2005년 8월

교육학석사(
전기․전자․통신교육전공)
학위논문

합성체를 이용한 유한체의 역원 계산

알고리즘 구현

조선대학교 교육대학원

전기․전자․통신교육전공

신 자 영
합성체를 이용한 유한체의 역원 계산

알고리즘 구현

Implementation of Inverse Algorithm in Finite Fields using

Composite Fields

2005년 8월

조선대학교 교육대학원

전기․전자․통신교육전공

신 자 영
합성체를 이용한 유한체의 역원 계산
알고리즘 구현

지도교수 이 강 현

이 논문을 교육학석사(
전기․전자․통신

교육전공)
학위 청구논문으로 제출합니다.

2005년 4월

조선대학교 교육대학원

전기․전자․통신교육전공

신 자 영
신자영의 교육학 석사학위 논문을
인준합니다.

심사위원장 조선대학교 교수 朴 種 伯 인

심사위원 조선대학교 교수 朴 暢 均 인

심사위원 조선대학교 교수 李 康 鉉 인

2005년 6월

조선대학교 교육대학원
Li
stofTabl
e··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··ⅲ

Li
stofFi
gur
es·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··ⅳ

Abs
tract·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··ⅴ

·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·1

·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·3

1Ge
2. ne
ralFi
eldThe
ory·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·3

2.
2Fi
nit
eFi
elds·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··5

2.
3Pr
imeFi
eldAr
ithme
tic·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··10

2.
4Cons
truct
ing Fi
nit
eFi
elds·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··12

·
··
··
··
··
··
··17

1Fe
3. rmatt
heor
em ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·17

3.
2Ext
ende
dEucl
idal
gor
ithm ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·17

3.
3Cal
cul
ati
onoft
hei
nve
rseusi
ng amul
ti
pli
eroft
heGF(
2)f
ini
tef
iel
d··19
8

3.
4Compos
iteFi
elds·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·19

·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··21

4.
1Pr
oce
ssofcal
cul
ati
ng f
ini
tef
iel
dinver
se·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··21

4.
2Ci
rcui
tde
signoft
hepr
opos
edi
nve
rseal
gor
ithm ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·22

4.
3Si
mul
ati
on ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··23

4.
4Me
asur
ing f
unc
tion ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·25

·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··27

- i -
 ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·29

Re
fer
ence
s··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·30

- ii -
Tabl
e1.Re
sul
tsofc
irc
uits
ynt
hes
isandcompar
isonoff
unc
tion·
··
··
··
··
··
··
··
··
··
··
··
··25

- iii -
Fi
g.1.Re
pre
sent
ati
onof ∊  asanar
ray of -bi
twor
ds·
··
··
··
··
··
··
··
··
··
··
··
··10

Fi
g.2.Ci
rcui
tde
signf
ori
nve
rsecal
cul
ati
onus
ing compos
itef
iel
ds·
··
··
··
··
··
··
··
··
··
·23

Fi
g.3.showst
heval
uesofS andR bl
ocks ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··23

Fi
g.4.Val
uesf
rom si
mul
ati
on ·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··24

Fi
g.5.Gat
ele
velci
rcui
t··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·25

Fi
g.6.FPGA Ci
rcui
tde
sign·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·27

Fi
g.7.FLEX10K FPGA ver
ifi
cat
ionc
irc
uit·
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
··
·28

- iv -
 ABSTRACT

Implementation of Inverse Algorithm in Finite Fields using

Composite Fields

SHI
N,J
a-young

Advi
sor:Pr
of.RHEE,Kang Hyeon,Ph.
D.

Maj
ori
nEl
ect
ric
ity,El
ect
roni
csandCommuni
cat
ionEduc
ati
on

Gr
aduat
eSc
hoolofEduc
ati
on,ChosunUni
ver
sit
y

유한체(
Fini
tef
iel
dorGal
oisf
iel
d)는 스위칭 이론,디지털 신호처리 및 화상처리,

디지털 통신의 암호화 및 해독화를 요하는 보안 통신 등에서 많이 응용되고 있다.

특히 오류정정부호 중 BCH 부호나 Re

ed-Sol
omon 부호와 같은 블록부호는 유한

체 상에서 정의되며,CD(
CompactDi
sc)
,DAT(
Digi
talAudi
o Tape
),타원곡선 알

고리즘 등의 부호화 및 복호화에 의 산술연산이 적용되어진다.현재 많은

응용분야에서 유한체 연산의 실시간 처리를 요하므로 유한체 연산을 위한 전용 하

드웨어 설계가 필요하게 되었고 이에 대한 많은 연구가 행하여지고 있다.

유한체는 사칙연산이 정의되는 유한개의 연소를 갖는 필드이며 모든 소수 P와

양수 에 대해서 개의 원소를 갖는 하나의 필드만이 존재한다.이 필드를 유한

체 필드라고 부르며 으로 나타낸다.유한체 상에서의 연산은 가ㆍ감산과 승

산,그리고 제산이 있으나 디지털 시스템은 유한체의 개수가 2의 승수인 에

서 이루어진다.유한체의 역원의 계산은 크게 유한체 제산기를 이용하는 방법과 승

산기를 이용하는 방법으로 나누어진다.제산기를 이용하는 방법은 빠른 동작 속도

를 가지나 하드웨어의 면적이 커지며,승산기를 이용한 방법은 하드웨어의 면적은

- v -
작아지나 계산에 많은 시간이 소모된다.본 논문에서는 합성체(
Compos
ite Fi
elds
)

를 이용하여 의 유한체의 역원을 계산할 수 있는 알고리즘을 제시하고 이

를 하드웨어로 구현하여 현재 사용되어지는 '

Itoh and Ts
uji
i'하드웨어 구조와 하

드웨어 면적 및 계산 속도의 성능을 비교 하였다.또한 AES의 SubByt

es 블록에

이를 삽입하여 Al
ter
a FLEX10
K FPGA 에뮬레이터 보드에 구현하여 제시된 알고

리즘의 회로가 정상적으로 동작함을 확인하였다.

- vi -
 Fi
nit
efi
elds(
orGal
oisf
iel
ds)ar
eappl
iedf
requent
lyi
nse
cur
ityc
ommuni
cat
ion

nee
ding di
git
al c
ommuni
cat
ion c
odi
ng and i
nte
rpr
etat
ion suc
h as s
wit
chi
ng

t
heor
em,di
git
als
ignalpr
oce
ssi
ng andi
magepr
oce
ssi
ng.

Es
pec
ial
ly,bl
ockc
ode
ssuc
h as BCH c
ode and Re
ed-Sol
omon code among

e
rror c
orr
ect
ing c
ode
s ar
e def
ined wi
thf
ini
tef
iel
ds.Ar
ithmet
ic ope
rat
ion of

i
s us
ed f
or t
he e
ncodi
ng and dec
odi
ng of CD (
compac
t di
sc)
,

DAT(
digi
talaudi
otape
),and el
li
pti
calc
urvecr
ypt
ogr
aphy.I
n appl
icat
ion f
iel
ds,

many r
ese
arc
hes ar
e unde
rway f
or des
igni
ng har
dwar
esf
orus
ing f
ini
tef
iel
d

ope
rat
ion i
s ne
ede
dsi
nce pr
oce
ssi
ng f
ini
tef
iel
d ope
rat
ion i
s ne
ede
dinr
eal

t
ime
[1,
2].

