Abstract: A method is described for multiplying two factors from the Galois field GF (2m*p), where each of the factors can be represented as a vector of p sub-blocks with a width of m bits and p, m are positive integers greater than 1, which method includes the following steps:

Abstract: A flexible Galois Field multiplier is provided which implements multiplication of two elements within a finite field defined by a degree and generator polynomial. One preferred embodiment provides a method for multiplying two elements of a finite field. According to the method, two input operands are mapped into a composite finite field, an initial KOA processing is performed upon the two operands in order to prepare the two operands for a multiplication in the ground field, the multiplication in the ground field is performed through the use of a triangular basis multiplier, and final KOA3 processing and optional modulo reduction processing is performed to produce the result. This design allows rapid redefinition of the degree and generator polynomial used for the ground field and the extension field.

Abstract: A Galois field linear transformer includes a matrix responsive to a number of input bits in one or more bit streams and having a plurality of outputs providing the Galois field linear transformation of those bits; the matrix includes a plurality of cells, each cell including an exclusive OR logic circuit and AND logic circuit having an output connected to the exclusive OR logic circuit and an input connected to one of the input bits and a programmable storage device for providing an input to its associated AND logic circuit for setting the matrix to obtain a multi-cycle Galois field linear transformation of the inputs in a single cycle.

Abstract: A reconfigurable input Galois field linear transformer system includes a Galois field linear transformer including a matrix of cells; a plurality of storage planes for storing control patterns representing a number of different functions; a storage plane selector circuit for selecting a storage plane representing a function for enabling the cells of the matrix which defines that function; and a reconfigurable input circuit for delivering input data to the enabled cells to apply that function to the input data.

Abstract: A multiplication circuit with an accumulator is provided. The multiplication circuit includes first latch circuits, second latch circuits, and elementary adders that are cascade-coupled to one another in series through the first latch circuits. Each of the adders has its carry output coupled to one of its inputs through one of the second latch circuits. Additionally, cancellation circuitry cancels the contents of each of the second latch circuits at least during selected multiplication operations so as to carry out multiplication operations in a Galois field. In some preferred embodiments, the cancellation circuitry includes a logic gate that receives a selection signal indicating the mode of operation, and the logic gate sets and holds the second latch circuits at zero when the selection signal indicates that the multiplication operation is to be done in a Galois field.

Abstract: A means and a method applied in syndrome generation in the Video/Audio processing system is disclosed. The syndromes thereof are effectively and rapidly generated simply using shift register and an exclusive or adder by a recursive operation. For the code words having a number of bytes, the syndromes can be generated by repeating exclusive or (XOR) operation between a shift bit and the above-mentioned bytes, without the extra step of table-matching, saving large memory capacity, greatly reducing the operation cycle and completing the operation rapidly.

Abstract: A Galois field multiply/multiply-add/multiply-accumulate system includes a multiplier circuit for multiplying two polynomials with coefficients over a Galois field to obtain their product; a Galois field linear transformer circuit responsive to the multiplier circuit for predicting the modulo remainder of the polynomial product for an irreducible polynomial; a storage circuit for supplying to the Galois field linear transformer circuit a set of coefficient for predicting the modulo remainder for a predetermined irreducible polynomial; and a Galois field adder circuit for adding the product of the multiplier circuit with a third polynomial with coefficients over a Galois field for performing the multiplication and add operations in a single cycle.

Abstract: A Galois field multiplier system includes a multiplier circuit for multiplying two polynomials with coefficients over a Galois field to obtain their product; a Galois field linear transformer circuit responsive to the multiplier circuit for predicting the modulo remainder of the polynomial product for an irreducible polynomial; and a storage circuit for supplying to the Galois field linear transformer circuit a set of coefficients for predicting the modulo remainder for predetermined irreducible polynomial.

Abstract: A Galois field linear transformer includes a matrix responsive to a number of input bits in one or more bit streams and having a plurality of outputs providing the Galois field linear transformation of those bits; the matrix includes a plurality of cells, each cell including an exclusive OR logic circuit and AND logic circuit having an output connected to the exclusive OR logic circuit and an input connected to one of the input bits and a programmable storage device for providing an input to its associated AND logic circuit for setting the matrix to obtain a multi-cycle Galois field linear transformation of the inputs in a single cycle.

