to reduce computational complexity usually.Compound mathematical symbolism method is GF ((2 m) k), km=n wherein, m, k are all positive integer.If explain, then be at GF (2 with script with the figure place of element n) n bit plain, convert k at GF (2 m) in the m bit plain because km=n, so still n place value on the whole.And in compound, GF (2 m) be exactly a substrate field (Ground Field).Will be with an element from GF (2 n) the field GF ((2 that videos m) k), need the polynomial expression of three indispensabilities, be respectively construction GF (2 n) a required g (x), also need the original polynomial expression p (x) on m rank and the original polynomial expression r (x) on k rank, wherein the polynomial coefficient of p (x) belongs to GF (2), and the coefficient of r (x) belongs to GF (2 m).
Then, the theory of utilizing Christof Paar to be proposed again just can find the matrix M of a n * n, with element from GF (2 n) the space GF ((2 that videos m) k) space, and its inverse matrix M -1Then can be again with element from GF ((2 m) k) GF (2 videos back n).In polynomial expression, the A element is at GF (2 n) space is:
A(x)=a 0+a 1x+…+a n-1x n-1 a i∈GF(2),
And the GF ((2 that videos m) 2) compound after, A can be expressed as:
A(x)=a 0+a 1x a i∈GF(2 m)。
And compound multiplying also is the same principle, carries out general polynomial multiplication earlier, gets remainder again.
The correlation technique that proposes Galois multiplier has a lot.For example, United States Patent (USP) 4,251,875 disclose a kind of Galois multiplier framework of general usefulness.Adopt single GF (2 m) multiplier architecture, import two operands in proper order, accomplish GF (2 n) multiplying, wherein m is the multiple of n.United States Patent (USP) 7,113, the Galois multiplier framework of 968 exposure is to design with another polynomial expression of two polynomial expression patterns computing (Modulo).
And the Galois multiplier framework that United States Patent (USP) 7,133,889 discloses is as shown in Figure 1, is to adopt single substrate field GF (2 m) multiplier architecture, and use the Karatsuba-Ofman operation method to carry out multiplying.United States Patent (USP) 6,957, polynomial method is disassembled in the Galois multiplier framework utilization of 243 exposure, one of them operand A (x) is imported in proper order, i.e. sequence A 0(x), A 1(x) ..., A T-1(x) import in proper order; And another operand b (x) imports abreast, carries out multiplying, and is as shown in Figure 2.
In recent years, Galois field GF (2 n) in error control coding and the medium field of cryptography by a large amount of uses, error coded partly has Reed-Solomon sign indicating number that masses know, reflected code (Cyclic Code) etc.Cryptography partly then has elliptic curve cipher system, AES and GCM etc.Therefore, the hardware realization framework that need design reduction GCM-AES, keep the processing power of Gigabit level and be applicable to the Galois multiplier of Network Transmission environment is arranged.
Summary of the invention
In the enforcement example that the present invention disclosed, a kind of Galois multiplier and manner of execution of partly importing in proper order can be provided.
Implement in the example one, what disclosed relates to a kind of partly Galois multiplier of input in proper order, is used for carrying out Galois field GF (2 n) the multiplication of two operands (Operand), n is a positive even numbers.This Galois GF (2 n) multiplier can comprise the GF (2 of two single substrate fields m) multiplier, at least one constant multiplier and a plurality of single GF (2 m) totalizer, n=2m, n, m are all positive integer.GF (2 n) compound the high-order (High-order) of two one of them operand of operand of multiplication distinguishes parallel input two single substrate field GF (2 so far with low order (Low-order) element m) multiplier, and compound high-order and low order element of another operand are imported two single substrate field GF (2 so far in proper order m) multiplier, and produce a plurality of GF (2 m) part multiplication result (Partial Product); And these a plurality of GF (2 m) the part multiplication result again through a plurality of therewith GF (2 of at least one constant multiplier thus m) totalizer, produce GF ((2 m) 2) multiplication result in a higher order element and a low order element, higher order element in this multiplication result and low order element are also got back to GF (2 through reflection n), and accomplish this GF (2 n) multiplication.
In another implemented example, what disclosed related to a kind of Galois GF (2 n) the partly input data method in proper order of multiplication.The method comprises: with GF (2 n) two operands of multiplication are from GF (2 n) video to GF ((2 m) 2), obtain compound element; And compound the high-order of one of them operand and low order element are parallel respectively inputs to two substrate field GF (2 m) multiplier, and compound element of another operand is imported two substrate field GF (2 so far in proper order m) multiplier.
