Tamkang Journal of Science and Engineering, Vol. 13, No. 4, pp. 423-432 (2010)
423
Sequential Type-I Optimal Normal Basis Multiplier
and Multiplicative Inverse in GF(2m)
Che Wun Chiou1*, Chiou-Yng Lee2 and Yun-Chi Yeh3
1
Department of Computer Science and Information Engineering, Ching Yun University,
Chung-Li, Taiwan 320, R.O.C.
2
Department of Computer Information and Network Engineering, Lunghwa University of Science and Technology,
Taoyuan, Taiwan 333, R.O.C.
3
Department of Electronic Engineering, Ching Yun University,
Chung-Li, Taiwan 320, R.O.C.
Abstract
This study presents a novel sequential Type-I optimal normal basis multiplier in GF(2m) with a
regular structure. The proposed multiplier has a slightly higher space complexity than the
Reyhani-Masoleh-Hasan’s (RMH) multiplier, but is 27% faster than the RMH multiplier. Furthermore,
the proposed multiplier is highly regular, modular, expandable and well-suited to VLSI implementation.
A new normal basis inverter based on the proposed multiplier is also invented. The proposed inverter
provides better time-area complexity than existing inverters as with large m.
Key Words: Cryptography, Finite Field, Multiplication, Normal Basis, Multiplicative Inverse, VLSI
1. Introduction
Arithmetic over finite fields GF(2m) has recently
found many significant applications, including errorcorrecting codes [1], cryptography [2], digital signal
processing [3,4], switching theory [5] and pseudorandom number generation [6]. Addition, multiplication,
exponentiation and inversion are the most important
computations in finite field arithmetic. Addition can be
easily implemented as XOR of the corresponding vectors. Multiplication typically requires more computational time than addition, and has more circuit complexity. Other important arithmetic operations, such as exponentiation, division, and multiplicative inversion, can
be conducted by repeatedly applying the multiplicationsquaring algorithm. Therefore, fast multiplication algorithms with low circuit complexity must be developed.
Since such computations are not efficient to perform in
real time on a general-purpose computer, hardwareefficient architectures for multiplication in GF(2m) are
*Corresponding author. E-mail: cwchiou@cyu.edu.tw
highly desirable. Different basis representations of field
elements can be specified to simplify the implementation
of arithmetic operations. Three major bases are standard,
normal and dual basis. Various multiplier architectures
have been developed in the literature. For instance, the
standard basis multipliers [7-18] are extensively adopted,
and result in efficient implementations of multipliers. As
compared to the other two bases multipliers, the standard
basis multipliers have a low design complexity, and their
sizes are easier to extend to meet various applications
owing to their simplicity, regularity and architectural
modularity. The dual basis multipliers [19-22] require
smaller chip areas than other two types. The major benefit of the normal basis multipliers [23-32] is that the
squaring of an element is derived by cyclically shifting
the binary representation. Thus, the normal basis multipliers are very effective for performing inverse, squaring
and exponentiation operations. However, the normal
basis multipliers require basis conversion, since the field
elements of GF(2m) are represented using the standard
basis. Massey and Omura formed the first normal basis
multiplication algorithm [23]. Their normal basis multi-
424
Che Wun Chiou et al.
plier has a parallel-in, serial-out architecture with a long
critical path delay. Various bit-parallel multipliers based
on Massey and Omura’s multiplication algorithm have
been developed [10,24,25,30,33]. Agnew et al. [30] proposed a parallel-in, parallel-out multiplier to circumvent
the long latency problem of the Massey-Omura multiplier. In practice, existing bit-parallel normal basis multipliers over GF(2m) [10,25,30,33] take time complexity of
O(log2m) by adopting XOR trees, but require space complexity of O(m2), and have irregular structures that are
not appropriate for VLSI implementation. Wang et al.