A f
ini
tef
iel
d i
sa f
iel
d havi
ng a f
ini
te numbe
r of e
leme
nts wi
th f
our

f
undament
al r
ule
s of ar
ithme
tic
s and e
xis
ts i
n t
he f
iel
d havi
ng onl
y

e
leme
ntsf
or pr
ime numbe
r and pos
iti
ve numbe
r ofal
lel
eme
nts.Thi
s

f
ini
tef
iel
dise
xpr
ess
edas .Ope
rat
ionsonaf
ini
tef
iel
dincl
udeaddi
ti
on,

s
ubt
rac
tion,mul
ti
pli
cat
ion and di
visi
on. Howe
ver
,a di
git
als
yst
em i
sac
hie
ved

at whe
ret
he numbe
r of f
ini
tef
iel
ds i
s 2, i
.e.
, wi
thi
n mul
ti
pli
er.

Cal
cul
ati
on ofmul
ti
pli
cat
ive i
nve
rse off
ini
tef
iel
dis di
vide
dlar
gel
yint
otwo

me
thods
,i.
e.
,the me
thod us
ing a f
ini
tef
iel
d di
vide
rand t
he me
thod us
ing a

mul
ti
pli
er.Thef
orme
rme
thod i
sfas
tbutne
edsal
argear
eaofhar
dwar
e.The

l
att
erme
thod nee
ds a s
mal
lerar
ea ofhar
dwar
e butne
eds much t
ime.I
nthi
s

pape
r,we pr
opose
d an al
gor
ithm t
hat c
oul
dcal
cul
ate mul
ti
pli
cat
ive

i
nve
rse off
ini
tef
iel
d usi
ng composi
tef
iel
ds,i
mpl
ement
edt
his al
gor
ithm i
na

har
dwar
e,and c
ompar
ethi
shar
dwar
ewi
tht
hec
urr
ent
ly use
d'I
toh and Ts
uji
i'

har
dwar
einr
espec
tto st
ruc
tur
e,ar
ea and c
omput
ati
on t
ime
.Fur
the
rmor
e,t
his

har
dwar
e was i
nse
rte
d i
nto t
he AES SubByt
es bl
ock t
o s
how on FPGA

- 1 -
e
mul
atorboar
dto conf
irm t
hatt
hec
irc
uitofpr
opose
d al
gor
ithm wasnor
mal
ly

f
unc
tioni
ng. I
nthi
spape
r,t
hecal
cul
ati
on ofal
gor
ithm mul
ti
pli
cat
ivei
nve
rsei
s

e
xami
nedi
n Chapt
er3 and t
he cal
cul
ati
on ofal
gor
ithm mul
ti
pli
cat
ive i
nve
rse

wasi
mpl
eme
nte
dus
ing t
hepr
opos
edc
ompos
itef
iel
dinChapt
er4.I
nChapt
er5,

we c
ompar
ethe c
ircui
timpl
ement
ati
on,ac
tivi
ty char
act
eri
sti
c,and '
Itoh and

Tsuj
ii
'func
tion.Theconc
lusi
oni
sdr
awni
nChapt
er6.

- 2 -
 Fi
nit
efi
elds ar
ethe ge
ner
alst
art
ing poi
nt f
or t
he c
ons
truct
ions of many

c
ombi
nat
ori
al s
truct
ures
.It wi
ll be i
mpor
tant t
o know t
he f
undame
ntal
s

c
once
rni
ng t
hes
efi
elds i
n or
dert
oinve
sti
gat
ecombi
nat
ori
als
truc
tur
es and

r
elat
ed ar
easofc
ombi
nat
ori
ali
nte
rest
.Unf
ort
unat
ely,t
hear
eaoff
iel
dthe
oryi
s

r
athe
rlar
ge and i
twoul
d be i
mpos
sibl
eforus t
ocoveri
tin de
tai
land st
il
l

havet
imet
owor
k wi
tht
her
esul
ts.I
nthei
nte
restofcons
ervi
ng t
ime,wewi
ll

pr
esent t
he el
ement
s of ge
ner
alf
iel
dthe
ory wi
thout pr
oof
s and onl
y pr
ove

s
tat
eme
ntswhe
nwet
urnourat
tent
ions
peci
fi
cal
lyt
ofi
nit
efi
elds.

I
twi
llbe as
sume
dthatyou ar
efami
li
arwi
tht
he de
fini
ti
on ofa f
iel
d,t
he

de
fini
ti
on and bas
ic pr
ope
rti
es ofve
ctors
pac
es and t
he f
actt
hatt
he i
nteger
s

modul
o a pr
ime f
orm af
iel
d(af
ini
teone
),whi
ch wewi
llde
not
eby

(
standi
ng f
ort
heGal
oisFi
eldofor
der )
.

Le
t be a f
iel
dcont
aini
ng a subs
et ,whi
chi
sit
sel
fa f
iel
d unde
rthe

ope
rat
ions i
nher
ite
dfr
om .The
n i
s cal
led an e
xtens
ion of ,and a

s
ubf
iel
d of .Eve
ryf
iel
d has a s
mal
lestsubf
iel
d,c
all
edt
he pr
ime s
ubf
iel
d,

whi
ch i
sis
omor
phi
ctoe
ithe
rthe f
iel
d ofr
ati
onal
s ,i
n whi
ch cas
e we say

t
hati
thasc
har
act
eri
sti
cze
ro,ort
oa f
orsomepr
ime ,i
n whi
ch cas
e

we s
ay t
hati
thas char
act
eri
sti
c .We shal
lde
not
ethe c
har
act
eri
sti
c ofan

ar
bit
rar
yfi
eld bychar .

I
f i
sane
xte
nsi
onof (
denot
ed )
,and i
sane
leme
ntof butnot

an e
leme
nt of ,t
hent
he smal
les
tfi
eld cont
aini
ng bot
h and wi
llbe

de
not
ed by and i
sasubf
iel
d of .Si
mil
arl
y,t
hes
mal
lestf
iel
d cont
aini
ng

- 3 -
 and t
hee
leme
nts i
n wi
llbewr
itt
en as

.Any e
xte
nsi
on f
iel
d of can bevi
ewe
d asavec
tors
pac
eove
r and

t
he di
mensi
on oft
his ve
ctorspace i
s cal
ledt
he degr
ee of ove
r ,and i
s

de
not
ed by .I
ftheve
ctorspacei
sfi
nit
edi
mensi
onalwes
ay t
hat i
sa

f
ini
tee
xte
nsi
on of .I
f i
saf
ini
tee
xtens
ion of and i
saf
ini
te

e
xte
nsi
onof ,t
hen .