Abstract: A technique which implements a primitive for computing, e.g., a checksum. Specifically, this primitive replaces a mod(M) operation with a series of simple elementary register operations. These operations include mod 2n multiplications, order manipulations (e.g., byte or word swaps), and additions—all of which are extremely simple to implement and require very few processing cycles to execute. Hence, use of our inventive technique can significantly reduce the processing time to compute various cryptographic parameters, such as, e.g., a message authentication code (MAC), or to implement a stream cipher, over that conventionally required. This technique has both invertible and non-invertible variants.

Abstract: Finite field elements from the field GF(2k) are represented as polynomials with binary valued coefficients. As such, multiplication in the field is defined modulo an irreducible polynomial of degree k−1. One of the multiplicands is treated in blocks of polynomials of degree n−1 so that the multiplier operates over T cycles where k=nT. If k is not a composite number to start with, higher order terms are added, so that multipliers are now constructable even when k is prime. Since n<k, the construction of the needed multiplier circuits are much simpler. Designers are now provided with an opportunity of easily trading off circuit speed for circuit complexity in an orderly and structured fashion.

Abstract: There is provided an apparatus for summing bivectors, e.g. double vectors (alternatively referred to as bivectors) each having a plurality of pairs of elements selected from a predetermined finite field, the apparatus including (a) a device for inputting bivectors X1 and X2, and parameters A (e.g., a3 to a13) for defining a curve therethrough, (b) a first memory for storing the bivector X1 therein, (c) a second memory for storing the bivector X2 therein, (d) a third memory for storing the parameters A therein, and (e) a device for reading the bivectors X1 and X2, and the parameters A out of the first, second and third memories, respectively, and, when the bivectors X1 and X2 are supposed to be coordinate value rows of points in point-sets Q1 and Q2 on the curve defined with the parameters A, operating a bivector X3 comprised of coordinate value row of points in a point-set Q3 equal to a sum of the point-sets Q1 and Q2 in Jacobian group of the curve defined with the parameters A.

Abstract: A linear systolic array Montgomery multiplier circuit that concurrently processes two separate Montgomery multiplications on alternate clock cycles, without a requirement to have any common parameters between the two multiplications. Multiples of two different parameters are stored in storage elements for each multiplication. Two sets of these multiples, one set for each of the two multiplications, are stored in separate storage banks and accessed on alternate clock cycles by each processing element in the array. Two sequences of control codes for the two multiplications are interleaved as they are fed into a first processing element.

Abstract: Efficient parallel processing of algorithms involving Galois Field arithmetic use data slicing techniques to execute arithmetic operations on a computing hardware having SIMD architectures. A W-bit wide word computer capable of operating on one or more sets of k-bit operands executes Galois Field arithmetic by mapping arithmetic operations of Galois Field GF(2n) to corresponding operations in subfields lower order (m<n), which one selected on the basis of an appropriate cost function. These corresponding operations are able to be simultaneously executed on the W-bit wide computer such that the results of the arithmetic operations in Galois Field GF(2n) are obtained in k/W as many cycles of the W-bit computer compared with execution of the corresponding operations on a k-bit computer.

Abstract: A parallel, recursive system for generating and checking a CRC value is disclosed, in which the feedback and forward terms are separated, and the forward terms are reduced. Forward logic, which implements the forward terms, is responsive to a number of bits received from the unit of data, and performs logic operations reflecting the reduced forward logic terms on bits received from the unit of data, to produce a first output. In some cases the forward logic is a direct connection to a number of exclusive-OR logic gates. Feedback logic, responsive to an output of a remainder register, operates to perform feedback logic operations reflecting the feedback terms, on an output of the remainder register to produce a second output. The second output is also coupled to the exclusive-OR logic gates. The exclusive-OR logic gates perform a bit-wise exclusive-OR logic operation on the first output and the second output to produce an input of the remainder register.