[24] presented a VLSI architecture to realize the Massey-Omura multiplier. The major flaws of this VLSI
Massey-Omura multiplier are its irregularity and lack of
modularity, which mean that it cannot easily be extended. To eradicate this problem, this work presents a
novel sequential semi-systolic Type-I optimal normal
basis multiplier with a space complexity of O(m) and
features that are valuable for high-speed VLSI system
design, such as regularity and modularity. The sequential
multiplier iteratively determines the product of two elements with m bits in parallel. The products are accumulated after m clock cycles. A new normal basis inverter
based on the new normal basis multiplier is also developed.
This study is structured as follows. Section 2 briefly
reviews finite fields. The proposed normal basis multiplier and inverter are described in sections 3 and 4, respectively. Finally, conclusions are drawn in section 5.
lowing features hold:
m
(1) A 2 = A,
m
(2) A 2 - 1 = 1,
0
1
2
m -1
(3) A 2 = a m- 1a 2 + a 0a 2 + a 1a 2 +...+a m- 2a 2 ,
(4) (A + B)2 = A2 + B2,
m
1
2
m -1
(5) A -1 = A 2 - 2 = A 2 * A 2 *...* A 2 .
where the symbol * represents multiplication. If for all
0 £ i1, i2 £ m - 1 and i1 ¹ i2, there exist j1, j2 such that
i1
i2
j1
j2
A 2 + 2 = A 2 + 2 , the basis is called optimal. Two commonly employed Optimal Normal Bases (ONBs) are
defined as follows:
(a) Type-I ONB: m+1 is a prime p, and 2 is primitive
modulo p.
(b) Type-II ONB: 2m+1 is a prime p and either
(1) 2 is primitive modulo p, or
(2) p º 3 (mod 4) and the multiplicative order of 2
modulo p is m.
This work uses Type-I ONB.
3. The Proposed Normal Basis Multiplier
Let A and B denote any two elements in GF(2m), written as
The product C of A and B is as follows:
2. Preliminaries
C = A * B.
The reader is assumed to be familiar with the basic
concepts of finite fields. Authors of [1,2] describe the
attributes of finite fields in detail. For an a Î GF(2m),
0
1
2
m -1
{a 2 , a 2 , a 2 , ..., a 2 } is called a normal basis of GF(2m)
0
1
2
m -1
over GF(2) if a 2 , a 2 , a 2 , ..., and a 2 are linearly independent [1]. MacWilliams and Sloane [1] have revealed that a normal basis always exists in the finite field
GF(2m) for all positive integers m. Each element A Î
GF(2m) can be uniquely expressed as
where ai Î {0,1} for i = 0, 1, 2, …, m - 1.
In normal basis, for any A and B Î GF(2m), the fol-
As mentioned previously, the major advantage of the
normal basis representation is that an element in GF(2m)
is squared with a simple cyclic shift. However, multiplication in this basis appears to be more complex than in
the other bases. Hence, normal basis multiplication requires basis conversion, to perform the multiplication
in another basis. The normal basis N is expressed as
Let the generating polynomial G(X) be an irreducible
All-One-Polynomial [12] of degree m, where m+1 is
relative prime to 2, and G(X) is represented as
Sequential Type-I Optimal Normal Basis Multiplier and Multiplicative Inverse in GF(2m)
425
(1)
If a denotes the root of the G(X), then it has the following property
am+1 = 1
If am+1 = 1, then the normal basis N can easily be converted to the following shifted standard basis N’:
Authors of [34] have proven the validity of the shifted
standard basis. Define the conversion of permutation P
from the basis N to N’. Permutation P performs the following transformations for both A and B:
Therefore, the term aiai B for i = 1, 2, 3, …, m is computed as
where
(3)
For example, Table 1 lists permutation P for m = 4.