De
not
eby t
her
ing ofpol
ynomi
alsover i
nthevar
iabl
e . i
sa

pr
inc
ipali
dealdomai
n(an i
deali
sas
ubr
ing t
hati
scl
ose
d undermul
ti
pli
cat
ion,

apr
inc
ipali
deali
san i
dealgene
rat
edby as
ingl
eel
eme
nt,andapr
inci
pali
deal

domai
nisa commut
ati
ver
ing wi
th uni
ty al
lofwhosei
deal
sar
epr
inci
pal
).A

pol
ynomi
ali
n i
ssai
dto bemoni
cift
hec
oef
fic
ientoft
hehi
ghes
tpowe
r

i
n i
s uni
ty.I
tisi
rre
duci
blei
fiti
s not t
he pr
oduct of t
wo nons
cal
ar

pol
ynomi
alsi
n .I
f i
san i
rre
duci
blepol
ynomi
ali
n ,t
hen any z
ero

(
i.
e.
,root
)of i
snoti
n ands
othe
rei
sasmal
leste
xte
nsi
on f
iel
d of

t
hatc
ont
ainsi
t.Fur
ther
mor
e, i
sisomor
phi
ctot
hequot
ientf
iel
d ,

whe
re denot
est
he pr
inci
pali
dealof ge
ner
ate
d by .I
fthe

i
rre
duc
ibl
epol
ynomi
al i
sofdegr
ee ,t
hen .Fur
ther
mor
e,i
f i
s

t
hez
eroof i
nque
sti
on,t
hen andt
heel
ement
s

f
orm abas
isof over .

Be
for
ewec
ont
inue
,letusi
ll
ust
rat
ethe
sei
deaswi
th a we
ll-known e
xampl
e.

The f
iel
d ofc
ompl
ex number
sis us
ual
ly des
cri
bedi
n one oft
wo ways
,

e
ithe
ras t
he se
tofnumbe
rs wher
e a and b ar
ere
alnumbe
rs and

    ori
fyou pr
efe
rnott
o me
nti
on t
he i
magi
nar
y number , can be

de
scr
ibe
d ast
hese
tofal
lpai
rs ofr
ealnumber
swhe
readdi
ti
on oft
wo

pai
rsi
sthe us
ualcompone
ntwi
se addi
ti
on and mul
ti
pli
cat
ion oft
wo pai
rsi
s

de
fine
d by .The s
econd ve
rsi
on i
s ofc
our
se

vi
ewi
ng asa ve
ctors
pac
eofdi
mensi
on 2 ove
rther
ealnumber
s .Le
tus

- 4 -
s
eehow wewoul
dconst
ruc
t s
tar
ting wi
tht
hesubf
iel
d .Now and

i
sthe r
ing of al
lpol
ynomi
als wi
thr
ealcoef
fi
cie
nts
.The pol
ynomi
al

   i
s moni
csi
ncet
he c
oef
fic
ientof i
s and i
tisi
rreduc
ibl
e over

s
inc
eitc
annotbe f
act
ore
dint
o pol
ynomi
als wi
th onl
yre
alc
oef
fi
cie
nts
.The

pr
inc
ipali
deal cons
ist
sofal
lpol
ynomi
alst
hathave    asaf
act
or.

The quot
ient f
iel
d s
truct
ure, i
s obt
aine
d by t
aki
ng e
ach

pol
ynomi
ali
n and di
vidi
ng i
tby   .The pol
ynomi
alst
hathave t
he

s
amer
emai
nde
raf
terdi
visi
on f
orm e
qui
val
enc
ecl
asse
s,whi
ch ar
ethee
leme
nts

of t
he quot
ient f
iel
d.The di
ffe
rent pos
sibl
ere
mai
nde
rs ar
ethe pol
ynomi
als

  ,wher
e i
n ,and we i
dent
ifyt
he e
qui
val
ence cl
asse
s wi
tht
hes
e

r
emai
nder
s.The as
soc
iat
ion    i
ff    c
lear
ly shows t
hatt
he quot
ient

f
iel
d and ar
eisomor
phi
c.Now,l
et beaz
eroof   ,i
.e.    ,s
o

      whi
chi
snotane
leme
ntof . f
ormsabasi
sfor ove
r

s
inc
eeve
rye
leme
ntof can bewr
itt
en as        wi
th i
n and

and ar
eeasi
lys
eent
o be l
ine
arl
yinde
pendent
.Us
ing t
his bas
is,we c
an

i
dent
ifyt
heel
ement
sof wi
tht
hei
rcoe
ffi
cie
ntve
ctor
s,i
.e.   i
ff t
o

ge
tthe se
cond r
epr
esent
ati
on as a vec
tor s
pac
e ofdi
mens
ion 2 (
not
ice t
he

hi
ghe
stpowe
rof i
nthei
rre
duci
blepol
ynomi
al)
.

Fi
elds ar
e abs
trac
tions of f
ami
li
ar numbe
rsys
tems (
suc
h as t
he r
ati
onal

numbe
rs ,t
he r
eal numbe
rs ,and t
he c
ompl
ex numbe
rs ) and t
hei
r

e
sse
nti
alpr
ope
rti
es.The
ycons
ist of a s
et t
oge
the
r wi
tht
wo ope
rat
ions
,

addi
ti
on (
denot
ed by +)and mul
ti
pli
cat
ion (
denot
ed by ·
),t
hatsat
isf
ytheusual

ar
ithme
ticpr
ope
rti
es:

- 5 -
 (
i)( ,+)i
sanabe
liangr
oupwi
th(
addi
ti
ve)i
dent
ityde
not
edby .

(
ii
)( ,·
)isanabe
liangr
oupwi
th(
mul
ti
pli
cat
ive
)ide
nti
tyde
not
edby .

(
ii
i)Thedi
str
ibut
ivel ds:   ⋅  ⋅  ⋅ f
aw hol oral
l ∊

I
fthes
et i
sfi
nit
e,t
hent
hef
iel
diss
aidt
obef
ini
te.

Thi
s se
cti
on pr
ese
nts bas
icf
act
s aboutf
ini
tef
iel
ds.Ot
herpr
ope
rti
es wi
llbe

pr
ese
nte
dthr
oughoutt
hebookasne
ede
d.

A f
iel
d i
s e
qui
ppe
d wi
th t
wo ope
rat
ions
, addi
ti
on and mul
ti
pli
cat
ion.

Subt
rac
tion of f
iel
del
eme
ntsi
s de
fine
dint
erms of addi
ti or   ∊  ,
on:f

         wher
e i
sthe uni
quee
leme
nti
n suc
hthat

( i
scal
ledt
hene
gat
iveof .
)Si
mil
arl
y,di
vis
ion off
iel
del
eme
ntsi
sde
fine
d

i
nte
rmsofmul
ti
pli
cat
i or   ∊  wi
on:f th  ≠     ⋅ whe
re i s
 

t
heuni
quee
leme
nti
n s
ucht
hat⋅  .(  i
scal
ledt
hei
nve
rseof .
)


Theor
derofaf
ini
tef
iel
dist
henumbe
rofe
leme
ntsi
nthef
iel
d.The
ree
xis
ts

af
ini
tef
iel
d ofor
der i
fandonl
yif i
sapr
imepowe
r,i
.e.
,   whe
re


i
sapr
imenumbe
rcal
ledt
hec
har
act
eri
sti
cof ,andm i
sapos
iti
vei
nte
ger
.