Abstract: A method and apparatus for dividing a long polynomial expression in a finite field. Elements in a dividend polynomial are grouped into a plurality of groups and combined according to a superposition of the finite field. Then, a group-based parallel processing operation is performed with respect to the combined results on the basis of a lookahead technique and a partial-division process to sequentially remove the groups up to the last one for inter-symbol division in the finite field. A first group storage block stores the first one of the groups and an intermediate group storage block adds partial-remainders from the previous and current groups to form a new intermediate group. A remainder generation block adds partial-remainders from the previous and last groups to generate the overall remainder. A partial-quotient generation block generates partial-quotients in response to output data from the first group storage block and intermediate group storage block.

Abstract: A practical Galois field arithmetic processor capable of high-speed operation with a simple configuration is disclosed. The processor comprises an instruction decoder, an arithmetic unit including a Galois field vector adder, a Galois field vector multiplier and a Galois exponent adder-subtractor for executing the Galois field arithmetic operation on first and second operands. In the case where the arithmetic unit includes at least a Galois field vector adder and a Galois field vector multiplier, an exponent-vector conversion circuit is provided for converting the second operand from an exponential expression into a vectorial expression, and an instruction is provided for performing the Galois field operation on the vectorially expressed first operand and the exponentially expressed second operand.

Abstract: A general finite-field multiplier and the method of the same are disclosed for the operation of the finite-field multipliers of various specifications. In the multiplier, AND gates and XOR gates are used as primary components, and the inputs include two elements A and B to be multiplied and the coefficients of a variable polynomial p(x). This multiplier can be applied to the finite-field elements of different bit number. After all the coefficients of the A, B and p(x) are input, the values of a desired C can be obtained rapidly. Since the output values are parallel output, the application is very convenient. Furthermore, the multiplier can be used in the RS chip for different specifications.

Abstract: A method for calculating greatest common divisors and modular inverses using the extended Jebelean GCD algorithm keeps track of the number of times that U3 and V3 have been divided by two in the process of calculating the greatest common divisor and correct the modular inverse for these divisions. The shifting of the binary values representing U3 that occurs during the calculation of the GCD is accomplished by changing the position of respective pointers to bit positions in the binary values rather than implementing a shifting operation.

Abstract: There is provided a root finding circuit of a quadratic polynomial over a finite field, capable of operating at high speed and making the circuit scale in implementation small. The root finding circuit includes m−3 cascade-connected exclusive OR gates X(1, 0) to X(1, m−4) each supplied with a corresponding bit of an arbitrary element “a=(a0, a1, . . . , am−1)” over a finite field GF(2m) at a first input thereof and each supplied with output of an exclusive OR gate of an immediately preceding stage at a second input, a second input of only X(1, 0) being supplied with am−1 instead of the output of an exclusive OR gate of an immediately preceding stage, and m/2−1 exclusive OR gates X(2, 0) to x(2, m/2−2) respectively supplied with am−1 and outputs of X(1, 1), X(1, 3), . . . , X(1, m−5) at first inputs and each supplied with a0 at a second input thereof.

Abstract: A combinatorial polynomial multiplier for Galois Field 256 arithmetic utilizes fewer components than an iterative Galois Field 256 arithmetic multiplier and operates 8 times faster. The combinatorial multiplier employs AND and XOR functions and operates in a single clock cycle. It can reduce the number of transistors required for the Galois Field 256 arithmetic multiplier for a Reed-Solomon decoder by almost 90%.

Abstract: A system determines the multiplicative inverse of A∈GF(22M) by representing A using a selected basis in which basis elements are squares of one another, and performing various operations that involve raising A to powers of 2 as cyclic rotations of A. The system also performs multiplication operations over GF(22M) or subfields thereof by calculating the coefficients of the product of two elements A and B that are represented using the selected basis as combinations of the coefficients of cyclically rotated versions of A and B. The system further utilizes a relatively small look-up table that contains the multiplicative inverses of selected elements of a subfield of GF(22M). The system may then cyclically rotate the multiplicative inverse values read from the table to produce the multiplicative inverses of the remaining elements of the subfield.

