Apparatus and method for efficient arithmetic in finite fields through alternative representation
First Claim
Patent Images
1. A method for performing efficient arithmetic in a finite field in an elliptic curve cryptography application, the method comprising the steps:
- receiving a first operand of the elliptic curve cryptography application having a first representation format;
permuting the first operand from the first representation format to an alternative representation format;
receiving a second operand of the elliptic curve cryptography application having the first representation format;
permuting the second operand from the first representation format to the alternative representation format;
generating a result for use in the elliptic curve cryptography application having the alternative representation format by performing a selected arithmetic operation on the first and second operands; and
permuting the result from the alternative representation format to the first representation format wherein the alternative representation format is preselected to enable the steps of permuting to be performed by a bit wise transposition between the first representation format and the alternative representation format.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus are shown for performing efficient arithmetic on binary vectors in a finite field. Typically, there is an efficient algorithm within an execution context, such as hardware or software, for performing a selected arithmetic operation on an operand. When the operand is in a first representative format and the efficient algorithm operates in an alternative representation format, then the operand is permutated from the first representative format to the alternative representation format. The efficient algorithm is then performed on the operand in the alternative representation format in order to obtain a result in the alternative representation format. The result is then permutated from the alternative representation format to the first representation format. Thus, efficient arithmetic is obtained by using the most efficient algorithm available in either the first representation format or the alternative representation format and permuting operands and results to the representation format corresponding to the most efficient algorithm available.
72 Citations
22 Claims
-
1. A method for performing efficient arithmetic in a finite field in an elliptic curve cryptography application, the method comprising the steps:
-
receiving a first operand of the elliptic curve cryptography application having a first representation format;
permuting the first operand from the first representation format to an alternative representation format;
receiving a second operand of the elliptic curve cryptography application having the first representation format;
permuting the second operand from the first representation format to the alternative representation format;
generating a result for use in the elliptic curve cryptography application having the alternative representation format by performing a selected arithmetic operation on the first and second operands; and
permuting the result from the alternative representation format to the first representation format wherein the alternative representation format is preselected to enable the steps of permuting to be performed by a bit wise transposition between the first representation format and the alternative representation format. - View Dependent Claims (2, 3)
the finite field is defined as GF(2n); and
the first operand is defined as a vector of n binary elements of the finite field GF(2), such that the first operand has an ONB format (an−
1, an−
2, . . . , a1, a0); and
there is a prime p=2n+1, where p satisfies one of the following conditions;
(i) the multiplicative order of 2 modulo p is 2n, or (ii) p≡
(3 modulo
4) and the multiplicative order of 2 modulo p is n;
there is a one-to-one function π
;
{0, 1, 2, . . . , n−
1}→
{1, 2, 3, . . . , n} defined over 0≦
i≦
n−
1, where j=2i mod p, and if 0≦
j<
n, then π
(i)=j, else π
(i)=p−
j; and
there is an inverse function σ
;
{1, 2, 3, . . . , n}→
{0, 1, 2, . . . , n−
1} defined such that σ
(j)=i whenever π
(i)=j; and
wherein the step of permuting the format of the first operand from ONB to an alternative representation format includes permuting the first operand to an alternative format (b1, b2, . . . , bn) by setting (b1, b2, . . . , bn)=(aσ
(1), aσ
(2), . . . , aσ
(n)).
-
-
3. The method of claim 2, wherein the step permuting the format of the result from the alternative representation format to ONB format includes:
permuting the result from an alternative format (c1, c2, . . . , cn) to an ONB format (dn−
1, dn−
2, . . . , d1, d0) by setting (dn−
1, dn−
2, . . . , d1, d0)=(cπ
(n−
1), Cπ
(n−
2), . . . , cπ
(1), cπ
(0)), respectively.
-
4. A method for performing an arithmetic operation on first and second n-length vectors having a first representation format in a finite field GF(2n) in a predetermined execution context of an elliptic curve cryptography application, the method comprising the steps:
-
selecting an efficient algorithm for the arithmetic operation based upon the predetermined execution context of the elliptic curve cryptography application;
selecting an execution representation format based upon the selected efficient algorithm, where the execution representation format is one of the first representation format and a second representation format;
permuting the first and second vectors from the first representation format to the second representation format when the selected execution representation format is the second representation format wherein the second representation format is preselected to enable the step of permuting to be performed by a bit wise transposition between the first representation format and the second representation format; and
performing the arithmetic operation on the first and second vectors to obtain a result for the elliptic curve cryptography application having the selected execution representation format. - View Dependent Claims (5, 6, 7, 8, 9, 10)
permuting the result from the second representation format to the first representation format when the selected execution format is the second representation format.