Implement in the example manner of execution that relates to a kind of Galois multiplication of partly importing in proper order that is disclosed at another.The method comprises: with GF (2 n) two operands of multiplication are from GF (2 n) GF ((2 videos m) 2), obtain compound element, compound high-order and the parallel respectively GF (2 that inputs to two substrate fields of low order element of one of them operand m) multiplier, and compound high-order and low order element of another operand are imported the GF (2 of two substrate fields so far in proper order m) multiplier; With GF (2 n) multiplication is divided into a plurality of GF (2 m) the part multiplying; And with these two substrate field GF (2 m) multiplier, at least one constant multiplication (Constant Multiplication) and a plurality of GF (2 m) addition carries out this a plurality of GF (2 m) the part multiplying, and produce a higher order element and the low order element in the multiplication result.
Description of drawings
Now cooperate the following icon, implement the detailed description and the claim of example, will on address further feature of the present invention and advantage and be specified in after, wherein:
Fig. 1 is an a kind of example schematic of Galois multiplier.
Fig. 2 is an example schematic of another kind of Galois multiplier.
Fig. 3 is an example schematic of the Galois multiplier framework partly imported in proper order, and with disclosed some to implement example consistent.
Fig. 4 is the exemplary flowchart that the Galois multiplication partly imported is in proper order carried out, and consistent with the enforcement example of some exposure of the present invention.
Fig. 5 explains Galois field multiplying how to accomplish a m position with a hard-wired example of Mace Te Weiduo (Mastrivito) multiplier, and consistent with the enforcement example of some exposure of the present invention.
Fig. 6 explains that one of them operand of Galois multiplication is the situation than the low frequency variable, and consistent with the enforcement example of some exposure of the present invention.
Fig. 7 is the substrate field GF (2 among Fig. 3 m) an example configuration diagram realizing with Mace Te Weiduo (Mastrivito) multiplier of multiplier, and consistent with the enforcement example of some exposure of the present invention.
Fig. 8 is that computing and the product matrix in compound the space of integration map 7 is an example configuration diagram of the Galois multiplier after the single matrix conversion computing, and consistent with the enforcement example of some exposure of the present invention.
Embodiment
The present invention is directed to and participate in GF (2 n) one of them element of multiplying is low frequency variable situation, and the low frequency variable is imported in a parallel manner, the high frequency variable is imported with mode in proper order, and utilizes GF ((2 m) 2) compound format of field realize a GF (2 n) multiplier, wherein GF (2 n) original polynomial expression be g (x), GF (2 m) original polynomial expression be p (x).The low frequency variable similarly is the GHASH computing in the GCM pattern, and it participates in the H value of GF multiplying, only can follow secret key K to change, and the renewal frequency of actual application environment secret key K is very low; Wherein, H be via in the expression formula of authenticated encryption with secret key K to be that 0 block is encrypted the value that obtains totally, also be one of them input of three inputs of GHASH computing, n is a positive even numbers.
In the enforcement example of this exposure, to adopt r (x)=r 0+ x+x 2This polynomial expression is that example forms GF ((2 m) 2) space, wherein r 0Be GF2 m) in element, and make r (x) at GF (2 m) in satisfy primary characteristic (Primitivity).Suppose that A and B are GF (2 n) element, at the GF ((2 that videos m) 2) after, its polynomial repressentation method is respectively a 0+ a 1X and b 0+ b 1X, wherein { a 0, a 1, b 0, b 1∈ GF (2 m), and b 1Be the inferior coefficient of x item, just GF ((2 m) 2) in high-order GF (2 m) element.And b 0Be the low order element, a 1And a 0Low-order and high-order relation also be like this.Then its multiplication can be expressed as:
A×B=(a 0+a 1x)(b 0+b 1x)modr(x)
=a 0b 0+(a 1b 0+a 0b 1)x+a 1b 1x 2modr(x)
=(a 0b 0+a 1b 1r 0)+(a 1b 0+a 1b 1+a 0b 1)x
Following formula a 1b 0+ a 1b 1+ a 0b 1Its value is exactly the higher order element in the multiplication result, and a 0b 0+ a 1b 1r 0Its value is the low order element.
Fig. 3 is an example schematic of the Galois multiplier framework partly imported in proper order, and with disclosed some to implement example consistent.With reference to figure 3, this hard-wired Galois multiplier framework is carried out GF (2 n) two operands in lining, i.e. A and B, multiplying to produce its product (Product) 330.As can beappreciated from fig. 3, this Galois multiplier framework can be used the GF (2 of two single substrate fields m) multiplier 301-302, at least one constant multiplier 311 and a plurality of single GF (2 m) totalizer, as 321 to 323, realize the multiplying of GF (2n), wherein n=2m.