I
f ,t
hen i
scal
led a pr
ime f
iel
d.I
f ≥ ,t
hen i
scal
led an

e
xte
nsi
on f
iel
d.Forany pr
imepowe
r ,t
her
eise
sse
nti
all
y onl
y onef
ini
tef
iel
d

ofor
der i
nfor
mal
ly,t
his me
ans t
hatany t
wo f
ini
tef
iel
ds ofor
der ar
e

s
truct
ural
ly t
he s
ame e
xce
pt t
hat t
he l
abe
ling us
ed t
ore
pre
sent t
he f
iel
d

e
leme
nts may be di
ffe
rent
.We s
ay t
hatany t
wo f
ini
tef
iel
ds ofor
der ar
e

i
somor
phi
candde
not
esuc
haf
iel
dby .

- 6 -
 Le
t bea pr
ime numbe
r.Thei
nte
ger
s modul
o ,c
ons
ist
ing oft
he i
nte
ger
s

           wi
th addi
ti
on and mul
ti
pli
cat
ion pe
rfor
med modul
o ,i
sa

f
ini
tef
iel
d ofor
der .Wes
hal
lde
not
ethi
sfi
eld by  and c
allp t
hemodul
us

of .Forany i
nte
ger , s
hal
lde
not
etheuni
quei
nte
gerr
emai
nde
r ,

≤ ≤ ,obt
aine
d upon di
vidi
ng by t
his ope
rat
ion i
scal
ledr
educ
tion

modul
o .

Fi
nit
efi
elds ofor
der ar
e cal
led bi
nar
yfi
elds orc
har
act
eri
sti
c-t
wo f
ini
te


f
iel
ds.One way t
ocons
tr t  i
uc sto us
e a pol
ynomi
albas
isr
epr
ese
ntat
ion.

He
re,t
he e
leme
nts of  ar
ethe bi
nar
y pol
ynomi
als(
pol
ynomi
als whos
e

c
oef
fic
ient
sar
eint
hef
iel
d )ofde
gre
eatmos
t :

             ⋯        ∊    

An i
rre
duc
ibl
e bi
nar
y pol
ynomi
al of de
gre
e m i
s c
hos
en (
suc
h a

pol
ynomi
ale
xis
tsf
orany m and c
an bee
ffi
cie
ntl
yfound)
.Ir
reduc
ibi
li
ty of

me
anst
hat c
annotbef
act
ore
d asa pr
oduc
tofbi
nar
y pol
ynomi
alse
ach of

de
gre
e l
ess t
han . Addi
ti
on of f
iel
d e
leme
nts i
s t
he us
ual addi
ti
on of

pol
ynomi
als
,wi
th coe
ffi
cie
nt ar
ithme
tic pe
rfor
med modul
o 2.Mul
ti
pli
cat
ion of

f
iel
del
eme
ntsi
s pe
rfor
med modul
othe r
educ
tion pol
ynomi
al .For any

bi
nar
y pol
ynomi
al , s
hal
l de
not
ethe uni
que r
emai
nde
r

pol
ynomi
al ofde
gre
ele
sst
han obt
aine
d upon l
ong di
vis
ion of by

t
hisope
rat
ioni
scal
ledr
educ
tionmodul
o .

- 7 -
The pol
ynomi
albas
isr
epr
ese
ntat
ion f
orbi
nar
yfi
elds c
an be ge
ner
ali
zedt
o al
l

e
xte
nsi
on f
iel
dsasf
oll
ows
.Le
t beapr
imeand ≥ .Le
t    de
not
ethe

s
etofal
lpol
ynomi
alsi
nthevar
iabl
e wi
thc
oef
fi
cie
ntsf
rom .Le
t ,t
he

r
educ
tion pol
ynomi
al,bean i
rre
duc
ibl
epol
ynomi
alofde
gre
em i
n   -s
ucha

pol
ynomi
ale
xis
tsf
orany and andc
anbee
ffi
cie
ntl
yfound.I
rre
duci
bil
it
y of

me
ans t
hat cannotbe f
act
ore
d as a pr
oduc
tofpol
ynomi
alsi
n   

e
ach ofde
gre
ele
sst
han .Thee
leme
ntsof  ar
ethepol
ynomi
alsi
n   

ofde
gre
eatmos
t :

             ⋯        ∊  

Addi
ti
on off
iel
del
eme
ntsi
stheus
ualaddi
ti
on ofpol
ynomi
als
,wi
thc
oef
fi
cie
nt

ar
ithme
ticpe
rfor
medi
n .Mul
ti
pli
cat
ion off
iel
del
eme
ntsi
spe
rfor
med modul
o

t
hepol
ynomi
al .

As
ubs
et ofaf
iel
d i
sasubf
iel
d of i
fk i
sit
sel
faf
iel
d wi
thr
espe
ct

t
otheope
rat
ionsof .I
nthi
sins
tance
, i
ssai
dtobeane
xte
nsi
onf
iel
dof .

Thes
ubf
iel
dsofaf
ini
tef
iel
dcan bee
asi
ly char
act
eri
zed.A f
ini
tef
iel
d  has

pr
eci
sel
y ones
ubf
iel
d ofor
der f
ore
ach pos
iti
vedi
vis
or ofm t
hee
leme
nts


oft
hiss
ubf
iel
d ar
ethe e
leme
nts  ∊  s
ati
sfyi
ng   .Conve
rse
ly,e
ver
y



s
ubf
iedof hasor
l der f
ors
omepos
iti
vedi
vis
or of .


- 8 -
 The f
ini
tef
iel
d  c
an be vi
ewe
d as a ve
ctor s
pac
e ove
rit
ssubf
iel
d .

He
re,ve
ctor
sar
eel
eme
ntsof ,s
cal
arsar
eel
eme
ntsof ,ve
ctoraddi
ti
on i
s

t
headdi
ti
onope
rat
ioni
n ,ands
cal
armul
ti
pli
cat
ioni
sthemul
ti
pli
cat
ioni
n 

of -e
leme
nts wi
th -e
leme
nts
.The ve
ctors
pac
e has di
mens
ion and has

manybas
es.

f    ⋯   i
I sabas
is,t
hen  ∊  c
an beuni
que
lyr
epr
ese
nte
dby

an -t
upl
e   ⋯   of -e
leme
nts whe
re      ⋯ .For

e
xampl
e,i
n t
he pol
ynomi
albas
isr
epr
ese
ntat
ion of t
he f
iel
d Fpm de
scr
ibe
d

, i
above san -di
mens
ionalve
ctors
pac
eove
r  and 

     ⋯     

i
sabas
isf
or  ove
r .

The nonz
eroe
leme
nts ofa f
ini
tef
ied ,de
l not
ed ,f
orm a cyc
lic gr
oup

unde
rmul
ti
pli
cat
ion.He
ncet
her
eexi
ste
leme
nts  ∊  c
all
ed ge
ner
ator
ssuc
h


t
hat
:

     ≤  ≤    

Theor
derof  ∊  i
sthes
mal
lestpos
iti
vei
nte
ger s
ucht
hat   .Si
nce


 i
sac
ycl
icgr
oup,i
tfol
lowst
hat i
sadi
vis
orof .

- 9 -
 Thi
sse
cti
on pr
ese
nts al
gor
ithms f
orpe
rfor
ming ar
ithme
tici
nthe pr
ime f
iel
d

.Al
gor
ithmsf
orar
bit
rar
y pr
ime
s ar
epr
ese
nte
d.Ther
educt
ion s
tepc
an be

acc
ele
rat
edc
ons
ide
rabl
y whe
n t
he modul
us has a s
pec
ial f
orm.Ef
fi
cie
nt

r
educ
tional
gor
ithmsf
ort
heNI
ST pr
ime
.