-
-
6. The method of claim 5, wherein:
-
there exists a prime p=2n+1, where p satisfies one of the following conditions;
(i) the multiplicative order of 2 modulo p is 2n, or (ii) p≡
(3 modulo
4) and the multiplicative order of 2 modulo p is n;
there is a one-to-one function π
;
{0, 1, 2, . . . , n−
1}→
{1,2,3, . . . , n} defined over 0≦
i≦
n−
1, where j=2i mod p, and if 0<
j≦
n, then π
(i)=j, else π
(i)=p−
j; and
there is an inverse function σ
;
{1, 2, 3, . . . , n}→
{0, 1, 2, . . . , n−
1} defined such that π
(j)=i whenever π
(i)=j; and
the first representation format is optimal normal basis (ONB), where the first vector is represented by (an−
1, an−
2, . . . , a1, a0) and the second vector is represented by (en−
1, en−
2, . . . , e1, e0); and
the second representation format is palindromic where the first vector is represented by (b1, b2, . . . , bn, bn, . . . , b2, b1), and the second vector is represented by (f1,f2, . . . , fn,fn, . . . ,f2,fl); and
wherein the step of permuting the first and second vectors from the first representation format to the second representation format further comprises;
setting (b1,b2, . . . , bn)=(aσ
(1), aσ
(2), . . . , aσ
(n)), respectively; and
setting (f1,f2, . . . , fn)=(eσ
(l), eσ
(2), . . . , eσ
(n)), respectively.
-
-
7. The method of claim 6, wherein:
-
the result is represented by (dn−
1, dn−
2, . . . , d1, d0) in the ONB representation format; and
the result is represented by (c1, c2, . . . , cn, cn, . . . , c2, c1) in the palindromic format; and
the step of permuting the result from the second representation format to the first representation format when the selected execution format is the second representation format further comprises;
setting (dn−
1, dn−
2, . . . , d1, d0)=(cπ
(n−
1), cπ
(n−
2), . . . , cπ
(1), cπ
(0)), respectively.
-
-
8. The method of claim 7, wherein the execution context is computer software, the arithmetic operation is multiplication, and the efficient algorithm is a polynomial multiplier algorithm and where the step of selecting an execution representation format based upon the selected efficient algorithm execution representation format includes:
selecting the palindromic format to be the execution representation format when the arithmetic operation is multiplication.
-
9. The method of claim 4, wherein the first representation format is palindromic, the second representation format is ONB, the execution context is hardware logic circuitry and where the efficient algorithm for multiplication is implemented in a ONB multiplier circuit and the efficient algorithm for inversion is implemented in a polynomial inverter circuit, and further wherein the step of selecting an execution format representation format based upon the selected efficient algorithm execution representation format includes:
-
selecting the ONB format to be the execution representation format when the arithmetic operation is multiplication; and
selecting the palindromic format to be the execution representation format when the arithmetic operation is inversion.
-
-
10. The method of claim 4, wherein the first representation format is ONB, the second representation format is palindromic, the execution context is hardware logic circuitry, and where the step of selecting an execution representation format based upon the selected efficient algorithm execution representation format includes:
-
selecting the ONB format to be the execution representation format when the arithmetic operation is multiplication; and
selecting the palindromic format to be the execution representation format when the arithmetic operation is inversion.
-
-
11. A method for performing an arithmetic operation on an n-length vector having a first and representation format in a finite field GF(2n) in a predetermined execution context of an elliptic curve cryptography application, the method comprising the steps:
-
selecting an efficient algorithm for the arithmetic operation based upon the predetermined execution context of the elliptic curve cryptography application;
selecting an execution representation format based upon the selected efficient algorithm, where the execution representation format is one of the first representation format and a second representation format;
permuting the vector from the first representation format to the second representation format when the selected execution representation format is the second representation format wherein the second representation format is preselected to enable the step of permuting to be performed by a bit wise transposition between the first representation format and the second representation format; and
performing the arithmetic operation on the vector to obtain a result for the elliptic curve cryptography application having the selected execution representation format. - View Dependent Claims (12, 13, 14, 15)
permuting the result from the second representation format to the first representation format when the selected execution format is the second representation format.
-
-
13. The method of claim 12, wherein:
-
there exists a prime p=2n+1, where p satisfies one of the following conditions;
(i) the multiplicative order of 2 modulo p is 2n, or (ii) p≡
(3 modulo
4) and the multiplicative order of 2 modulo p is n;
there is a one-to-one functions π
;
{0, 1, 2, . . . , n−
1}→
{1, 2, 3, . . . , n} defined over 0≦
i≦
n−
1, where j=2i mod p, and if 0<
j≦
n, then π
(i)=j, else π
(i)=p−
j; and
there is an inverse function σ
;
{1, 2, 3, . . . , n}→
{0, 1, 2, . . . , n−
1} defined such that σ
(j)=i whenever π
(i)=j; and
the first representation format is optimal normal basis (ONB), where the vector is represented by (an−
1, an−
2, . . . , a1, a0); and
the second representation format is palindromic where the vector is represented by (b1, b2, . . . , bn, bn, . . . , b2, b1); and
wherein the step of permuting the vector from the first representation format to the second representation format further comprises;
setting (b1, b2, . . . , bn, bn, . . . , b2, b1)=(aσ
(1), aσ
(2), . . . , aσ
(n), aσ
(n), . . . , aσ
(2), aσ
(1)), respectively.