Assuming that two elements A and B are represented
by the shifted standard basis, the product C of A and B is
calculated as
By summing up the corresponding terms in a i' a i B for 1
£ i £ m, and one extra term, each term of the product C is
calculated using
(2)
Each term in Eq. (2) is extended and determined by
Table 1. An example with m = 4 for the permutation P
i
j
0
1
2
3
1
2
4
3
(4)
Based on Eq. (1), we have
(5)
426
Che Wun Chiou et al.
If c1' = 1, then the polynomial a + a2 + a3 + … + am may
be summed into C. Thus, the modification for C is
represented as
Inputs for P1 are assigned the following values:
Outputs for P1 are given by
Finally, the inverse permutation P-1 is adopted to
transform the shifted standard basis N’ into the original
normal basis N as follows
Apply b0' = 0 and b0' directly to the flip-flop D0.
Inputs for P2 are loaded with the following values:
The final result C = A * B is given by
Outputs from P2 are given as
Figure 1 illustrates the hardware implementation of
the proposed algorithm. Permutations P1 and P2 belong
to permutation P, and permutation P3 belongs to the inverse permutation P-1. The functions of P1, P2 and P3,
each with m inputs and m outputs are defined by
Load a 0' = 0 and a 0' into flip-flop S0.
Both shift registers D and S have (m+1) flip-flops,
and are defined as
Figure 1. The proposed normal basis multiplier in GF(2m).
Sequential Type-I Optimal Normal Basis Multiplier and Multiplicative Inverse in GF(2m)
Di(t) and Si(t) are the contents of bit i of D and S after
t clock cycles, respectively. Both shift registers D and S
with parallel load capability are initially loaded with the
following values:
Figure 2 displays the circuit of cell Ui (0 £ i £ m). All
1-bit latches in every U cell are initialized to zero, and include the temporary product C after (m+1) clocks. Cell
Ui performs the following function:
The final result C is obtained through permutation
P3. Table 2 compares various normal basis multipliers in
GF(2m). The proposed normal basis multiplier needs
m+1 2-input AND gates, 2m+1 2-input XOR gates and
427
3m+3 1-bit flip-flops, while the RMH multiplier [26] requires m 2-input AND gates, 1.5m 2-input XOR gates
and 3m 1-bit flip-flops. Transistor count is performed using a standard CMOS VLSI realization. In CMOS VLSI
technology, 2-input AND, 2-input XOR and 1-bit latch
comprise 6, 6 and 8 transistors, respectively [35,36].
Real circuits such as M74HC86 (STMicroelectronics,
XOR gate, tPD = 12ns (TYP.)) [37], M74HC08 (STMicroelectronics, AND gate, tPD = 7ns (TYP.)) [38], and
M74HC279 (STMicroelectronics, SR Latch, tPD = 13ns
(TYP.)) [39] were utilized to compare time complexity.
Table 3 shows the comparison results for various values
of m. The proposed multiplier requires slightly more
space complexity (about 8%) than the RMH multiplier
[26], but about 27% faster than the RMH multiplier [26].
Moreover, the proposed sequential normal basis multiplier is regular and expandable, and is therefore naturally
suited to VLSI implementation. As compared to another
RMH multiplier in [29], our proposed multiplier needs
no more than 1% space complexity and saves about 25%
time complexity. The proposed multiplier requires about
0.2% more space complexity and about 4% more time
complexity than Agnew’s multiplier [30], but unlike
Agnew’s multiplier provides a regular structure.
4. The Proposed Normal Basis Multiplicative
Inverter
Figure 2. The detail circuit of the cell U.