The al
gor
ithms pr
ese
nte
d he
re ar
e we
llsui
tedf
or sof
twar
eimpl
eme
ntat
ion.

Weas
sumet
hatt
hei
mpl
eme
ntat
ion pl
atf
orm hasa -bi
tar
chi
tect
urewhe
re

i
s a mul
ti
ple of 8.Wor
kst
ati
ons ar
ecommonl
y 64 or 32-bi
t ar
chi
tec
tur
es.

Low-powe
rori
nexpe
nsi
vec
ompone
ntsmay haves
mal
ler ,f
ore
xampl
e,s
ome

e
mbe
dde
d sys
temsar
e16-bi
tand s
mar
tcar
dsmay have = 8.Thebi
tsofa

-bi
twor
d ar
e numbe
redf
rom t
o ,wi
tht
he r
ight
mos
tbi
tof

de
signat
edasbi
t.

The e
leme
nts of  ar
ethe i
nte
ger
sfr
om t
o .Le
t     be t
he

bi
tle h of ,and
ngt be i
ts wor
dle
ngt
h.Fi
g.1 i
ll
ust
rat
est
he c
ase

whe
ret
he bi
nar
yre
pre
sent
ati
on of a f
iel
del
eme
nt a i
s st
ore
din an ar
ray

                 of -bi
twor
ds,whe
ret
her
ight
mos
tbi
t

of i
sthel
eas
tsi
gni
fi
cantbi
t.

A[
t-1] … A[
2] A[
1] A[
0]

Fi
g.1Re
pre
sent
atonof ∊  asanar
i ray of -bi
twor
ds.

Har
dwar
e char
act
eri
sti
cs may f
avour appr
oac
hes di
ffe
rentf
rom t
hos
e oft
he

al
gor
ithmsandf
iel
del
eme
ntr
epr
ese
ntat
ionpr
ese
nte
dhe
re.

- 10 -
 Al
gor
ithms f
or f
iel
d addi
ti
on and s
ubt
rac
tion ar
e gi
ven i
n t
erms of

c
orr
espondi
ng al
gor
ithms f
or mul
ti
-wor
dint
ege
rs.The f
oll
owi
ng not
ati
on and

t
ermi
nol
ogy i
sus
ed.An ass
ignme
ntoft
hef
orm "  ←"f
oran i
nte
ger i
s

unde
rst
oodt
ome
an

←  ,and

←   ∊       ←

I
f       for   ∊     and  ∊     t
hen      and 
   

i
scal
ledt
he c
arr
y bi
tfr
om si
ngl
e-wor
d addi
ti
on (
wit
h  i
fand onl
yif

     .

Fi
eld mul
ti
pli
cat
ion of   ∊  c
an be ac
compl
ishe
d by f
irs
tmul
ti
plyi
ng

and as i
nte
ger
s,and t
henr
educ
ing t
he r
esul
t modul
o .Al
gor
ithms ar
e

e
leme
ntar
y i
nte
ger mul
ti
pli
cat
ion r
out
ine
s whi
ch i
ll
ust
rat
e bas
ic ope
rand

s
canni
ng and pr
oduc
tsc
anni
ng me
thods
,re
spe
cti
vel
y.I
n bot
h al
gor
ithms,( )

de
not
esa( )
-bi
tquant
it
y obt
aine
d by conc
ate
nat
ion of -bi
twor
ds and

The c
alc
ulat
ion         ⋅     i
s c
all
ed t
he i
nne
r pr
oduc
t

ope
rat
ion.Si
ncet
heope
randsar
e -bi
tval
ues,t
hei
nne
rpr
oduc
tisbounde
dby

                 andcanber
epr
ese
nte
dby( )
.

Formodul
o t
hatar
enotofs
pec
ialf
orm,t
her
educ
tion mod c
an bean

- 11 -
e
xpe
nsi
vepar
tofmodul
armul
ti
pli
cat
ion.Si
ncet
hepe
rfor
manceofe
lli
pti
ccur
ve

s
che
mes de
pends he
avi
ly on t
he s
pee
d of f
iel
d mul
ti
pli
cat
ion, t
her
e i
s

c
ons
ide
rabl
einc
ent
ivet
ose
lec
tmodul
o,s
uch ast
heNI
ST-r
ecomme
nde
dpr
ime
s,

t
hatpe
rmi
tfas
tre
duc
tion.I
nthi
sse
cti
on,wepr
ese
ntonl
yther
educt
ionme
thod

ofBar
ret
tandanove
rvi
ew ofMont
gome
rymul
ti
pli
cat
ion.

The me
thods of Bar
ret
t and Mont
gome
ry ar
esi
mil
ar i
n t
hat e
xpe
nsi
ve

di
vis
ions i
n c
las
sic
al r
educ
tion me
thods ar
e r
epl
ace
d by l
ess
-expe
nsi
ve

ope
rat
ions
. Bar
ret
tre
duct
ion can be r
egar
ded as a di
rec
tre
place
ment f
or

c
las
sic
al me
thods; howe
ver
, an e
xpe
nsi
ve modul
us-de
pende
nt cal
cul
ati
on i
s

r
equi
red, and he
nce t
he me
thod i
s appl
icabl
e whe
n many r
educ
tions ar
e

pe
rfor
med wi
thas
ingl
e modul
us.Mont
gome
ry'
s me
thod,on t
he ot
her hand,

r
equi
rest
rans
for
mat
ions oft
he dat
a.The t
echni
que c
an be e
ffe
cti
ve whe
nthe

c
ost of t
he i
nput and out
put c
onve
rsi
ons i
s of
fse
t by s
avi
ngs i
n many

i
nte
rme
diat
emul
ti
pli
cat
ions
,asoc
cur
sinmodul
are
xpone
nt.

Not
e t
hat s
ome modul
ar ope
rat
ions ar
e t
ypi
cal
ly r
equi
red i
n a l
arge
r

f
rame
wor
ksuc
hast
hes
ignat
ures
che
mes
,andt
hemodul
oinvol
vedne
ednotbe

ofspe
cialf
orm.

We wi
lli
ll
ust
rat
ethe above mat
eri
alby ac
tual
ly cons
truc
ting some f
ini
te

f
iel
ds.

