대한전자공학회논문지SD (Journal of the Institute of Electronics Engineers of Korea SD)

대한전자공학회 (The Institute of Electronics and Information Engineers)
권호 표지

경량화 시스템에 적합한 유한체 $GF(2^m)$에서의 고속 역원기

A Fast Inversion for Low-Complexity System over GF(2 $^{m}$)

  • 김소선 (고려대학교 정보보호대학원) ;
  • 장남수 (고려대학교 정보보호대학원) ;
  • 김창한 (세명대학교 정보보호학과)
  • Kim, So-Sun (Center for Information and Security Technologies (CIST), Korea Univ.) ;
  • Chang, Nam-Su (Center for Information and Security Technologies (CIST), Korea Univ.) ;
  • Kim, Chang-Han (Dept. of Information and Security, Semyumg Univ.)
  • 발행 : 2005.09.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

효율적인 암호 시스템의 설계는 환경에 적합한 유한체 연산이 뒷받침되어야 한다 특히 유한체에서의 역원 연산은 다른 연산에 비해 가장 많은 수행시간을 소비하므로, 개선에 대한 연구가 활발히 진행되고 있다. 본 논문에서는 다항식 기저를 기반으로 Extended binary god algorithm (EBGA)를 이용한 유한체 $GF(2^m)$에서의 고속 역원 알고리즘을 제안한다. 제안된 역원 알고리즘은 EBGA보다 $18.8\%$, Montgomery inverse algorithm (MIA)보다 $45.9\%$ 적은 수행횟수를 가진다. 또한 기존에 제안된 시스톨릭 어레이 구조 (Systolic array structure)는 유한체 차수 m이 증가하는 경우 많은 하드웨어 리소스가 요구된다. 따라서 스마트 카드나 모바일 폰 등과 같은 경량화와 저전력이 요구되는 환경에는 적용하기 힘들다. 본 논문에서는 경량화된 암호 시스템 환경을 바탕으로 공간복잡도가 적으면서 동기화된 연산을 수행하는 새로운 하드웨어 구조를 제시한다. 본 논문에서 제안된 하드웨어 구조는 유한체 $GF(2^m)$에서의 역원을 계산하기 위해 기존의 알고리즘보다 적은 덧셈 연산과 모듈러 감산 연산을 포함하고 있으며, 유한체 $GF(2^m)$와 GF(p)에 적용이 가능한 통합된 역원기이다.

The design of efficient cryptosystems is mainly appointed by the efficiency of the underlying finite field arithmetic. Especially, among the basic arithmetic over finite field, the rnultiplicative inversion is the most time consuming operation. In this paper, a fast inversion algerian in finite field $GF(2^m)$ with the standard basis representation is proposed. It is based on the Extended binary gcd algorithm (EBGA). The proposed algorithm executes about $18.8\%\;or\;45.9\%$ less iterations than EBGA or Montgomery inverse algorithm (MIA), respectively. In practical applications where the dimension of the field is large or may vary, systolic array sDucture becomes area-complexity and time-complexity costly or even impractical in previous algorithms. It is not suitable for low-weight and low-power systems, i.e., smartcard, the mobile phone. In this paper, we propose a new hardware architecture to apply an area-efficient and a synchronized inverter on low-complexity systems. It requires the number of addition and reduction operation less than previous architectures for computing the inverses in $GF(2^m)$ furthermore, the proposed inversion is applied over either prime or binary extension fields, more specially $GF(2^m)$ and GF(P) .

키워드

참고문헌

  1. Y. Watanabe, N. Takagi, and K. Takagi, 'A VLSI Algorithm for Division in GF(2m) Based on Extended Binary GCD Algorithm', IEICE Trans. Fundamentals, vol. E85-A, May 2002, pp. 994-999
  2. C. H. Wu, C. M. Wu, M. D. Shieh, and Y. T. Hwang, 'Systolic VLSI Realization of a Novel Iterative Division Algorithm over GF($2^m$): a High-Speed, Low-Complexity Design', 2001 IEEE International Symposium on Circuits and Systems, May 2001, pp.33-36 https://doi.org/10.1109/ISCAS.2001.922162
  3. C. H. Wu, C. M. Wu, M. D. Shieh, and Y. T. Hwang, 'An Area-Efficient Systolic Division Circuit over $GF(2^m)$ for Secure Communication, 2002 IEEE International Symposium on Circuits and Systems, August 2002, pp.733-736 https://doi.org/10.1109/ISCAS.2002.1010808
  4. C. H. Kim, S. H. Kwon, J. J. Kim, C. P. Hong, 'A Compact and Fast Division Architecture for a Finite Field', ICCSA, LNCS 2667, 2003, pp.855-864
  5. N. Takagi, C. K. Koc, 'A VLSI Algorithm for Modular Division Based on the Binary GCD Algorithm', IEICE Trans. Fundamentals, vol. E81-A, May 1998, pp. 724-728
  6. R. Lorenzo, 'New Algorithm for Classical Modular Inverse', Cryptographic Hardware and Embedded Systems, CHES'02, LNCS 2523, 2002, pp.57-70
  7. A. Gutub, A. F. Tenca, E. Savas, C. K. Koc, 'Scalable and unified hardware to compute Montgomery inverse in GF(p) and $GF(2^m)$', CHES 2002, LNCS 2523, August 2002, pp.484-499
  8. Certicom Research, 'SEC 2: Recommanded Elliptic Curve Domain Parameters', version 1.0, September 2000
  9. Z. Yan, D. V. Sarwate, 'New Systolic architect-ures for Inversion and Division in GF(2m)', IEEE Trans. on Computers, vol. 52, no. 11, November 2003, pp,1514-1519
  10. J. H. Guo, C. L. Wang, 'Hardware-efficient systolic architecture for inversion and division in GF($2^m$)', IEE Proc. Comput. Digital Tech. vol. 145, no. 4, 1998, pp.272-278 https://doi.org/10.1049/ip-cdt:19982092
  11. J. H. Guo, C. L. Wang, 'Systolic Array Implem-entation of Euclid's Algorithm for Inversion and Division in $GF(2^m)$', IEEE Transactions on Computers, vol. 47, no.10, October 1998, pp.1161-1167 https://doi.org/10.1109/12.729800
  12. T. Zhou, X. Wu, G. Bai and H. Chen, 'Fast GF(p) modular inversion algorithm suitable for VLSI implementation', Electronics Letters, Vol. 38, No 14, 2002, pp.706-707 https://doi.org/10.1049/el:20020472
  13. D. Hankerson, J. L. Hernandez, A. Menezes, 'Software Implementation of Elliptic Curve Cryptography Over Binary Fields', Cryptographic Hardware and Embedded Systems, CHES'00, 2000, pp.1-24
  14. B. S. Kaliski Jr., 'The Montgomery Inverters and Its Applications', IEEE Trans. on Computers, vol. 44, no. 8, August 1995, pp,1064-1065 https://doi.org/10.1109/12.403725
  15. E. Savas, C. K. Koc, 'The Montgomery Modular Inverse-Revisited', IEEE Trans. on Computers, vol. 49, No. 7, July 2000, pp.763-766 https://doi.org/10.1109/12.863048
  16. A. Daly, W. Marnane, T. Kerins, E. Popovici, 'Fast Modular Division for Application in ECC on Reconfigurable logic', FPL 2003, LNCS 2778, 2003, pp.786-795 https://doi.org/10.1007/b12007