System and method for efficient basis conversion
First Claim
1. A method for converting an element of a finite field of characteristic q used in a cryptographic system from a representation in a first basis defined by a first irreducible polynomial to a representation in a second basis defined by a second irreducible polynomial, said method comprising the steps of:
- a) representing said element of said finite field in said first basis as a polynomial a(x);
b) determining a root r of said second irreducible polynomial;
c) evaluating said polynomial a(x) at said root r to obtain a representation a(r) of a(x) in said second basis;
said evaluation being characterised by the steps of;
d) partitioning said polynomial a(x) into a plurality of component polynomials, so that said plurality of component polynomials may be combined to obtain said polynomial a(x) by using the operations of multiplication by x and exponentiation by q;
e) obtaining values of each of said component polynomials by evaluating each of said component polynomials at said root r;
f) computing the value of a(r) from said values of said component polynomials at said root r, using the operations of multiplication by r and exponentiation by q;
3 Assignments
0 Petitions
Accused Products
Abstract
This invention describes a method for evaluating a polynomial in an extension field FqM, wherein the method comprises the steps of partitioning the polynomial into a plurality of parts, each part is comprised of smaller polynomials using a q-th power operation in a field of characteristic q; and computing for each part components of q-th powers from components of smaller powers. A further embodiment of the invention provides for a method of converting a field element represented in terms of a first basis to its representation in a second basis, comprising the steps of partitioning a polynomial, being a polynomial in the second basis, into a plurality of parts, wherein each part is comprised of smaller polynomials using a q-th power operation in a field of characteristic q; evaluating the polynomial at a root thereof by computing for each part components of q-th powers from components of smaller powers; and evaluating the field element at the root of the polynomial.
22 Citations
22 Claims
-
1. A method for converting an element of a finite field of characteristic q used in a cryptographic system from a representation in a first basis defined by a first irreducible polynomial to a representation in a second basis defined by a second irreducible polynomial, said method comprising the steps of:
-
a) representing said element of said finite field in said first basis as a polynomial a(x);
b) determining a root r of said second irreducible polynomial;
c) evaluating said polynomial a(x) at said root r to obtain a representation a(r) of a(x) in said second basis;
said evaluation being characterised by the steps of;
d) partitioning said polynomial a(x) into a plurality of component polynomials, so that said plurality of component polynomials may be combined to obtain said polynomial a(x) by using the operations of multiplication by x and exponentiation by q;
e) obtaining values of each of said component polynomials by evaluating each of said component polynomials at said root r;
f) computing the value of a(r) from said values of said component polynomials at said root r, using the operations of multiplication by r and exponentiation by q;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19)
-
-
18. A method for evaluating a polynomial a(x) at a point r, said method comprising the steps of:
-
a) partitioning said polynomial a(x) into a plurality of component polynomials, so that said plurality of component polynomials may be combined to obtain said polynomial a(x) by using the operations of multiplication by x and exponentiation by q;
b) obtaining values of each of said component polynomials by evaluating each of said component polynomials at said root r;
c) computing the value of a(r) from the values of said component polynomials at said root r, using the operations of multiplication by r and exponentiation by q;
-
-
20. In a cryptographic system utilising elements of a finite field of characteristic q represented as a polynomial a(x) in a first basis defined by a first irreducible polynomial, the method of evaluating said polynomial a(x) at an element r of said field comprising the steps of:
-
a) partitioning said polynomial a(x) into a plurality of component polynomials, so that said plurality of component polynomials may be combined to obtain said polynomial a(x) by using the operations of multiplication by x and exponentiation by q;
b) obtaining values of each of said component polynomials by evaluating each of said component polynomials at said root r;
c) computing the value of a(r) from the values of said component polynomials at said root r, using the operations of multiplication by r and exponentiation by q;
- View Dependent Claims (21)
-
-
22. A computing device including an accumulator for evaluating a polynomial a(x) of degree d at an element r of a finite field of characteristic 2, said device being programmed to:
-
a) initialize said accumulator to 0;
b) for each odd number k<
d, compute and store a value rk;
c) compute a value t=2l such that 2l≦
d<
2l+1;
d) while t≧
1, repeat the steps;
i) for each s from 1 to
if ast=1 then add rs to the accumulator;
ii) square R;
iii) set
whereby the accumulator holds the value of a(r).
-
Specification