Si
nce    ,t
he pr
ime f
iel
d mus
t be whos
e e
leme
nts we wi
ll


r
epr
ese
ntby and ,andwhe
readdi
ti
on andmul
ti
pli
cat
ion ar
edonemodul
o

.Wes
eek an ext
ens
ion ofde
gre
e ove
rthepr
imef
iel
d,s
o ourf
irstt
aski
s

- 12 -
t
ofi
nd amoni
cir
reduc
ibl
epol
ynomi
alofdegr
ee i
n .Forl
argef
iel
d

t
hisc
an beadi
ff
icul
tass
ignment
,butf
orsmal
lfi
eldsi
tisnott
oobad.Whi
le

t
her
ear
esomet
heor
emst
hatmay he
lp,t
hebr
utef
orcepr
ocedur
eise
ffe
cti
vei
f

t
hepr
imef
iel
diss
mal
l.Wec
an i
nfac
teas
ilyl
istal
loft
hemoni
cquadr
ati
cs

i
nthi
sri
ng,t
heyar
e:


  
  
  
    
    
  
    
    

Now t
he pr
obl
em i
stof
ind t
he i
rre
duci
ble one
sint
hisl
ist
.Cl
ear
ly,any

pol
ynomi
alwi
thouta c
onst
antt
erm i
sfact
orabl
e( i
saf
act
or)
,so t
he f
irs
t,

f
our
th and s
eve
nthc
an i
mmedi
ate
ly be cr
oss
ed out
.For t
he r
emai
ning s
ix

pol
ynomi
als,we may optf
or one oft
wo pr
oce
dur
es.We c
oul
dtake e
achi
n

t
urn and s
ubs
tit
ute al
lthe f
iel
del
eme
ntsf
or ,i
fnone oft
hese subs
tit
uti
ons

e
val
uat
est
oze
ro,t
hepol
ynomi
ali
sir
reduci
ble(
i.
e.
,ithasnor
ooti
nthef
iel
d).

So,f
ore
xampl
e,s
ubs
tit
uti n    gi
ng i vest
heval
ues     ,    
  

and     ,t
hus    f
act
ors
,inf
act           .On t
he
  

ot
her hand,t
he s
ame pr
oce
dur
efor    gi
ves     ,      and
  

      and so    i
sir
reduci
ble
.The s
econd poss
ibl
e pr
oce
dur
eist
o

t
ake al
lthe l
ine
arf
act
ors(
int
hisc
ase
,bec
ause we wantquadr
ati
c pr
oduc
ts)

- 13 -
and mul
ti
plyt
hem i
n al
lposs
ibl
e pai
rst
o ge
ta l
ist of al
lthe f
act
orabl
e

quadr
ati
cs,r
emovi
ng t
hes
efr
om our l
istl
eaves al
lthe i
rre
duc
ibl
e quadr
ati
cs.

So,

            
          
            

I
mpl
ying t
hat
,   ,      and      ar
ethe onl
yir
reduci
ble
  

moni
c quadr
ati
c pol
ynomi
alsi
n .We coul
d now c
hoos
e any one of

t
hesel
ett
ing beaz
ero oft
hec
hos
en pol
ynomi
aland wr
iteoutt
hee
leme
nts

of i
nit
sve
ctorf
ormr
epr
esent
ati
onus
ing t
hebasi
s .Thi
showeve
r

doe
s notgi
ve us t
he mos
tus
efulr
epr
ese
ntat
ion oft
he f
iel
d.Rat
her
,we wi
ll

use t
he f
actt
hatt
he mul
ti
pli
cat
ive gr
oup oft
he f
iel
disc
ycl
ic,so i
fwe can

f
ind a pr
imi
ti
vee
leme
nt(
i.
e.
,a ge
ner
atoroft
hecyc
lic gr
oup)wewi
llhave a

handy r
epr
esent
ati
on oft
he e
leme
nts
.Now t
he pr
imi
ti
ve e
leme
nts ar
eto be

f
ound among t
her
oot
soft
hei
rreduc
ibl
epol
ynomi
als(
the
ycannotbee
lement
s

oft
he pr
ime f
iel
d).The c
ycl
ic gr
oup we ar
e af
terhas or
der ,s
o noteve
ry

r
oot ne
ed be pr
imi
ti
ve. For e
xampl
e, l
ett
ing be a r
oot of   , i
.e.
,


    ,so   ,wecanwr
iteoutt
hepowe
rsof .

                      

And so hasor
der and doe
snotge
ner
atet
hec
ycl
icgr
oupofor
der ,i
.e.
,

i
s not a pr
imi
ti
ve e
leme
nt.On t
he ot
her hand,c
ons
ide
r ar
oot of t
he

pol al    ,s

ynomi othat        or     .Now t
hepowe
rs
  

of gi
veus:

- 14 -
   
    
                      
            
  
      
              
            

s
o i
sapr
imi
ti
vee
leme
ntand s
owehaver
epr
ese
nte
dthee
leme
ntsof

ast
he powe
rsof t
oge
the
rwi
th .Not
iceal
sot
hatt
hebol
dedt
ermson t
he

r
ightar
e al
lthe poss
ibl
ete
rms t
hatcan be wr
itt
en as l
ine
arc
ombi
nat
ions of

t
hebasi
s{ ove
r .Whe
nwor
king wi
thf
ini
tef
iel
dsi
tisconve
nie
ntt
o

havebot
h oft
heabover
epr
ese
ntat
ions
,si
ncet
het
ermson t
hel
eftar
eeasy t
o

mul
ti
ply and t
he t
erms on t
he r
ightar
eeas
yto add.So f
ori
nst
ance
,ifwe

want
ed t
o c
alc
ul e        , we woul
at d do s
o i
n t
his way,


           andso                    

Si
nce    ,t
he pr
ime f
iel
d i
s and we ne
ed t
o f
ind a moni
c


i
rre
duc
ibl
ecubi
cpol
ynomi
alove
rthatf
iel
d.Si
ncet
hec
oef
fi
cient
scan onl
y be

and ,t
hel
istofi
rre
duc
ibl
ecandi
dat
esi
seasi
lyobt
aine
d.

  
    
    
      

- 15 -
 Now s
ubst
it
uti
ng gi
ves i
nal
lcas
es,ands
ubs
tit
uti
ng wi
llgi
ve onl
yif

t
her
e ar
e an odd numbe
r of t
erms, s
o t
he i
rre
duci
blec
ubi
cs ar
ejus
t

     and     .Now t
he mul
ti
pli
cat
ive gr
oup of t
hisf
iel
disa

c
ycl
icgr
oupofor
der andsoe
ver
ynoni
dent
it
yel
eme
nti
sage
ner
ator
.Le
tti
ng

bea r
ootoft
hef
irs
tpol
ynomi
al,wehave       ,or     ,s
o
 

t
hepowe
rsof ar
e:

  
  
    
    
      
    
  

Now s
uppose we had c
hos
en a r
ootoft
he s
econd pol
ynomi
al,s
ay , .We

woul
dthenhave      andt
her
epr
esent
ati
onwoul
dbegi
venby
 

  
  
    
      
    
    
  

We know t
hatt
hese t
wo r
epr
ese
ntat
ions mustbe i
somor
phi
c,show t
hatt
he

i
somor
phi
smi
sinduc
edby    .


- 16 -
 Typi
calmet
hods of cal
cul
ati
ng i
nver
ses i
nfi
nit
efi
elds i
ncl
ude t
he Fer
mat

t
heor
em,t
he met
hod usi
ng ext
ended Eucl
id al
gor
ithms,and t
he met
hod usi
ng

f
ini
tef
iel
d mul
ti
pli
ers[
3,4]
.Ther
eisal
sot
hemet
hod ofusi
ng composi
tef
iel
dsas

pr
oposedi
nthi
sst
udy.

TheFe
rmatt
heo
remi
sexp
res
seda
stheEqua
tio
n(1
)whe
nther
ando
m numbe
rsa

a
ndphaver
elat
ionofr
ela
tive
lypr
ime
.