Abstract: A method and apparatus are shown for performing efficient arithmetic on binary vectors in a finite field. Typically, there is an efficient algorithm within an execution context, such as hardware or software, for performing a selected arithmetic operation on an operand. When the operand is in a first representative format and the efficient algorithm operates in an alternative representation format, then the operand is permutated from the first representative format to the alternative representation format. The efficient algorithm is then performed on the operand in the alternative representation format in order to obtain a result in the alternative representation format. The result is then permutated from the alternative representation format to the first representation format.

Abstract: In an IC card incorporating residual multiplier hardware for implementing a high-speed algorithm for a residual multiplication arithmetic, a method and a device capable of executing public key encryption processing such as an elliptic curve encryption processing at a high speed. Residual arithmetic succeeding to generation of a random number and residual arithmetic in a signature generating processing can be executed by using a residual multiplier. Further, in order to use effectively the residual multiplier for arithmetic operation on an elliptic curve, the point on the elliptic curve is transformed from a two-dimensional affine coordinate system to a three-dimensional coordinate system. Additionally, multiplicative inverse arithmetic for realizing reverse transformation from the three-dimensional coordinate system to the two-dimensional affine coordinate system as well as for determining a signature s can be executed only with the residual multiplication arithmetic.

Abstract: One embodiment of the present invention provides a system that performs modular division. This system contains a number of registers, including: a register A that is initialized with a value X; a register U that is initialized with a value Y; a register B that is initialized with a value M; and a register V that is initialized with a value 0. The system also includes a counter CA that indicates an upper bound for the most-significant non-zero bit of register A. It also includes a counter CB that indicates an upper bound for the most-significant non-zero bit of register B. The system additionally includes a temporary register H, and a temporary register L. An updating mechanism is configured to iteratively reduce the contents of registers A and B to a value of one by applying a plurality of operations to registers A, B, U and V. During operation, this updating mechanism temporarily stores A+B in the temporary register H, and temporarily stores U+V in the temporary register L.

Abstract: Finite field multiplication of first and second Galois elements having n bit places and belonging to a Galois field GF 2n described by an irreducible polynomial is performed by forming an intermediate result Z of intermediate sums of partial products of bit width 2n−2 in an addition part of a Galois multiplier. The intermediate result Z is processed in a reduction part of a Galois multiplier by modulo dividing by the irreducible polynomial, whereby after all XOR's are traversed a result E with n bits is computed.

Abstract: One embodiment of the present invention provides a system that performs modular division. This system contains a number of registers, including: a register A that is initialized with a value X; a register U that is initialized with a value Y; a register B that is initialized with a value M; and a register V that is initialized with a value 0. The system also includes a temporary register H, and a temporary register L. An updating mechanism is configured to iteratively reduce the contents of registers A and B to a value of one by applying a plurality of operations to registers A, B, U and V. During operation, this updating mechanism temporarily stores A+B in the temporary register H, and temporarily stores U+V in the temporary register L.

Abstract: A table matching method for multiplication of elements in Galois Field. First, a table of the byte value in Galois Field and the corresponding exponent is formed in the hardware. To perform the multiplication between two elements in the Galois Field, the corresponding exponents of the two elements are found out in advance. The two exponents are then added up to obtain a sum. Then, by using the table, a corresponding byte value of the sum can be obtained. The byte value is the product of the two elements in the Galois Field.

Abstract: In an apparatus for calculating m-multiplication of a rational point over an elliptic curve defined over a finite field, a base-&phgr; expansion part calculates c0, c1, . . .

Abstract: The operation Y0=(X*J0) mod 2Bt is implemented directly within a coprocessor to eliminate the need for, a register of Bt=m*k bits within the coprocessor. This eliminated register enables the storage of a data element during the computation of Y0. The operation S=A*B mod 2m*k is implemented with a circuit including at least three registers and a multiplication circuit. One of the registers simultaneously stores S and an intermediate result. To improve the method, a second multiplication circuit and registers of variable sizes are used.