GF (2 n) compound the GF ((2 of one of them operand B of two operands of multiplication m) 2) high-order and the parallel respectively GF2 that inputs to the substrate field of low order element m) multiplier 301-302, and compound the GF ((2 of another operand A m) 2) high-order and the low order element GF (2 that inputs to the substrate field in proper order m) multiplier 301-302, to produce a plurality of GF (2 m) the part multiplication result, for example comprise a 0b 0, a 1b 1, a 1b 0, and a 0b 1And these a plurality of GF (2 m) the part multiplication result again via constant multiplier 311 and a plurality of GF (2 m) totalizer, as 321 to 323, produce GF ((2 m) 2) multiplication result in a higher order element and a low order element; Higher order element in this multiplication result and low order element are also got back to GF (2 through reflection n), and accomplish this GF (2 n) multiplication.
This Galois multiplier framework also can comprise an input operand projection instrument (Input OperandMapper), with GF (2 n) each operand GF ((2 that videos earlier m) 2) compound in, and obtain two corresponding GF (2 m) element, i.e. compound the high-order and low order two elements of this operand.
Below specify the execution of how arranging in pairs or groups of each assembly in this Galois multiplier, to accomplish this GF (2 n) multiplying.
With reference to figure 3, whole GF (2 n) the process description carried out of multiplication following.Carry out GF (2 n) two input operands (Input Operand) of multiplication, i.e. A and B can be earlier through the computing 333a of a reflection to compound, with operand A and operand B from GF (2 n) compound GF ((2 videos m) 2), obtain compound element.Wherein, it (is b that higher order element after operand B changes and low order element are designated as InputB_CF_H respectively 1) with InputB_CF_L (be b 0); And after the operand A conversion, the sequence that higher order element and low order element are imported in proper order is designated as the InputA_CF sequence.Higher order element InputB_CF_H and the parallel respectively GF (2 that inputs to the substrate field of low order element InputB_CF_L after the operand B conversion m) multiplier 301 and 302; And two compound elements of InputA_CF (are a 1With a 0) then be the GF (2 that inputs to the substrate field in proper order m) multiplier 301 and 302.
Suppose that the initial value of buffer 341 and 342 content is all 0, and the mode imported in proper order via device 333b in proper order of InputA_CF sequence is input a earlier 1Import a again 0, then the execution flow process of computing is at first importing a 1And via the GF (2 of substrate field m) multiplier 301 and 302, calculate a respectively 1b 1And a 1b 0Then, the GF (2 of substrate field m) the output a of multiplier 301 1b 1Via constant multiplier 311, be multiplied by constant r 0After, obtain a 1b 1r 0Utilize control signal control-2, in the buffer 341 of depositing, in other words, buffer 341 these temporary constantly contents are a 1b 1r 0And a 1b 0And a 1b 1At process GF (2 n) element additive operation XOR after, utilize control signal control-1, in the buffer 342 of depositing, promptly these temporary constantly contents of buffer 342 are a 1b 0+ a 1b 1Then import a 0And via compound GF ((2 m) 2) multiplier 301 and 302, calculate a respectively 0b 0And a 0b 1
Utilize control signal control-2 then, let a 0b 0Previous temporary value a with buffer 341 1b 1r 0Through GF (2 n) element additive operation XOR after obtain a 0b 0+ a 1b 1r 0And control signal control-1 selects a 0b 1Previous value process GF (2 with buffer 342 n) element additive operation XOR after, obtain a 1b 0+ a 1b 1+ a 0b 1At last, the content of buffer 342 and the content image of buffer 341 are got back to GF (2 n), shown in label 350, promptly accomplish a GF (2 n) multiplication.
Hold above-mentionedly, Fig. 4 is the exemplary flowchart that the Galois multiplication partly imported is in proper order carried out, and consistent with the enforcement example of some exposure of the present invention.With reference to the example flow process of figure 4, at first, with GF (2 n) two operands of multiplication, i.e. A and B are from GF (2 n) GF ((2 videos m) 2), obtain compound element, shown in step 410.One of them operand, B for example, compound high-order and the parallel respectively GF (2 that inputs to two substrate fields of low order element m) multiplier; And compound element of another operand is imported the GF (2 of two substrate fields so far in proper order m) multiplier, shown in step 420.
In other words, the execution Galois GF (2 of this exposure n) in the multiplication, the mode of importing two operand data be with partly in proper order input data method 412 carry out, promptly comprise step 410 and step 420.In step 420, input low order element behind the order of input and the unrestricted higher order element of input earlier in proper order, or import higher order element behind the input low order element earlier, the both is applicable to the partly input method in proper order of this exposure.
After the two operand data inputs, with GF (2 n) multiplication is divided into a plurality of GF (2 m) the part multiplying, shown in step 430.GF (2 with two substrate fields m) multiplier, at least one constant multiplication and a plurality of GF (2 m) addition carries out this a plurality of GF (2 m) the part multiplying, and produce a higher order element and the low order element in the multiplication result, shown in step 440.
