An area/performance trade-off analysis of a GF(2) multiplier architecture for elliptic curve cryptography

A hardware architecture for GF(2 m) multiplication and its evaluation in a hardware architecture for elliptic curve scalar multiplication is presented. The architecture is a parameter-izable digit-serial implementation for any field order m. Area/performance trade-off results of the hardware implementation of the multiplier in an FPGA are presented and discussed. Finite fields like the binary GF(2 m) and the prime GF(p) have been used successfully in error correction codes and cryptographic algorithms. In elliptic curve cryptography (ECC), the overall performance of cryptographic ECC schemes is hardly determined by arithmetic in GF(2 m), being inversion and multiplication the most time consuming operations. According to the literature, arithmetic in GF(2 m) binary fields using polynomial basis leads to efficient hardware implementations of ECC. Some works related to hardware implementation of ECC have reported parameterizable GF(2 m) arithmetic units to compute the most time consuming operation in elliptic curve cryptography, the scalar multiplication. Those architectures are based on a diversity of multiplication algorithms, for example: Massey Omura multipliers [1], linear feedback shift registers mul-tipliers [2], Karatsuba [3,4], and digit-serial multipliers [5]. Other works have studied and implemented GF(2 m) multipliers using polynomial basis like [8,9]. Others have used different algorithms, like the Montgomery multiplication [10,11]. Although, from the architectural point of view, it is well known that the arithmetic unit has a big impact in the timing and area of hardware for scalar multiplication, it is not clear whether the architecture performance is due to the parallelism in the multipliers, the number of multipliers, or the kind of multipliers used. This technical communication presents the hardware architecture of a GF(2 m) digit-serial multiplier and evaluates the area/performance trade off, considering various digit sizes d and finite field orders m. 2. GF(2 m) multiplication architecture Multiplication in GF(2 m) in polynomial basis is the operation A(x) Ã B(x) mod F(x), that can be computed using a variety of proposed algorithms in the literature. On the one hand, serial or bit-serial algorithms, consider each individual bit of the operand B(x) which implies a latency for multiplication of m clock cycles. On the other hand, digit-serial multipliers consider a group of d bits of operand B(x) at time and perform the multiplication in m/d cycles. However, it is not clear which is the 0045-7906/$-see front matter Ó 2008 Elsevier Ltd. All rights reserved.