Multiplicative inversion is highly complex and most
studied finite field arithmetic operation. Three conventional approaches for finding an inverse element in a finite field are the table lookup, extended Euclidean and
repeated exponentiation algorithms [40]. The first two
algorithms are normally not easily realized in a VLSI cir-
Table 2. Comparison of various normal basis multipliers in GF(2m)
Multipliers
Massey-Omura [23]
Koç-Sunar [10]
Hasan et al. [13]
PR_MO [25]
Agnew et al. [30]
Reyhani-Masoleh & Hasan [26]
Reyhani-Masoleh & Hasan [29]
(b-SMPOI)
Figure 1
#AND
2
#XOR
#FF
Time delay
TA+(1+élog2(m-1)ù)TX
TA+(2+élog2(m-1)ù)TX
TA+(1+élog2(m-1)ù)TX
TA+(1+élog2(m-1)ù)TX
m(TA+2TX)
m(TA+2TX+TL)
m(TA+3TX)
2
m
m2
m2
m2
m2
m2
ém/2ù+1
2m -2m
m2-1
m2-1
m2-1
2m-1
1.5m
2m-1+ém/2ù
3m
3m
3m
m+1
2m+1
3m+3
(m+1)(TA+TX+TL)
428
Che Wun Chiou et al.
Table 3. Comparison of both space and time complexities of multipliers for various m values
Multipliers
Massey-Omura [23]
Koç-Sunar [10]
Hasan et al. [13]
PR_MO [25]
Agnew et al. [30]
Reyhani-Masoleh & Hasan [26]
Reyhani-Masoleh & Hasan [29] (b-SMPOI)
Figure 1
Space complexity
(unit: transistor)
m = 138
m = 522
m = 138
m = 522
341136
228522
228522
228522
005790
005382
005796
005832
4898448
3269802
3269802
3269802
0021918
0020358
0021924
0021960
0115
0127
0115
0115
4278
6072
5934
4448
00139
00151
00139
00139
16182
22968
22446
16736
cuit. However, Horng and Wei [41] proposed VLSI architectures for inverters based on Euclid’s algorithm and
the polynomial basis representation in 1994. The exponentiation algorithm based on the Fermat’s theorem
employs the iterative multiply-square algorithm. As mentioned previously, squaring of an element in GF(2m) in
the normal basis representation is performed using a simple cyclic shift. Existing normal basis multipliers based
on Fermat’s theorem [12,13,24] using XOR trees for low
time complexity are neither regular nor modular, and
hence are not suitable for VLSI implementation. This
investigation develops a novel multiplicative inversion
based on the proposed normal basis multiplier.
m
From Fermat’s theorem, for every B Î GF(2m), B 2
= B yielding
(6)
Figure 3 shows the hardware implementation based
on Eq. (6). The shift register T, which comprises m
flip-flops, responds to the squaring computation of B2,
m- 1
64
47
44
8
2 2
(B ) , …, and (... ( B 2 ) 2 ... ) 2 . Permutations P1 and P2 belong to permutation P and P-1, respectively. The associated algorithm is described as follows:
Algorithm-A:
/* Computing B-1 */
Time Complexity
(unit: ns)
Step 1: Initialization
(1) Reset all 1-bit latches in cells Ui for 0 £ i £ m to 0s.
(2) Load operand B into shift register T.
Step 2: Deriving B2
(1) Shift T to left by one bit.
(2) D0 = 0, load D with T through permutation P1.
(3) Do not shift D.
(4) S0 = 1
(5) Load final B2 into shift register S.
(6) S0 = 0
Step 3: Squaring and multiplication
(1) Shift T to left by one bit.
(2) D0 = 0; load D with T through permutation P1.
(3) Shift D and S one bit for each clock cycle. After
m+1 clock cycles, obtain D*S and store it in S.
Step 4: Repeat Step 3 m-3 times. Determine the final result of B-1 from the output of permutation P2.
Table 4 compares various normal basis bit-parallel
inverters. The proposed inverter requires a space complexity of O(m). The time complexity of the proposed inverter is O(m2), which is longer than that of other inverters with O(m´log2m). However, the proposed inverter is
regular and modular, making it very attractive for VLSI
implementation. Table 5 compares inverters for various
m values. The proposed inverter requires about 17%
more time-area complexity than existing inverters proposed by Hasan et al. [13], when m is a small value (for
instance, m = 138), but saves about 4% time-area complexity when m is large (for example, m = 522). The most
Sequential Type-I Optimal Normal Basis Multiplier and Multiplicative Inverse in GF(2m)
429
Figure 3. The proposed normal basis multiplicative inverter in GF(2m).