-
-
14. The method of claim 13, wherein:
-
the result is represented by (dn−
1, dn−
2, . . . , d1, d0) in the ONB representation format; and
the result is represented by (c1, c2, . . . , cn, cn, . . . , c2, c1) in the palindromic format; and
the step of permuting the result from the second representation format to the first representation format when the selected execution format is the second representation format further comprises;
setting (dn−
1, dn−
2, . . . , d1, d0)=(cπ
(n−
1), cπ
(n−
2), . . . , cπ
(1), cπ
(0)), respectively.
-
-
15. The method of claim 11, wherein the first representation format is ONB, the second representation format is palindromic, the execution context is hardware logic circuitry, and where the step of selecting an execution representation format based upon the selected efficient algorithm execution representation format includes:
selecting the palindromic format to be the execution representation format when the arithmetic operation is inversion.
-
16. A computer readable medium having stored therein a plurality of routines of an elliptic curve cryptography application comprising:
-
a first routine configured to convert a first operand having a first representation format to a second operand having a second representation formation;
a second routine configured to perform a first arithmetic operation on the second operand in order to obtain a first result having the second representation format; and
a third routine configured to convert the first result to a second result for the elliptic curve cryptography application having the first representation format;
wherein the second representation format is preselected to enable the first and third routines to convert by performing by a bit wise transposition between the first representation format and the second representation format. - View Dependent Claims (17, 18, 19, 20, 21, 22)
the first representation format is ONB;
the second representation format is palindromic; and
the second routine is configured to perform an inversion operation on the second operand.
-
-
18. The computer readable medium of claim 16, wherein:
-
the first routine is further configured to convert a third operand having the first representation format to a fourth operand having the second representation format; and
the second routine is further configured to perform the first arithmetic operation on both the second and fourth operands in order to obtain the first result.
-
-
19. The computer readable medium of claim 18, wherein:
-
the first representation format is ONB;
the second representation format is palindromic; and
the second routine is configured to perform a multiplication operation on the second operand.
-
-
20. The computer readable medium of claim 16, wherein the first routine is further configured to convert the first operand to the second operand by a first algorithm wherein:
-
the first operand further comprises n binary elements of a finite field GF(2), such that the first operand has the format (an−
1, an−
2, . . . , a1, a0);
there is a prime p=2n+1, where p satisfies one of the following conditions;
(i) the multiplicative order of 2 modulo p is 2n, or (ii) p≡
(3 modulo
4) and the multiplicative order of 2 modulo p is n;
there is a one-to-one function π
;
{0, 1, 2, . . . , n−
1}→
{1, 2, 3, . . . , n} defined over 0≦
i≦
n−
1, where j=2i mod p, and if 0<
j≦
n, then π
(i)=j, else π
(i)=p−
j;
there is an inverse function σ
;
{1, 2, 3, . . . , n}→
{0, 1, 2, . . . , n−
1} defined such that σ
(j)=i whenever π
(i)=j; and
wherein the second operand has the format (b1, b2, . . . , bn), where (b1, b2, . . . bn)=(aσ
(l), aσ
(2), . . . , aσ
(n)).
-
-
21. The computer readable medium of claim 20, wherein the third routine is further configured to convert the first result to the second result by a second algorithm wherein:
-
the first result has the format (c1, c2, . . . , cn); and
the second result has the format (dn−
1, dn−
2, . . . , d1, d0), where (dn−
1, dn−
2, . . . , d1, d0)=(cπ
(n−
1), cπ
(n−
2), . . . , cπ
(1), cπ
(0)).
-
-
22. The computer readable medium of claim 16, further including:
-
a fourth routine configured to perform a second arithmetic operation upon the first operand and produce a third result having the first representation format; and
a fifth routine configured to select one of the first arithmetic operation and a second arithmetic operation, and wherein the fifth routine is further configured to invoke the first, second and third routines when the first arithmetic operation is invoked, and further wherein the fifth routine is configured to invoke the fourth routine when the second arithmetic operation is selected.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHewlett-Packard Company (HP Inc.)
-
Original AssigneeHewlett-Packard Company (HP Inc.)
-
InventorsRoth, Ron M., Seroussi, Gadiel, Blake, Ian F.
-
Primary Examiner(s)Mai, Tan V.
-
Application NumberUS09/104,894Time in Patent Office985 DaysField of Search708/491-492, 380/28US Class Current708/492CPC Class CodesG06F 7/724 Finite field arithmetic for...G06F 7/726 Inversion; Reciprocal calcu...