At last, with the higher order element in this multiplication result therewith low order element reflection get back to GF (2 n), to accomplish a GF (2 n) multiplication, shown in step 450.
GF (2 m) multiplier can use the framework of Mace Te Weiduo (Mastrivito) multiplier to realize, explain as after.Suppose two GF (2 m) m-tuple elements (m-tuple) representation of element be respectively A [m-1:0]=[a 0a 1... a M-1], B [m-1:0]=[b 0b 1... b M-1], then the multiplier computing C=A [m-1:0] of Mace Te Weiduo (Mastrovito) * B [m-1:0] can be expressed as
Figure G2008101760622D00071
Z wherein BBe called product matrix (Product Matrix), and the value of this matrix is z I, j=f I, j(b 0, b 1..., b M-1).
f i , j = b i j = 0 i = 0 , . . . , m - 1 u ( i - j ) b i - j + Σ i = 0 j - 1 q j - 1 - t , i b n - 1 - t j = 1 , . . . , m - 1 i = 0 , . . . , m - 1 - - - ( 2 ) , And
u ( &mu; ) = 1 &mu; &GreaterEqual; 0 0 &mu; < 0 .
Fig. 5 explains Galois field multiplying how to accomplish a m position with a hard-wired example of Mace Te Weiduo (Mastrivito) multiplier, and consistent with the enforcement example of some exposure of the present invention.In the hard-wired example of Mace Te Weiduo (Mastrivito) multiplier of Fig. 5, matrix-vector multiplier (Matrix-Vector Multiplier) 501 is exactly the computing of carrying out formula (1), and product matrix 511 is exactly the computing of carrying out formula (2).After the B operand of m position is changed through f letter formula, obtain the product matrix ZB of a m * m, the value of this matrix multiplies each other with a vector-matrix multiply musical instruments used in a Buddhist or Taoist mass more then, and just the expression formula of formula (1) is promptly accomplished the Galois field multiplying of a m position.
In other words, in Mace Te Weiduo (Mastrivito) multiplier architecture, it is exactly with GF (2 that a characteristic is arranged m) multiplying is divided into the Galois field multiplying that two steps are accomplished a m position.First step is the product matrix that earlier one of them operand B is changed into m * m from the m bit vector; Second step is the multiplication that again this matrix and another one operand A is carried out matrix-vector, just can obtain final multiplication result.
In two stage like this framework, as shown in Figure 6 when one of them operand is the low frequency variable, each B just iOperand all can with a plurality of A iOperand multiplies each other.Because therefore this kind situation can take the design of pipeline (Pipeline),, obtain the product matrix Z of a m * m with the advanced row matrix conversion of low frequency variable B B, and store.Because the conversion frequency height next than B of A, therefore all A * B computing before B does not change all only need be carried out the computing of formula (1), and need not carry out formula (2).
Fig. 7 is the GF (2 of two substrate fields among Fig. 3 m) an example configuration diagram realizing with two Mace Te Weiduo (Mastrivito) multipliers of multiplier, and consistent with the enforcement example of some exposure of the present invention.So, the GF (2 of substrate field m) multiplier 301 realizes the GF (2 of substrate field with matrix-vector multiplier 501 and product matrix 511 m) multiplier 302 realizes with matrix-vector multiplier 502 and product matrix 512.Can find from Fig. 7; Part at operand B; Getting into matrix-vector multiplier before can be through two translation operation, a computing that is reflection to compound (MapTo Composite Field), and another is the required product matrix conversion of Mace Te Weiduo (Mastrivito) framework.Reflection to compound computing and product matrix can be integrated into single matrix conversion computing, shown in matrix conversion computing 821 and 822 among Fig. 8, is used for conversion operations respectively to count higher order element and the low order element of B.
The enforcement example with hard-wired Galois multiplier and its manner of execution of above-mentioned exposure can be used in and adopt as in the encrypting and deciphering system of GCM-AES algorithm as the class of preset encryption and decryption computing.Therefore this Galois multiplier can effectively reduce the hardware cost of GCM-AES owing to cooperate the recycling of arithmetic element.
Below to utilize GF ((2 4) 2) compound format of field realize a GF (2 8) multiplier is an example, that is n=8 and m=4, and the Galois multiplier of partly importing in proper order of above-mentioned exposure and the example framework of manner of execution are described.