       ∊   
        (
1)
         

Whe
nani
nver
sei
scal
cul
atedwi
thFer
matt
heor
em,t
hemul
ti
pli
cat
ionof t
ime

andsquar
eof t
imesar
enee
dedf
oroper
ati
onon .

Equat
ion (
2)shows t
he pr
oce
ss ofcal
cul
ati
ng t
he gr
eat
estc
ommon di
vide
rs

oft
wo po
lyno
mia
ls,i
.
e.,   a
nd   ,         us
ing Euc
lid

al
gor
ithm.

- 17 -
               
             
             (
2)
⋮ ⋮
                

whe
n GCD i
sin Equat
ion (
2),t
heEquat
ion (
3)r
esul
tsac
cor
ding t
o ext
ended Eucl
id

al
gor
ithm.

              
           (
3)

I
n addi
ton,    and    i
i n Equat
ion (
3) can be cal
cul
ate
d as t
he r
epe
tit
ive

c
alcul
ati
onasi
nEquat
ion(
4).

           

(
4)
           
                     ≤  ≤    
                  

   i
nEquat
ion(
4)i
scal
cul
ate
dwi
thEquat
ion(
2).   cal
cul
ate
drepeat
edl
y

unt
il   i
nEquat
ion(
2)r
eac
hes     ,be
come
s   ,and      becomes

   .
He
re,Equat
ion(
3)i
srewr
itt
ent
obecome

            (
5)

Att
hist
i nce    i
me,si sani
rreduci
blepol
ynomi
al,i
tisal
ways     .

- 18 -
 Thus,t
her
esul
tbec
omes

          
 (
6)
       
  

When t
hef
ini
tef
il
ede
l nt i
eme sinput
ted i
nthe f
iel
d,t
hei
nve
rseof

i
sachi
eve
dasi
nEquat
ion(
7).

(
7)

 
   
    ⋅  

We c
ompar
ed t
he c
ircui
tar
ea and comput
ati
on t
ime ofpr
opos
ed al
gor
it
hm wi
th

'
ItohandTsuj
ii
'ci
rcui
tappl
iedi
nEquat
ion(
7).

Usi
ng t
he s
econd c
omposi
tef
iel
d,t
he al
gor
ithm cal
cul
ati
ng t
he mul
ti
pli
cat
ive

i
nve
rse off
ini
tef
iel
d was pr
ove
d by Cr
ist
ofPaar
[5]
.Whe
ntwo f
ini
tef
iel
ds ζ

and δ have δ=ζ r e

lat
ions
hip,we coul
dcal
cul
atet
he mul
ti
pli
cat
ive i
nve
rse of
-1

f
ini
tef
iel
dacc
ordi
ng t
oEquat
ion(
8).

- 19 -
       
      
        (
8)
    
      

We i
mpl
eme
nte
dthei
nve
rseal
gor
ithm i
nfi
nit
efi
eld usi
ng Equat
ion (
8).For

har
dwar
e de
sign,t
he mul
ti
pli
cat
ive i
nver
ses ofChr
ist
ofPaar
[1]we
rer
efe
rre
d

and mul
ti
pli
cat
ivei
nve
rseswer
ede
signe
d.Re
fer
eei
ng t
otheMast
rovi
to

s
truct
ure
[6]
,fi
nit
efi
eldmul
ti
pli
erwasde
signe
d.

- 20 -
 i
nfi
nit
efi
elds can be or .I
nthi
s st
udy,

wasuse
dast
hecomposi
tef
iel
dof [
7,8]
.

Equat
ion(
9)canebeus n  ∊    .
edwhe
 

       (
9)

He
re, i
sther
ootoft
hei
rreduc
ibl
epol
ynomi
al of ands
ati
sfi
es

⋅ ∊   .Equat

ion(
10)i
sthei
rre
duc
ibl
epol
ynomi
al .

         (
10)

Fr
om Equat
ions(
9)and(
10)
, c
anbedr
ive
nasEquat
ion(
11)
.


         
⋅                (
11)

         

Equat
ions (
12) and (
13) show t
he pr
oce
ss of c
alc
ulat
ing t
he mul
ti
pli
cat
ive

i
nve
rse
soff
ini
tef
iel
ds,i
.e.
,  and  anddr
ive
nfr
om Equat
ion(
11)
.

- 21 -
                
(
12)
   

         

      
          (
13)
            
          

As a r
esul
t,t
he comput
ati
on ofmul
ti
pli
cat
ive i
nve
rse
sinf
ini
tef
iel
ds us
ing

c
ompos
itef
iel
dsi
sdr
ive
nasEquat
ion(
14)
.

(
14)
   ⋅        ⋅ 
        

Fr
om Equat
ion (
14)
,the c
omput
ati
on al
gor
ithm of mul
ti
pli
cat
ive i
nve
rse of

f
ini
tef
iel
d was i
mpl
eme
nted as i
n Fi
g.2.He
re,t
he i
rre
duci
ble pol
ynomi
alof

c
omput
e f
iel
d us
ed was          .  i
s cal
cul
ate
d t
o be
  

      .

- 22 -
 β 14 {1001}

Squarer

S R
Inverter

Adder Multiplier

Fi
g.2.Ci
rcui
tde
signf
ori
nve
rsecal
cul
ati
onusi
ng c
omposi
tef
iel
ds

I
n Fi
g.2, bl
ocki
sthear
rangebl
ockchangi
ng t
hei
npute
xte
nsi
on f
iel
dint
o

c
ompos
itef
iel
d. bl
ock i
sthear
rangebl
ock changi
ng t
hec
omposi
tef
iel
dint
o

t
hee
xtens
ion f
iel
d.i
n whi
ch [
8].Fi
g.3 s
howst
heval
uesof and

bl
ocks.

                   
                   
   
                   
                   
          

           


   
                   
   
                   
                   
 
Fi
g.3.Bl
ockc
oef
fi
cientofS andR

When t
he r
esul
ts dr
ive
n we
rec
ode
d us
ing VHDL,t
he out
putval
ues we
re

- 23 -
nor
mal
.Compar
ison wi
tht
he r
esul
tantval
ues was done us
ing t
he i
nver
se of

f
ini
tef
iel
dmul
ti
pli
ere
xpl
aine
dint
hei
nver
set
abl
eofAES S-box andChapt
er.

Fi
g.4s
how t
hes
imul
ati
onr
esul
t,s
howi
ng t
hesamei
nver
seval
ue.

Fi
g.4.Val
uesf
rom si
mul
ati
on

Fi
g.5 i
sthe gat
ele
velc
irc
uits
ynt
hesi
zed usi
ng cor
e_sl
ow.
db i
n Synopsys
.

Theover
allc
ellar
eawas4593.
87.

- 24 -
 Fi
g.5.Gat
ele
velci
rcui
t

The i
nve
rsec
omput
ati
on al
gor
ithm pr
opos
ed i
n t
his st
udy and ‘
It
oh and

Tsuj
ii
'al
gor
ithm ar
ecompar
edi
nTabl
e1.