Table 4. Comparison of various normal basis inverters in GF(2m)
Inverters
Wang et al. [24]
ITM [12]
Hasan et al. [13]
Figure 3
#AND
2
m
m2+2m+1
m2
m+1
#XOR
#FF
Time delay
2
2m
2m+2
2m+1
4m+3
(m-2)(TA+(1+élog2(m-1)ù)TX)
(m-2)(TA+élog2m+log2(m+2)ùTX)
(m-2)(TA+(1+élog2(m-1)ù)TX)+TX
m(m+1)(TA+TX+TL)
2m -2m
m2+3m
m2+2m-3
2m+1
Table 5. Comparison of both space and time complexities of inverters for various m values
Inverters
Wang et al. [24]
ITM [12]
Hasan et al. [13]
Figure 3
Space complexity
(unit: transistor)
Time complexity
(unit: ns)
Time-area complexity
(unit: 106 transistor ´ ns)
m = 138
m = 522
m = 138
m = 522
m = 138
m = 522
343344
234898
232382
006936
4906800
3293842
3284414
0026136
015640
027064
015652
613824
0072280
0128440
0072292
8736192
5321
6334
3624
4235
354271
422924
237134
228012
popular and frequently used key lengths in modern cryptosystems are ranged from 60 to 600, hence the comparison of time-area complexity between Hasan’s inverter
[13] and the proposed inverter in Figure 3 is drawn in
Figure 4 during the range from 100 to 700. Figure 4
shows our proposed inverter needs slightly more timearea complexity than Hasan’s inverter [13] if m is
smaller than 522. If m is larger than or equal to 522, our
proposed inverter provides better time-area complexity
than Hasan’s inverter [13].
5. Conclusion
This study has presented a novel sequential semi-
430
Che Wun Chiou et al.
Figure 4. Comparison of time-area complexity for both Hasan [13] and Figure 3.
systolic Type-I ONB normal basis multiplier which is
regular, expandable and modular, making it easily realizable with currently available VLSI technology. The proposed multiplier requires little more space complexity
than the RMH multiplier, but provides faster propagation
delay than the RMH multiplier. A new normal basis inverter, which is based on the proposed multiplier and is
appropriate for VLSI implementation has been developed. The proposed inverter provides better time-area
complexity than existing inverters with large values of m.
Acknomledgments
The authors would like to thank anonymous referees
and the editor for carefully reading the paper and for
their great help in improving the paper. The authors
would also like to thank the National Science Council of
the Republic of China, Taiwan for financially supporting
this research under Contract No. NSC 97-2221-E-231006.
References
[1] MacWilliams, F. J. and Sloane, N. J. A., The Theory of
Error-Correcting Codes, Amsterdam: North-Holland
(1977).
[2] Lidl, R. and Niederreiter, H., Introduction to Finite
Fields and Their Applications, New York: Cambridge
Univ. Press (1994).
[3] Blahut, R. E., Fast Algorithms for Digital Signal Pro-
cessing, Reading, Mass.: Addison-Wesley (1985).
[4] Reed, I. S. and Truong, T. K., “The Use of Finite Fields
to Compute Convolutions,” IEEE Trans. Information
Theory, Vol. IT-21, pp. 208-213 (1975).
[5] Benjauthrit, B. and Reed, I. S., “Galois Switching
Functions and Their Applications,” IEEE Trans. Computers, Vol. C-25, pp. 78-86 (1976).
[6] Wang, C. C. and Pei, D., “A VLSI Design for Computing Exponentiation in GF(2m) and Its Application to
Generate Pseudorandom Number Sequences,” IEEE
Trans. Computers, Vol. 39, pp. 258-262 (1990).