Suppose to constitute GF (2 8) original polynomial expression g (x) be 1+x 2+ x 3+ x 4+ x 8, and construction GF (2 4) original polynomial expression p (x) be 1+x+x 4And be used for producing GF ((2 4) 2) original polynomial expression be x 2+ x+ α 14Utilize the theory of Christof Paar can obtain GF (2 8) GF ((2 videos 4) 2) matrix do
0 0 1 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 1 1 0 1 0 1 0 0 1 0 0 0 0 0 0 1 0 0 1 1 0 1 0 0 1 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 1 1
Suppose that operand B belongs to GF (2 8), its coefficient is [b 0b 1b 2b 3b 4b 5b 6b 7b 8] T, then obtain later following formula, just the calculation function of the extremely compound field of reflection among Fig. 3, Fig. 7 and Fig. 8 in conversion.
0 0 1 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 1 1 0 1 0 1 0 0 1 0 0 0 0 0 0 1 0 0 1 1 0 1 0 0 1 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 1 1 b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 = b 2 b 1 + b 2 + b 5 b 3 + b 4 + b 6 b 0 + b 3 b 2 + b 5 + b 6 b 0 + b 3 + b 4 + b 6 b 2 + b 6 b 4 + b 6 + b 7 = b l , 0 &prime; b l , 1 &prime; b l , 2 &prime; b l , 3 &prime; b h , 0 &prime; b h , 1 &prime; b h , 2 &prime; b h , 3 &prime;
And the GF (2 of Mace Te Weiduo (Mastrivito) multiplier 4) product matrix is from formula (2) and 1+x+x 4, the product matrix of low order element and higher order element as shown in the formula
b l , 0 &prime; b l , 3 &prime; b l , 2 &prime; b l , 1 &prime; b l , 1 &prime; b l , 0 &prime; + b l , 3 &prime; b l , 2 &prime; + b l , 3 &prime; b l , 1 &prime; + b l , 2 &prime; b l , 2 &prime; b l , 1 &prime; b l , 0 &prime; + b l , 3 &prime; b l , 2 &prime; + b l , 3 &prime; b l , 3 &prime; b l , 2 &prime; b l , 1 &prime; b l , 0 &prime; + b l , 3 &prime; With
b h , 0 &prime; b h , 3 &prime; b h , 2 &prime; b h , 1 &prime; b h , 1 &prime; b h , 0 &prime; + b h , 3 &prime; b h , 2 &prime; + b h , 3 &prime; b h , 1 &prime; + b h , 2 &prime; b h , 2 &prime; b h , 1 &prime; b h , 0 &prime; + b h , 3 &prime; b h , 2 &prime; + b h , 3 &prime; b h , 3 &prime; b h , 2 &prime; b h , 1 &prime; b h , 0 &prime; + b h , 3 &prime; .
The calculation function of Here it is in Fig. 5 and Fig. 7 product matrix.
As preceding shown in Figure 8; Can be integrated into by single matrix conversion calculation function through the conversion and the product matrix of reflection to compound computing, just with
Figure G2008101760622D0010151836QIETU
and
Figure G2008101760622D0010151852QIETU
be brought into respectively product matrix in.Therefore, with the low order element of operand B, can integrate as follows
b 2 b 0 + b 3 b 3 + b 4 + b 6 b 1 + b 2 + b 5 b 1 + b 2 + b 5 b 0 + b 2 + b 3 b 0 + b 4 + b 6 b 1 + b 2 + b 3 + b 4 + b 5 + b 6 b 3 + b 4 + b 6 b 1 + b 2 + b 5 b 0 + b 2 + b 3 b 0 + b 4 + b 6 b 0 + b 3 b 3 + b 4 + b 6 b 1 + b 2 + b 5 b 0 + b 2 + b 3 ,
The higher order element of operand B then can be integrated as follows
b 2 + b 5 + b 6 b 4 + b 6 + b 7 b 2 + b 6 b 0 + b 3 + b 4 + b 6 b 0 + b 3 + b 4 + b 6 b 2 + b 4 + b 5 + b 7 b 2 + b 4 + b 7 b 0 + b 2 + b 3 + b 4 b 2 + b 6 b 0 + b 3 + b 4 + b 6 b 2 + b 4 + b 5 + b 7 b 2 + b 4 + b 7 b 4 + b 6 + b 7 b 2 + b 6 b 0 + b 3 + b 4 + b 6 b 2 + b 4 + b 5 + b 7 .
This two matrix is exactly the matrix conversion computing after integrating among Fig. 8, is used for conversion operations to count the matrix of B.
In sum, the enforcement example of this exposure is to use compound principle of Galois, is the situation than the low frequency variable to one of them operand of Galois multiplication, utilizes GF (2 m) finite field multiplier realization GF (2 n) the finite field multiplying, n=2m, and the recycling of cooperation arithmetic element propose one with hard-wired Galois multiplier and its manner of execution of partly importing in proper order.The enforcement example of this exposure if be applied in the GCM-AES algorithm as preset encryption and decryption computing type encrypting and deciphering system in the time, can effectively reduce the hardware cost of GCM-AES.