Tabl
e1.Re
sul
tsofci
rcui
tsynt
hes
isandc
ompar
isonoff
unc
tion

De
sign Dat
aAr
rive
r
Ce
llAr
ea
Ar
chi
tec
tur
e Ti
me

'
ItohandTs
uji
i' 12030.
64 19.
960[
ns]

Pr
opos
edDe
sign 4
593.
87 15.
155[
ns]

Whent
hef
unc
tionwascompar
ed,t
hede
signpr
opos
edi
nthi
sst
udys
howe
da

de
creas
e of61.
6% i
nce
llar
ea and an i
ncr
eas
e of24.
97% i
n comput
ati
on t
ime

- 25 -
c
ompar
edwi
th'
ItohandTs
uji
i'de
sign.

- 26 -
 Thei
nve
rseal
gor
ithm pr
opos
edi
nChapt
er4wasi
mpl
eme
nte
donAl
ter
a

FLEX10K.Ac
tivi
tyofi
mpl
eme
ntedal
gor
ithm wasconf
irme
dbyi
mpl
eme
nti
ng

FPGA c
ircui
trat
hert
hant
her
om t
abl
ebyde
signi
ng AES SubByt
esTr
ans
for
m

c
irc
uit
.Thec
irc
uitde
signi
sshowni
nFi
g.6.

Fi
g.6.FPGA Ci
rcui
tde
sign

- 27 -
 Fi
g.7s
howst
hepi
ctur
eact
ual
lyr
eal
ize
donFPGA e
mul
atorboar
d.

Fi
g.7.FLEX10
K FPGA ve
rif
icat
ionc
irc
uit

I
n Fi
g. 7,t
he out
put dat
ain t
he ouput dat
a por
tion i
s out
put
ted i
n 7

s
egme
nts and t
he ci
rcui
tini
ti
ali
zest
hrough t
he RESET Ke
y.The I
NVERSE

Keyi
sthecont
rolpr
event
ing t
hec
ircui
tfr
om i
nve
rset
ransf
ormat
ion.

- 28 -
 Wepr
opos
ed an opt
imalal
gor
ithm t
ocal
cul
atet
hemul
ti
pli
cat
ivei
nver
seofa

f
ini
tef
iel
d us
ing c
ompos
itef
iel
dsand i
mpl
eme
ntt
her
esul
ton Al
ter
aFLEX10K

FPGA boar
d.I
nthi
spape
r,wec
oul
dimpl
ementt
hec
ircui
twi
thAND andXOR

gat
e. The r
esul
t of ci
rcui
tsynt
hesi
s s
howed t
hat ce
ll ar
ea was 4593.
87,

s
howi
ng a de
cre
ase of 61.
8% i
nce
llar
ea compar
ed wi
th'
Itoh and Ts
uji
i'

al
gor
ithm,whi
ch us
esmul
ti
pli
ersoff
ini
tef
iel
ds,and t
hec
omput
ati
on t
imewas

15.
155[
ns]
, whi
ch i
mpr
ove
d by 24.
07%. Fur
ther
mor
e,i
n or
der t
o c
onf
irm

whe
the
rthe mul
ti
pli
cat
ive i
nver
se of f
ini
tef
iel
d was f
unc
tioni
ng nor
mal
ly,

nor
malf
unct
ion was c
onf
irme
d usi
ng AES SubByt
es Tr
ansf
orm de
signe
dto

s
ubs
tit
utef
orROM t
abl
euse
dfori
nve
rsecal
cul
ati
on.

- 29 -
[
1]C.Paar
.Ef
fi
cie
ntVLSIAr
chi
tect
ure
sforBi
t-Par
all
elComput
ati
on i
n Gal
ois

Fi
elds. Ph.
D t
hes
is,
Inst
it
utef
or Expe
rime
ntal Mat
hemat
ics
, Uni
ver
sit
y of

Es
sen,19
94

[
2]Vi
nce
ntRi
jme
n.Ef
fi
cie
nti
mpl
eme
ntat
ionoft
heRi
jndae
lS-box.

ht
tp:
//www.
esat
.kul
euve
n.ac
.be
/~r
ijme
n/r
ijndae
l/s
box.
pdf
,

[
3] Fe
der
alI
nfor
mat
ion Pr
oce
ssi
ng St
andar
ds Publ
icat
ion 19
7,Nov.26,200
1.

Announc
ing t
heADVANCED ENCRYPTI
ON STANDARD.

[
4]Mi
chae
lRosi
ng,I
mpl
eme
nti
ng El
li
pti
cCur
ve Cr
ypt
ogr
aphy,Manni
ng,199
9.

[
5]C.Paar
,P.Fl
eischmann and S.Pedr
o,FastAr
ithmet
icf
orPubl
ic-Key Al
gor
ithms

i
nGal
oisFi
eldswi
thComposi
teExponent
s, .
,vol
.48,

no.10,pp.1025-1034,Oct
.1999.

[
6]E.
D Mas
trovi
to,"
VLSIAr
chi
tec
tur
efor Co
mput
ati
on i
n Ga
loi
s Fi
eld,
" PhD

The
sis
,PhD Di
sse
rta
tion,Li
nkpi
ngUni
v.,Li
nkpi
ngSwe
den,1
991
.

[
7]T.I
tohandS.Ts
uji
i,"
Afas
tal
gor
ithm f
orc
omput
ing mul
ti
pli
cat
ivei
nve
rse
s

i
n GF(
2 )usi
ng nor
malbas
is"
,J.Soc
iet
yforEl
ect
roni
cCommuni
cat
ion,pp.
m

31-36,1986.

[
8]Ci
ll
ian O'
Dri
scol
l.Har
dwar
eimpl
eme
ntat
ion as
pec
ts oft
he Ri
jndae
lbl
ock

c
iphe
r.Mas
ter
'st
hes
is,Uni
ver
sit
yCol
leg.

[
9]The or
igi
nalgr
anddaddy i
nthe ar
eai
s:Di
cks
on,Li
nearGr
oups (
wit
h an

Expos
iti
onoft
heGal
oisFi
eldThe
ory)
,Dove
r,1
958
.

[
10]Be
rle
kamp,Al
gebr
aicCodi
ng The
ory,Mc
Graw-Hi
ll
,Ne
w Yor
k196
8.

[
11]Bl
ake & Mul
li
n,An I
ntr
oduct
ion t
o Al
gebr
aic and Combi
nat
ori
alCodi
ng

The
ory,Ac
ade
micPr
ess
,1976.

[
12] I
ntr
oduc
tiont
otheThe
oryofEr
ror
-Cor
rec
ting Code
s,Wi
ley,1982.

[
13] Li
dl & Ni
ede
rre
ite
r, Fi
nit
e Fi
elds
, Vol
. 20 i
n t
he Enc
ycl
ope
dia of

- 30 -
 Mat
hemat
icsandi
tsAppl
icat
ions
,Addi
son-We
sle
y,1
983
.

[
14] Li
dl& Ni
ede
rre
ite
r,I
ntr
oduc
tion t
o Fi
nit
e Fi
elds and t
hei
r Appl
icat
ions
,

Cambr
idgeUni
ver
sit
yPr
ess
,1986.

[
15] McEl
iec
e,Fi
nit
e Fi
elds f
or Comput
er Sc
ient
ist
s and Engi
nee
rs,Kl
uwe
r

Ac
ade
micPubl
ishe
rs,1
987
.

- 31 -