Abstract: A new scheme for fast realization of encryption, decryption and authentication which can overcome the problems of the RSA cryptosystem is disclosed. The encryption obtains a ciphertext C from a plaintext M according to C≡Me (mod n) using a first secret key given by N (≧2) prime numbers p1, p2, . . . , pN, a first public key n given by a product p1k1 p2k2 . . . pNkN where k1, k2, . . . , kN are arbitrary positive integers, a second public key e and a second secret key d which satisfy ed≡1 (mod L) where L is a least common multiple of p1−1, p2−1, . . . , pN−1. The decryption recovers the plaintext M by obtaining residues Mp1k1, Mp2k2, . . . , MpNkN modulo p1k1, p2k2, . . . , pNkN, respectively, of the plaintext M using a prescribed loop calculation with respect to the first secret key p1, p2, . . . , pN, and by applying the Chinese remainder theorem to the residues Mp1k1, Mp2k2, . . . , MpNkN. This encryption/decryption scheme can be utilized for realizing the authentication.

Abstract: A method for implementing an elliptic curve or discrete logarithm cryptosystem on inexpensive microprocessors is disclosed which provides for advantageous finite field computational performance on microprocessors having limited computational capabilities. The method can be employed with a variety of commercial and industrial imbedded microprocessor applications such as consumer smart cards, smart cards, wireless devices, personal digital assistants, and microprocessor controlled equipment. In one embodiment, an implementation based on the finite field GF((28−17)17) is disclosed for an Intel 8051 microcontroller, a popular commercial smart card microprocessor. The method is particularly suited for low end 8-bit and 16-bit processors either with or without a coprocessor.

Abstract: The invention provides improved techniques for multiplication of signals represented in a normal basis of a finite field. An illustrative embodiment includes a first rotator which receives a first input signal representative of a first normal basis field element (a0 a1 . . . am−1), and a second rotator which receives a second input signal representative of a second normal basis field element (b0 b1 . . . bm−1). A word multiplier receives output signals from the first and second rotators, corresponding to rotated representations of the first and second elements, respectively, and processes the rotated representations w bits at a time to generate an output signal representative of a product of the first and second elements, where w is a word length associated with the word multiplier. The rotated representation of the first element may be given by A[i]=(ai ai+1 . . .

Abstract: A new method and apparatus for speeding up cryptographic calculations relies on faster methods for automatically calculating the solutions of certain equations. This includes a faster method for modular division, and a faster method for solving quadratic equations in characteristic 2 fields. The improvement speeds up key exchange, encryption, and digital signatures.

Abstract: The invention provides a method for performing modular division adapted for division in integer fields. Integer modular divisions are used in the computation of Elliptic Curve digital signature generation and verification. The algorithm can be implemented to provide division in integer fields completed in 2(m−1) steps. This method provides a solution to the elliptical curve cryptosystems based on prime integer fields.

Abstract: A scalable multiplier architecture for the Galois field GF(2k) is implemented in a programmable circuit. This architecture may be used in an implementation of public-key cryptosystems which use programmable multipliers in large Galois fields. This architecture is also fine grain scalable in both the time and the area (or logic) dimensions.

Abstract: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism &PSgr;, where &PSgr;(Q)=&lgr;.Q for all points Q(x,y) on the elliptic curve: and using smaller representations ki of the scalar k in combination with the mapping &PSgr; to compute the scalar multiple of the elliptic curve point Q.

Abstract: A syndrome polynomial calculating circuit and a Reed-Solomon decoding circuit capable of performing a high-speed operation. Higher-order signals I1, I2 and I3 are inputted to first to third Galois field multiplication circuits. For each of S0, S1, S2 and S3, the multipliers are a6, a9, a12; a2, a4, a6, a8; a, a2, a3, a4. Outputs of first to third multiplication circuits and I4 are sent to an exclusive-OR gate, an output of which is sent to a D-F/F. An output of the D-F/F is sent to a fourth Galois field multiplication circuit and to an AND gate. For each of S0, S1, S2 and S3, multipliers of the fourth multiplication circuit are a4, a8, a12, a16. An output of the fourth multiplication circuit is sent to a fifth input of the exclusive OR gate. Clocks are input to the D-F/F and to a counter. The counter value is reset by the inputting of a frame pulse. The counter value is L or H for the counter value of 0 to 4 or 5, respectively. A counter output is sent to the AND gate.