Only, above-describedly be merely enforcement example of the present invention, when not limiting the scope that the present invention implements according to this.Be that the equalization that every claim of the present invention is done changes and modification, all should still belong to the scope that claim of the present invention contains.

Claims (16)

  1. One and half in proper order the input Galois GF (2 n) multiplier, be used for carrying out Galois field GF (2 n) the multiplication of two operands, n is a positive even numbers, this Galois GF (2 n) multiplier comprises:
    An input operand projection instrument is with GF (2 n) the two operands GF ((2 that videos earlier m) 2) compound in, and obtain compound high-order and low order two elements of these two operands respectively;
    The GF (2 of single substrate field m) multiplier comprises a GF (2 m) multiplier and the 2nd GF (2 m) multiplier, distinguish compound high-order and low order element of this one of them operand of two operands of parallel input, and import compound high-order and low order element of another operand in proper order, and produce a plurality of GF (2 m) the part multiplication result, n=2m;
    At least one constant multiplier is with a GF (2 of this higher order element of input m) multiplier and the 2nd GF (2 m) the multiplier connection; And
    A plurality of single GF (2 m) totalizer;
    These a plurality of GF (2 m) the part multiplication result again via this constant multiplier and these a plurality of GF (2 m) totalizer, produce GF ((2 m) 2) multiplication result in a higher order element and a low order element, higher order element in this multiplication result and low order element are got back to GF (2 through reflection n), to accomplish this GF (2 n) multiplication; Wherein, said these a plurality of GF (2 m) the part multiplication result again via this constant multiplier and these a plurality of GF (2 m) totalizer, produce GF ((2 m) 2) multiplication result in a higher order element and a low order element comprise:
    Compound higher order element b with an operand 1With low order element b 0The parallel respectively GF (2 that is input to two substrate fields m) a GF (2 in the multiplier m) multiplier and the 2nd GF (2 m) multiplier, and compound higher order element a of another operand 1With low order element a 0Input to a GF (2 of said substrate field in proper order m) multiplier and the 2nd GF (2 m) multiplier, obtain a GF (2 respectively by the substrate field m) a of multiplier output 0b 1And a 1b 1, and by the 2nd GF (2 of substrate field m) a of multiplier output 0b 0And a 1b 0
    The one GF (2 of substrate field m) the output a of multiplier 1b 1Via constant multiplier, be multiplied by constant r 0After obtain a 1b 1r 0, deposit the result in first buffer; And a 1b 0And a 1b 1At process GF (2 n) element additive operation XOR after, deposit the result in second buffer;
    Let a then 0b 0Previous temporary value a with first buffer 1b 1r 0Through GF (2 n) element additive operation XOR after obtain a 0b 0+ a 1b 1r 0, select a 0b 1Previous temporary value process GF (2 with second buffer n) element additive operation XOR after, obtain a 1b 0+ a 1b 1+ a 0b 1, wherein, a 0b 0+ a 1b 1r 0Be the low order element in the multiplication result, a 1b 0+ a 1b 1+ a 0b 1Be the higher order element in the multiplication result.
  2. 2. the Galois GF (2 that partly imports in proper order as claimed in claim 1 n) multiplier, wherein each this single substrate field GF (2 m) multiplier is to realize with the framework of a Mace Te Weiduo multiplier.
  3. 3. the Galois GF (2 that partly imports in proper order as claimed in claim 2 n) multiplier, wherein the framework of this Mace Te Weiduo multiplier is to realize with the framework of a matrix-vector multiplier and a product matrix.
  4. 4. the Galois GF (2 that partly imports in proper order as claimed in claim 1 n) multiplier, wherein this Galois field GF (2 n) this wherein an operand earlier through the computing of a reflection, from GF (2 to compound n) be mapped to one compound GF ((2 m) 2), and compound the high-order of this another operand and GF (2 that the low order element is input to these two single substrate fields respectively m) multiplier.
  5. 5. the Galois GF (2 that partly imports in proper order as claimed in claim 1 n) multiplier, wherein this GF ((2 m) 2) multiplication result in this higher order element and low order element be temporary in two buffers respectively.
  6. 6. the Galois multiplier of partly importing in proper order as claimed in claim 1, this Galois GF (2 n) multiplier also comprises two control signals, with this GF ((2 m) 2) multiplication result in this higher order element and low order element deposit in respectively in two buffers.
  7. 7. the Galois multiplier of partly importing in proper order as claimed in claim 1, this GF (2 n) multiplier comprises the GF (2 of two single substrate fields m) multiplier, a constant multiplier and three single GF (2 m) totalizer.