[7] Bartee, T. C. and Schneider, D. J., “Computation with
Finite Fields,” Information and Computing, Vol. 6, pp.
79-98 (1963).
[8] Mastrovito, E. D., “VLSI Architectures for Multiplication over Finite Field GF(2m),” Applied Algebra, Algebraic Algorithms, and Error-Correcting Codes, Proc.
Sixth Int’l Conf., AAECC-6, T. Mora, ed., Rome, pp.
297-309 (1988).
[9] Mastrovito, E. D., “VLSI Architectures for Computations in Galois Fields,” PhD Thesis, Linköping Univ.,
Dept. of Electrical Eng., Linköping, Sweden (1991).
[10] Koç, Ç. K. and Sunar, B., “Low-Complexity Bit-Parallel Canonical and Normal Basis Multipliers for a Class
of Finite Fields,” IEEE Trans. Computers, Vol. 47, pp.
353-356 (1998).
[11] Lee, C. Y., “Low Complexity Bit-Parallel Systolic
Multiplier over GF(2m) Using Irreducible Trinomials,”
IEE Proc.-Comput. Digit. Tech., Vol. 150, pp. 39-42
(2003).
Sequential Type-I Optimal Normal Basis Multiplier and Multiplicative Inverse in GF(2m)
[12] Itoh, T. and Tsujii, S., “Structure of Parallel Multipliers
for a Class of Fields GF(2m),” Information and Computation, Vol. 83, pp. 21-40 (1989).
[13] Hasan, M. A., Wang, M. and Bhargava, V. K., “Modular Construction of Low Complexity Parallel Multipliers for a Class of Finite Fields GF(2m),” IEEE
Trans. Computers, Vol. 41, pp. 962-971 (1992).
[14] Lee, C. Y., Lu, E. H. and Lee, J. Y., “Bit-Parallel Systolic Multipliers for GF(2m) Fields Defined by All-One
and Equally-Spaced Polynomials,” IEEE Trans. Computers, Vol. 50, pp. 385-393 (2001).
[15] Paar, C., “A New Architecture for a Parallel Finite
Field Multiplier with Low Complexity Based on Composite Fields,” IEEE Trans. Computers, Vol. 45, pp.
856-861 (1996).
[16] Paar, C., Fleischmann, P. and Roelse, P., “Efficient
Multiplier Architectures for Galois Fields GF(24n),”
IEEE Trans. Computers, Vol. 47, pp. 162-170 (1998).
[17] Chiou, C. W., Lin, L. C., Chou, F. H. and Shu, S. F.,
“Low Complexity Finite Field Multiplier Using Irreducible Trinomials,” IEE Electronics Letters, Vol. 39,
pp. 1709-1711 (2003).
[18] Kitsos, P., Theodoridis, G. and Koufopavlou, O., “An
Efficient Reconfigurable Multiplier Architecture for
Galois Field GF(2m),” Microelectronics Journal, Vol.
34, pp. 975-980 (2003).
[19] Berlekamp, E. R., “Bit-Serial Reed-Solomon Encoders,” IEEE Trans. Information Theory, Vol. IT-28,
pp. 869-874 (1982).
[20] Wu, H., Hasan, M. A. and Blake, I. F., “New LowComplexity Bit-Parallel Finite Field Multipliers Using
Weakly Dual Bases,” IEEE Trans. Computers, Vol. 47,
pp. 1223-1234 (1998).
[21] Wu, H. and Hasan, M. A., “Low Complexity Bit-Parallel Multipliers for a Class of Finite Fields,” IEEE
Trans. Computers, Vol. 47, pp. 883-887 (1998).
[22] Lee, C. Y., Chiou, C. W. and Lin, J. M., “Low-Complexity Bit-Parallel Dual Basis Multipliers Using the
Modified Booth’s Algorithm,” Computers & Electrical Engineering, Vol. 31, pp. 444-459 (2005).