Abstract: When power calculation (&agr;i) of &agr; as the element of a primitive polynomial on a Galois field is executed to make arithmetic operation of symbols at a time data is encoded in and decoded from a recording medium, a shift operation section of i bits and a reference table of the numbers of 2i are provided to calculate &agr;i.

Abstract: An implementation of a multi-dimensional galois field multiplier and a method of galois field multi-dimensional multiplication which are able to support many communication standards having various symbol sizes(16), different GFs(14), and different primitive polynomials(12), in a cost-efficient manner is disclosed. The key to allow a single implementation to perform for all different GF sizes is to shift the one of the two operands(16) and primitive polynomial(12) to the left and to shift the intermediate output ZO(28) to the right in dependence upon the relative size of the GF(14) as compared to the size of the operand, primitive polynomial or intermediate output, whichever is being shifted. The shifting of the above-mentioned signals allows the MULT-XOR arrays(26) to operate on all fields with the exact same hardware with a minimum delay of 2 gates per block or with a critical delay of 2 XOR gates.

Abstract: A multiplication module, including a first input unit and a second input unit, for multiplying m bits of data in a Galois field GF(2m) (m≧1), includes: first and second power arithmetic units for receiving the first m bits of data from the first input unit; a first multiplication unit for receiving the first m bits of data and the output of the first power arithmetic unit; a second multiplication unit for receiving second m bits of data from the second input unit and the output of the second power arithmetic unit; a selection unit for receiving an output signal from the second multiplication unit and the second m bits of data; and a control unit for outputting a control signal to the first power arithmetic unit, the second arithmetic unit and the selection unit, wherein the first power arithmetic unit receives a first control signal, the second power arithmetic unit receives a second control signal, and the selection unit receives a third control signal, for controlling the output of the selection unit, wh

Abstract: A co-processor (44) executes a mathematical algorithm that computes modular exponentiation equations for encrypting or decrypting data. A pipelined multiplier (56) receives sixteen bit data values stored in an A/B RAM (72) and generates a partial product. The generated partial product is summed in an adder (58) with a previous partial product stored in a product RAM (64). A modulo reducer (60) causes a binary data value N to be aligned and added to the summed value when a particular data bit location of the summed value has a logic one value. An N RAM (70) stores the data value N that is added in a modulo reducer (60) to the summed value. The co-processor (44) computes the Foster-Montgomery Reduction Algorithm and reduces the value of (A*B mod N) without having to first compute the value of &mgr; as is required in the Montgomery Reduction Algorithm.

Abstract: A method of cryptographic encryption and decryption by a recipient selecting a modulus p from p=(2dk−2ck−1)/r; p=(2dk−2(d−1)k+2(d−2)k−. . .

Abstract: A method of identifying user, generating digital signature, and verifying digital signature by selecting a modulus p in the form of p=(2dk−2ck−1)/r; p=(2dk−2(d−1)k+2(d−2)k−. . . −2k+1)/r; p=(2dk−2ck−1)/r; p=(2dk−2ck+1)/r; and p=(24k−23k+22k+1)/r; selecting an elliptic curve E and an order q; selecting a basepoint G; generating a private key w; generating a public key W=wG; distributing p, E, q, G, and W; retrieving a prover's private key w; retrieving the prover's public key W; generating a private integer k; combining k and the prover's G to form K using the prover's modulus p; sending K to the verifier; sending a challenge integer c to prover; combining c, k, and w to form a response integer v; sending v to the verifier; combining cG, K, and W using the prover's modulus p and checking to see if the combination is equal to vG. If not so, stop.

