Type-II Optimal Polynomial Bases

In the 1990s and early 2000s several papers investigated the relative merits of polynomial-basis and normal-basis computations for F_{2^n}. Even for particularly squaring-friendly applications, such as implementations of Koblitz curves, normal bases fell behind in performance unless a type-I normal basis existed for F_{2^n}. In 2007 Shokrollahi proposed a new method of multiplying in a type-II normal basis. Shokrollahi’s method efficiently transforms the normal-basis multiplication into a single multiplication of two size-(n?+?1) polynomials. This paper speeds up Shokrollahi’s method in several ways. It first presents a simpler algorithm that uses only size-n polynomials. It then explains how to reduce the transformation cost by dynamically switching to a ‘type-II optimal polynomial basis’ and by using a new reduction strategy for multiplications that produce output in type-II polynomial basis. As an illustration of its improvements, this paper explains in detail how the multiplication overhead in Shokrollahi’s original method has been reduced by a factor of 1.4 in a major cryptanalytic computation, the ongoing attack on the ECC2K-130 Certicom challenge. The resulting overhead is also considerably smaller than the overhead in a traditional low-weight-polynomial-basis approach. This is the first state-of-the-art binary-elliptic-curve computation in which type-II bases have been shown to outperform traditional low-weight polynomial bases. Keywords Optimal normal basis - ONB - polynomial basis - transformation - elliptic-curve cryptography.

[1]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[2]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[3]  Joachim von zur Gathen,et al.  Computing special powers in finite fields: extended abstract , 1999, ISSAC '99.

[4]  Tim Güneysu,et al.  Breaking Elliptic Curve Cryptosystems Using Reconfigurable Hardware , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[5]  Toshiya Itoh,et al.  Structure of Parallel Multipliers for a Class of Fields GF(2^m) , 1989, Inf. Comput..

[6]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[7]  Joachim von zur Gathen,et al.  Efficient Multiplication Using Type 2 Optimal Normal Bases , 2007, WAIFI.

[8]  Walter Hansen Zum Scholz-Brauerschen Problem. , 1959 .

[9]  Ronald C. Mullin,et al.  Optimal normal bases in GF(pn) , 1989, Discret. Appl. Math..

[10]  A. A. Bolotov,et al.  On a quick multiplication in normal bases of finite fields , 2001 .

[11]  Y. Tsai,et al.  On addition chains , 1992 .

[12]  Tanja Lange,et al.  Breaking ECC2K-130 , 2009, IACR Cryptol. ePrint Arch..

[13]  Donald Ervin Knuth,et al.  The Art of Computer Programming, Volume II: Seminumerical Algorithms , 1970 .

[14]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume I: Fundamental Algorithms, 2nd Edition , 1997 .

[15]  Daniel J. Bernstein,et al.  Batch Binary Edwards , 2009, CRYPTO.

[16]  Journal für die reine und angewandte Mathematik , 1893 .

[17]  M. Anwar Hasan,et al.  Subquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases , 2007, IEEE Transactions on Computers.

[18]  Donald E. Knuth The art of computer programming: fundamental algorithms , 1969 .

[19]  D. Bernstein Optimizing linear maps modulo 2 , 2009 .

[20]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[21]  S. Vanstone,et al.  OPTIMAL NORMAL BASES IN GF(p”)* , 2002 .

[22]  Donald E. Knuth,et al.  The art of computer programming: V.1.: Fundamental algorithms , 1997 .

[23]  Joachim von zur Gathen,et al.  Algorithms for Exponentiation in Finite Fields , 2000, J. Symb. Comput..

[24]  Joachim von zur Gathen,et al.  Gauss Periods and Fast Exponentiation in Finite Fields (Extended Abstract) , 1995, LATIN.

[25]  Jamshid Shokrollahi,et al.  Efficient implementation of elliptic curve cryptography on FPGAs , 2006 .

[26]  ItohToshiya,et al.  A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases , 1988 .