[23] Massey, J. L. and Omura, J. K., “Computational Method and Apparatus for Finite Field Arithmetic,” U.S.
Patent Number 4,587,627, May (1986).
[24] Wang, C. C., Truong, T. K., Shao, H. M., Deutsch, L.
J., Omura, J. K. and Reed, I. S., “VLSI Architectures
for Computing Multiplications and Inverses in GF(2m),”
431
IEEE Trans. Computers, Vol. C-34, pp. 709-717 (1985).
[25] Reyhani-Masoleh, A. and Hasan, M. A., “A New Construction of Massey-Omura Parallel Multiplier over
GF(2m),” IEEE Trans. Computers, Vol. 51, pp. 511520 (2002).
[26] Reyhani-Masoleh, A. and Hasan, M. A., “Low Complexity Sequential Normal Basis Multipliers over
GF(2m),” Proc. 16 th IEEE Symposium on Computer
Arithmetic, Vol. 16, pp. 188-195 (2003).
[27] Reyhani-Masoleh, A. and Hasan, M. A., “Fast Normal
Basis Multiplication Using General Purpose Processors,” IEEE Trans. Computers, Vol. 52, pp. 13791390 (2003).
[28] Reyhani-Masoleh, A., “Efficient Algorithms and Architectures for Field Multiplication Using Gaussian
Normal Bases,” IEEE Trans. Computers, Vol. 55, pp.
34-47 (2006).
[29] Reyhani-Masoleh, A. and Hasan, M. A., “Low Complexity Word-Level Sequential Normal Basis Multipliers,” IEEE Trans. Computers, Vol. 54, pp. 98-110
(2005).
[30] Agnew, G. B., Mullin, R. C., Onyszchuk, I. M. and
Vanstone, S. A., “An Implementation for a Fast Public-Key Cryptosystem,” Journal of Cryptology, Vol. 3,
pp. 63-79 (1991).
[31] Lee, C. Y. and Chiou, C. W., “Efficient Design of
Low-Complexity Bit-Parallel Systolic Hankel Multipliers to Implement Multiplication in Normal and Dual
Bases of GF(2m),” IEICE Transactions on Fundamentals of Electronics, Communications and Computer
Science, Vol. E88-A, pp. 3169-3179 (2005).
[32] Chiou, C. W. and Lee, C. Y., “Multiplexer-Based
Double-Exponentiation for Normal Basis of GF(2m),”
Computers & Security, Vol. 24, pp. 83-86 (2005).
[33] Hasan, M. A., Wang, M. Z. and Bhargava, V. K., “A
Modified Massey-Omura Parallel Multiplier for a Class
of Finite Fields,” IEEE Trans. Computers, Vol. 42, pp.
1278-1280 (1993).
[34] Applications of Finite Fields, A. J. Menezes, ed.,
Boston: Kluwer Academic (1993).
[35] Baker, R. J., Li, H. W. and Boyce, D. E., CMOS-Circuit, Design, Layout, and Simulation, IEEE Press,
New York (1998).
[36] Kang, S. M. and Leblebici, Y., CMOS Digital Integrated Circuits-Analysis and Design, McGraw-Hill
(1999).
432
Che Wun Chiou et al.
[37] http://www.st.com/stonline/books/pdf/docs/2006.pdf.
[38] http://www.st.com/stonline/books/pdf/docs/1885.pdf.
[39] http://www.st.com/stonline/products/literature/ds/
1937/m74hc279.pdf.
[40] Menezes, A., Van Oorschot, P. C. and Vanstone, S. A.,
Handbook of Applied Cryptology, CRC Press, New
York (1997).
[41] Horng, Y. T. and Wei, S. W., “Fast Inverters and Dividers for Finite Field GF(2m),” Proc. of 1994 IEE
Asia-Pacific Conference on Circuits and Systems, Taiwan, pp. 206-211 (1994).
Manuscript Received: Feb. 27, 2008
Accepted: Jun. 11, 2009