  8. 8. Galois GF (2 n) the partly input data method in proper order of multiplication, n is a positive even numbers, this method comprises:
    With GF (2 n) two operands of multiplication are from GF (2 n) GF ((2 videos m) 2), obtain compound element, n=2m; And
    Compound high-order and the parallel respectively GF (2 that inputs to two substrate fields of low order element of one of them operand m) multiplier, and compound the high-order of another operand and GF (2 that the low order element inputs to this two substrates field in proper order m) multiplier.
  9. 9. Galois GF (2 as claimed in claim 8 n) the partly input data method in proper order of multiplication, this order of importing in proper order and unrestricted wherein, its low order element of input behind the higher order element of this another operand of input earlier, or its higher order element of input behind the low order element of another operand of input earlier.
  10. One and half in proper order the input Galois GF (2 n) manner of execution of multiplication, be used for carrying out Galois field GF (2 n) the multiplication of two operands, n is a positive even numbers, this method comprises:
    With GF (2 n) two operands of multiplication are via a compound reflection computing, from GF (2 n) GF ((2 videos m) 2), obtain compound the high-order and low order two elements of two operands, n=2m respectively;
    Compound high-order and the parallel respectively GF (2 that inputs to two substrate fields of low order element of one of them operand m) multiplier comprises a GF (2 m) multiplier and the 2nd GF (2 m) multiplier, and compound the high-order of another operand and GF (2 that the low order element inputs to this two substrates field in proper order m) multiplier;
    With GF (2 n) multiplication is divided into a plurality of GF (2 m) the part multiplying; And
    With this two substrate field GF (2 m) multiplier, at least one constant multiplier and a plurality of GF (2 m) totalizer carries out this a plurality of GF (2 m) the part multiplying, and produce a higher order element and the low order element in the multiplication result;
    Higher order element in this multiplication result and low order element are got back to GF (2 through reflection n), to obtain this Galois field GF (2 m) the multiplication result of two operands;
    Wherein, said with this two substrate field GF (2 m) multiplier, at least one constant multiplier and a plurality of GF (2 m) totalizer carries out this a plurality of GF (2 m) the part multiplying, and the higher order element and the low order element that produce in the multiplication result comprise:
    Compound higher order element b with an operand 1With low order element b 0The parallel respectively GF (2 that is input to two substrate fields m) a GF (2 in the multiplier m) multiplier and the 2nd GF (2 m) multiplier, and compound higher order element a of another operand 1With low order element a 0Input to a GF (2 of said substrate field in proper order m) multiplier and the 2nd GF (2 m) multiplier, obtain a GF (2 respectively by the substrate field m) a of multiplier output 0b 1And a 1b 1, and by the 2nd GF (2 of substrate field m) a of multiplier output 0b 0And a 1b 0
    The one GF (2 of substrate field m) the output a of multiplier 1b 1Via constant multiplier, be multiplied by constant r 0After obtain a 1b 1r 0, deposit the result in first buffer; And a 1b 0And a 1b 1At process GF (2 n) element additive operation XOR after, deposit the result in second buffer;
    Let a then 0b 0Previous temporary value a with first buffer 1b 1r 0Through GF (2 n) element additive operation XOR after obtain a 0b 0+ a 1b 1r 0, select a 0b 1Previous temporary value process GF (2 with second buffer n) element additive operation XOR after, obtain a 1b 0+ a 1b 1+ a 0b 1, wherein, a 0b 0+ a 1b 1r 0Be the low order element in the multiplication result, a 1b 0+ a 1b 1+ a 0b 1Be the higher order element in the multiplication result.
  11. 11. like the claim the 10 described Galois GF (2 that partly import in proper order n) manner of execution of multiplication, the wherein GF (2 of this two substrates field m) multiplier is all Mace Te Weiduo multiplier.
  12. 12. the Galois GF (2 that partly imports in proper order as claimed in claim 11 n) manner of execution of multiplication, wherein this Mace Te Weiduo multiplier is with this GF (2 m) multiplying accomplishes the Galois field multiplying of a m position with the following step:
    One of them operand is changed into the product matrix of a m * m from the m bit vector; And
    The multiplication that product matrix and the another one operand of this m * m carried out matrix-vector.
  13. 13. the Galois GF (2 that partly imports in proper order as claimed in claim 10 n) manner of execution of multiplication, this method is divided into four GF (2 with GF (2n) multiplication m) the part multiplying.
  14. 14. the Galois GF (2 that partly imports in proper order as claimed in claim 13 n) manner of execution of multiplication, this method is with the GF (2 of this two substrates field m) multiplier, a constant multiplication and three GF (2 m) addition carries out this four GF (2 m) the part multiplying.