Abstract: The present disclosure provides an arithmetic processor having an arithmetic logic unit having a plurality of arithmetic circuits each for performing a group of associated arithmetic operations, such as finite field operations, or modular integer operations. The arithmetic logic unit has an operand input data bus, for receiving operand data thereon and a result data output bus for returning the results of the arithmetic operations thereon. A register file is coupled to the operand data bus and the result data bus. The register file is shared by the plurality of arithmetic circuits. Further a controller is coupled to the ALU and the register file, the controller selecting one of the plurality of arithmetic circuits in response to a mode control signal requesting an arithmetic operation and for controlling data access between the register file and the ALU and whereby the register file is shared by the arithmetic circuits.

Abstract: A cipher communication method by public key cryptosystem, being provably secure and highly efficient, wherein a sender generates ciphertext within a sender device using a receiver's public key and sends the ciphertext over a communication line, and a receiver decrypts the ciphertext using a secret key. For n=pdq (p and q are prime integers, and pq is k bits), a plaintext space is set to be a subset of an open set (0,2k−2) and small residue groups, and an algorithm is formed so that the relationship among solutions of plural second-order equations can be clarified. This has enabled security to be proved by equivalence with the difficulty of the problem of prime factorization, and has achieved faster decryption processing, compared with conventional methods.

Abstract: Methods and apparatus for multiplication in the Galois field GF(2m) are provided. The methods transform elements of the Galois field into a basis obtained by a permutation of an optimal normal basis. In an embodiment, a multiplier is provided that includes m2 AND gates and 1.5(m2−m) XOR gates. The methods are implemented in hardware such as integrated circuits or in software instructions stored in a computer readable medium such as a hard disk.

Abstract: A syndrome polynomial calculating circuit and a Reed-Solomon decoding circuit capable of performing a high-speed operation. Higher-order signals I1, I2 and I3 are inputted to first to third Galois field multiplication circuits. For each of S0, S1, S2 and S3, the multipliers are a a6, a9, a12; a2, a4, a6, a8; a, a2, a3, a4. Outputs of first to third multiplication circuits and I4 are sent to an exclusive-OR gate, an output of which is sent to a D-F/F. An output of the D-F/F is sent to a fourth Galois field multiplication circuit and to an AND gate. For each of S0, S1, S2 and S3, multipliers of the fourth multiplication circuit are a4, a8, a12, a16. An output of the fourth multiplication circuit is sent to a fifth input of the exclusive OR gate. Clocks are input to the D-F/F and to a counter. The counter value is reset by the inputting of a frame pulse. The counter value is L or H for the counter value of 0 to 4 or 5, respectively. A counter output is sent to the AND gate.

Abstract: The invention provides apparatus and methods for use in basis conversion involving a dual basis, such as a dual of a polynomial basis or dual of a normal basis. The invention in an illustrative embodiment includes basis generators for generating elements of a dual of a polynomial or a normal basis of a finite field GF(qm), where q is a prime number or power of a prime number and m is an integer greater than or equal to 2. The basis generators can be used in “import” basis conversion, such as converting a representation in an external basis to a representation in an internal dual of a polynomial basis or dual of a normal basis, as part of a generate-accumulate algorithm, or in “export” basis conversion, such as converting a representation in an internal dual of a polynomial basis or dual of a normal basis to a representation in an external basis, as part of a generate-evaluate algorithm.

Abstract: A method of computing the product D of two finite field elements B and C modulo an irreducible polynomial f1(x), wherein the finite field elements B and C are represented in terms of an optimal normal basis (ONB) of Type 1 over a field F2n and the irreducible polynomial f1(x) being of degree n, which comprises the steps of representing the element B as a vector of binary digits bi, where bi is a co-efficient of an ith basis element of the ONB representation of element B, in polynomial order, representing the element C as a vector of binary digits ci, where ci is a co-efficient of an ith basis element of the ONB representation of element C, arranged in polynomial order, initializing a register A, selecting a digit ci of vector C, computing a partial product vector A of the ith digit ci of the element C and the vector B, adding the partial product to the register A, shifting the register A, reducing the partial product A by a multiple f2(x) of the irreducible polynomial f1(x) if bits in a position above n are s