Redundant Trinomials for Finite Fields of Characteristic 2

In this paper we introduce so-called redundant trinomials to represent elements of nite elds of characteristic 2. The concept is in fact similar to almost irreducible trinomials introduced by Brent and Zimmermann in the context of random numbers generators in [BZ ]. See also [BZ]. In fact, Blake et al. [BGL , BGL ] and Tromp et al. [TZZ ] explored also similar ideas some years ago. However redundant trinomials have been discovered independently and this paper develops applications to cryptography, especially based on elliptic curves. After recalling well known techniques to perform e cient arithmetic in extensions of F2, we describe redundant trinomial bases and discuss how to implement them e ciently. They are well suited to build F2n when no irreducible trinomial of degree n exists. Depending on n ∈ [2, 10, 000] tests with NTL show that improvements for squaring and exponentiation are respectively up to 45% and 25%. More attention is given to relevant extension degrees for doing elliptic and hyperelliptic curve cryptography. For this range, a scalar multiplication can be speeded up by a factor up to 15%.