  15. 15. the Galois GF (2 that partly imports in proper order as claimed in claim 10 n) manner of execution of multiplication, this method is utilized two control signals, with this GF ((2 m) 2) multiplication result in this higher order element and low order element deposit in respectively in two buffers.
  16. 16. the Galois GF (2 that partly imports in proper order as claimed in claim 11 n) manner of execution of multiplication, wherein this compound reflection computing and this product matrix are integrated into a matrix conversion computing.
CN200810176062A 2008-11-11 2008-11-11 Semi-sequential input Galois multiplier and executing method thereof Active CN101739233B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810176062A CN101739233B (en) 2008-11-11 2008-11-11 Semi-sequential input Galois multiplier and executing method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810176062A CN101739233B (en) 2008-11-11 2008-11-11 Semi-sequential input Galois multiplier and executing method thereof

Publications (2)

Publication Number Publication Date
CN101739233A CN101739233A (en) 2010-06-16
CN101739233B true CN101739233B (en) 2012-08-29

Family

ID=42462761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810176062A Active CN101739233B (en) 2008-11-11 2008-11-11 Semi-sequential input Galois multiplier and executing method thereof

Country Status (1)

Country Link
CN (1) CN101739233B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102314330B (en) 2011-09-09 2013-12-25 华南理工大学 Composite finite field multiplier

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1459710A (en) * 2002-05-17 2003-12-03 矽统科技股份有限公司 Systoletype multiplier structure used in double basement finite region
US6760742B1 (en) * 2000-02-18 2004-07-06 Texas Instruments Incorporated Multi-dimensional galois field multiplier
CN1608244A (en) * 2001-11-30 2005-04-20 阿纳洛格装置公司 Galois field multiply/ multiply-add/multiply accumulate
CN1652075A (en) * 2003-07-03 2005-08-10 诚致科技股份有限公司 System and method for efficient VLSI architecture of finite fields

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6760742B1 (en) * 2000-02-18 2004-07-06 Texas Instruments Incorporated Multi-dimensional galois field multiplier
CN1608244A (en) * 2001-11-30 2005-04-20 阿纳洛格装置公司 Galois field multiply/ multiply-add/multiply accumulate
CN1459710A (en) * 2002-05-17 2003-12-03 矽统科技股份有限公司 Systoletype multiplier structure used in double basement finite region
CN1652075A (en) * 2003-07-03 2005-08-10 诚致科技股份有限公司 System and method for efficient VLSI architecture of finite fields

Also Published As

Publication number Publication date
CN101739233A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
TWI406138B (en) Sequential galois field multiplication architecture and method
CN102263636B (en) Stream cipher key control method for fusing neural network with chaotic mappings
Ueno et al. High throughput/gate AES hardware architectures based on datapath compression
Shahbazi et al. Design and implementation of an ASIP-based cryptography processor for AES, IDEA, and MD5
Rachh et al. Efficient implementations for AES encryption and decryption
Çavuşoğlu et al. A novel parallel image encryption algorithm based on chaos
US8280938B2 (en) Semi-sequential Galois Field multiplier and the method for performing the same
Rajasekar et al. Design and implementation of power and area optimized AES architecture on FPGA for IoT application
CN107992283B (en) Method and device for realizing finite field multiplication based on dimension reduction
KR20050078271A (en) Hardware cryptographic engine and method improving power consumption and operation speed
He et al. Compact coprocessor for KEM Saber: Novel scalable matrix originated processing
Jing et al. Reconfigurable system for high-speed and diversified AES using FPGA
Hu et al. A high speed processor for elliptic curve cryptography over NIST prime field
KR100457177B1 (en) Serial-Parallel Multiplier to Multiply Two Elements in the Finite Field
CN101739233B (en) Semi-sequential input Galois multiplier and executing method thereof
Buell Modern symmetric ciphers—Des and Aes
CN109033893B (en) AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof
CN111314054A (en) Novel high-security lightweight ECEG block cipher realization method, system and storage medium
Zidarič et al. The welch-gong stream cipher-evolutionary path
CN109033847A (en) AES encryption arithmetic element, AES encryption circuit and its encryption method
Biyashev et al. Algebraic Cryptanalysis of Block Ciphers
CN101335741A (en) Acceleration method and apparatus for GHASH computation in authenticated encryption Galois counter mode
Kholosha Clock-controlled shift registers and generalized Geffe key-stream generator
CN108964875A (en) Ordinary wheel transform operation unit, ordinary wheel translation circuit and AES decrypt circuit
CN114422111B (en) Hardware implementation circuit of light SM4 algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant