Abstract: A method for determining a result of a group operation performed an integral number of times on a selected element of the group, the method comprises the steps of representing the integral number as a binary vector; initializing an intermediate element to the group identity element; selecting successive bits, beginning with a left most bit, of the vector. For each of the selected bits; performing the group operation on the intermediate element to derive a new intermediate element; replacing the intermediate element with the new intermediate element; performing the group operation on the intermediate element and an element, selected from the group consisting of: the group element if the selected bit is a one; and an inverse element of the group element if the selected bit is a zero; replacing the intermediate element with the new intermediate element.

Abstract: To provide a parallel processing Reed-Solomon encoding circuit that allows arbitrary parallel processing number to be taken and the parallel processing number optimal to the system to be adopted. The multiplier factors corresponding to the first inputs of the first Galois field product sum circuit to the fourth Galois field product sum circuit are the zeroth to third order coefficients of the generator polynomial G(x). The multiplier factors corresponding to the second inputs of the first Galois field product sum circuit to the fourth Galois field product sum circuit are the zeroth to third order coefficients of a polynomial of a remainder from x5 divided by the generator polynomial G(x). The multiplier factors corresponding to the third inputs of the first Galois field product sum circuit to the fourth Galois field product sum circuit are the zeroth to third order coefficients of a polynomial of a remainder from x6 divided by the generator polynomial G(x).

Abstract: The invention provides apparatus and methods for use in basis conversion involving a dual basis, such as a dual of a polynomial basis or dual of a normal basis. The invention in an illustrative embodiment includes basis generators for generating elements of a dual of a polynomial or a normal basis of a finite field GF(qm), where q is a prime number or power of a prime number and m is an integer greater than or equal to 2. The basis generators can be used in “import” basis conversion, such as converting a representation in an external basis to a representation in an internal dual of a polynomial basis or dual of a normal basis, as part of a generate-accumulate algorithm, or in “export” basis conversion, such as converting a representation in an internal dual of a polynomial basis or dual of a normal basis to a representation in an external basis, as part of a generate-evaluate algorithm.

Abstract: A system for determining the multiplicative inverse of an element of GF(2m) by raising the element to the power 2m−2. The system may raise the element &agr;j to the power 2m−2 by repeatedly multiplying the element by itself 2m−3 times. Alternatively, the system may produce the exponent 2m−2 as the sum of: 2m−1+2m−2+ . . . +23+22+21 and thus (&agr;j)2m−2 as (&agr;j)2m−1*(&agr;j)2m−2* . . . *(&agr;j)23*(&agr;j)22*(&agr;j)2 The system may iteratively square &agr;j to produce the various factors (&agr;j)2m−1*(&agr;j)2m−2* . . . *(&agr;j)2 and, using a single multiplier, multiply and accumulate the results. Alternatively, the system may use a plurality of circuits operating in parallel and simultaneously raise the element &agr;j to the powers 2m−1, 2m−2 . . . 2 to produce the factors, and use a plurality of tiered multipliers to multiply the factors together.

Abstract: A PET decoder for an ATM network has a modular architecture including a processing unit having various memories and a processing pipeline for constructing from a block of m data of a certain number of bits, a square matrix A based on a vector D of relative points over the Galois field. The processing pipeline also decomposes by triangular factorization the square matrix A and solves the subsystem of equations by simple substitution. The decoder also includes a control unit interfacing with the ATM network, a programmable parallel processor, a random access memory and the processing unit.

Abstract: A Pfield operation defined according to the Montgomery method by Pfield(A, B)N=A*B*I mod N, where I is a determinable error, is implemented in a processor. The least significant word of the data elements A and N which are stored in elementary sub-registers are shifted twice. This eliminates delay cells in a processor used for executing the Pfield operation.

Abstract: A scheme for arithmetic operations in finite field and group operations over elliptic curves capable of realizing a very fast implementation. According to this scheme, by using a normal basis [&agr; &agr;+1], the multiplicative inverse calculation and the multiplication in the finite field GF(22n) can be realized as combinations of multiplications, additions and a multiplicative inverse calculation in the subfield GF(2n). Also, by using a standard basis [1 &agr;], the multiplication, the square calculation, and the multiplicative inverse calculation in the finite field GF(22n) can be realized as combinations of multiplications, additions and a multiplicative inverse calculation in the subfield GF(2n). These arithmetic operations can be utilized for calculating rational expressions expressing group operations over elliptic curves that are used in information security techniques such as elliptic curve cryptosystems.

Abstract: A fixed-point multiple calculation apparatus, for use in an encryption method and a signature method that use elliptic curves, finds multiples of a fixed point and an arbitrary point at high speed. The fixed-point multiple calculation apparatus generates a pre-computation tables for multiples of digits at one-word intervals and for multiples of digits at half-word intervals. Using the tables, multiples of points on an elliptic curve are calculated using a doubling process, but with a reduced number of additions. This reduces the overall amount of required calculation.

Abstract: A polynomial coefficient generator for performing a polynomial multiplication. All the sub-coefficients necessary for performing the polynomial multiplication can be sequentially input into the generator. After n clock cycles, all n polynomial coefficients are computed and stored inside the generator ready for use.

Abstract: A combined encoding/syndrome generating circuit is segmented into multiple-cell blocks that operate in parallel during encoding operations to produce interim sums. The interim sums are then combined to propagate a sum across the system, from the first cell to the last cell. Each cell includes a Galois Field multiplier and an associated update adder and register. A block of two cells includes two sets of associated Galois Field multipliers, registers and update adders, and a block feedback adder that produces the associated interim sum by adding together the products produced in parallel by each of the cells. A block with more than two cells includes additional feedback adders that operate in parallel to selectively combine the products produced by the plurality of cells, and produce an interim sum that includes a contribution from each of the cells in the block. The system then adds together the interim sums produced simultaneously by the various blocks, to propagate a sum across the system.

Abstract: A method and apparatus are shown for performing efficient arithmetic on binary vectors in a finite field. Typically, there is an efficient algorithm within an execution context, such as hardware or software, for performing a selected arithmetic operation on an operand. When the operand is in a first representative format and the efficient algorithm operates in an alternative representation format, then the operand is permutated from the first representative format to the alternative representation format. The efficient algorithm is then performed on the operand in the alternative representation format in order to obtain a result in the alternative representation format. The result is then permutated from the alternative representation format to the first representation format.

Abstract: In elliptic curve processing systems, information is typically processed to yield elliptic curve data points, with X and Y coordinates each represented by N bits, N typically being 160 or more. Valid Y coordinates must satisfy a quadratic equation for any given X coordinate, such that any Y data may be represented by its corresponding X coordinate and a single additional byte or bit. In accordance with this disclosure, a vector t is chosen for which the dot product between t and any X coordinate is equal to a constant. The vector t is used in a compression mode of the preferred embodiment to select a bit position in X coordinate data with the X bit at that location being discarded and the Y coordinate information being stored in its place. As a result, an extra byte of data is not needed and any elliptic curve data point may be represented by N bits only.

Abstract: The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e.

Abstract: The parameter J0 associated with the implementation of modular operations according to the Montgomery method is generated in an integrated circuit. J0 is encoded on Q*L bits such that J0=J0Q−1 . . . J00, wherein Q and L are integers. Loops are formed for the computation of the binary data elements J0j according to a known method, which is used for generating the sub-operands of L bits. A coprocessor is used for updating, by multiplication, of the value of a data element of Q*L bits of which the L least significant bits are used for the computation of the values of J0j.

Abstract: A finite field multiplier with intrinsic modular reduction includes an interface unit (1208) that translates an n bit wide data path to a m bit wide data path where n is less than m. Also included is a finite field data unit (1204) with m bit wide registers that is coupled to a finte field control unit (1202). The finite field control unit (1202) includes a microsequencer (1402) and a finite state machine multiplier (1404). The microsequencer (1402) controls the finite state machine multiplier (1404) which performs a finite field multiply operation with intrinsic modular reduction and presents a finite field multiplication product to the finite field data unit (1204).

Abstract: An n-stage pipelined combined encoder and syndrome generator system includes n stages that are essentially identical. Each of the stages includes two associated delay circuits, namely, a first delay circuit in a chain of feedback adders that operate as a feedback path during encoding, and a second delay circuit in a data input line. During encoding operations, the delay circuits in the feedback adder chain segment the chain of j feedback adders into n stages of j/n adders, and the delay circuits in the data input line delay the data symbols by the latencies associated with the respective stages. The delay circuits thus simultaneously provide to the various stages the corresponding data symbols and propagating sums. After the last data symbol is encoded, the ECC symbols are available after a time lag associated with the j/n adders in the last stage.

Abstract: A method and device for calculating syndromes used in forward-error-correction codes. To calculate syndromes more quickly using a computer with memory access latency, the polynomial equation C(X) is divided by a generator polynomial G(X) to form a remainder polynomial R(X). The remainder polynomial R(X) is then used to speed the calculation of the syndromes. A method of dividing a Nth order dividend polynomial by a 2R order divisor polynomial is also described. In addition, to further speed the calculation of syndromes, the generating polynomial is split into a number of sub-polynomials Gj(X) to yield a number of remainder sub-polynomials Rj(X) used to calculate the syndromes. Calculation of syndromes using evaluation by Horner's rule and a generalization thereof is also described.

Abstract: A division method and division circuit that can be integrated into a modular arithmetic coprocessor performs a reversal by word for the dividend and the quotient. This is done using a plurality of registers.

Abstract: A programmable logic device, such as a digital signal processor (DSP) (130), having a Chien search unit (116) is disclosed. The Chien search unit (116) is arranged to perform finite field arithmetic functions useful in identifying roots of a polynomial, as is useful in Reed-Solomon decoding, particularly, after the execution of a Euclidean array function. Galois field multipliers (306) perform finite field multiplication of coefficient values (&Lgr;) and powers of symbol values (&agr;); the products of such multiplications are written into the coefficient register (304) for use in connection with the next symbol value. Finite field adders (308, 310; 318, 320) produce a final sum that is interrogated by zero detection circuitry (206) to determine whether a root is presented by the current symbol value.

Abstract: A scheme for arithmetic operations in finite field and group operations over elliptic curves capable of realizing a very fast implementation. According to this scheme, by using a normal basis [&agr; &agr;+1], the multiplicative inverse calculation and the multiplication in the finite field GF(22n) can be realized as combinations of multiplications, additions and a multiplicative inverse calculation in the subfield GF(2n). Also, by using a standard basis [1 &agr;], the multiplication, the square calculation, and the multiplicative inverse calculation in the finite field GF(22n) can be realized as combinations of multiplications, additions and a multiplicative inverse calculation in the subfield GF(2n). These arithmetic operations can be utilized for calculating rational expressions expressing group operations over elliptic curves that are used in information security techniques such as elliptic curve cryptosystems.

Abstract: An elliptic curve (EC) processor circuit (120) comprising a finite field arithmetic logic unit (122), operation registers (124) an EC control unit (123) and a register file (127). A storage element (250) is coupled to the finite field arithmetic logic unit (122). The EC control unit (123) controls the various components of the EC processor circuit (120) to decompress a compressed one-bit representation of a Y coordinate of an elliptic curve point (X, Y). The EC control unit (123) controls the use of the operation register (124), the storage element (250) and the finite field arithmetic logic unit (122) to recursively compute the decompressed version of the compressed Y coordinate based upon the X coordinate and the compressed one-bit representation of the Y coordinate. The circuit and method employ minimal additional hardware and processing in an EC processor circuit (120).

Abstract: A method and apparatus are shown for performing efficient arithmetic on binary vectors in a finite field. Typically, there is an efficient algorithm within an execution context, such as hardware or software, for performing a selected arithmetic operation on an operand. When the operand is in a first representative format and the efficient algorithm operates in an alternative representation format, then the operand is permutated from the first representative format to the alternative representation format. The efficient algorithm is then performed on the operand in the alternative representation format in order to obtain a result in the alternative representation format. The result is then permutated from the alternative representation format to the first representation format.

Abstract: A system for producing a quotient B/A, where A and B are elements of GF(22M), 2M+1 is prime and 2 is a primitive element of GF(2M+1), first determines A−1 and then multiplies B by A−1. The system uses a (2M+1)-bit representation for A and produces, directly from A, an element C=A2M+1, where C also is an element of GF(22M) which is a subfield of GF(2M). The system produces M+1 bits to represent C by performing bit manipulations that are equivalent to permuting the (2M+1)-bits to produce A2M and multiplying the permuted bits by A. The bit manipulations are: c0=&Sgr;aiai; c1=&Sgr;aiai+1 . . . cM=&Sgr;aiai+M where the aj's and cj's are the coefficients of A and C, respectively. The system retrieves C−1 from a (2M−1)-element lookup table and multiplies C−1=A−2M+1 by A2M to produce A−1.

Abstract: An apparatus and method are shown for multiplying vectors of length n in a finite field. A first vector is circularly shifted in a first shift register under control of a shift signal. A second vector is circularly shifted in a second shift register also under control of the shift signal. An accumulated result vector is circularly shifted in a third shift register under control of the shift signal. Elements of the second vector are logically combined according to a tensor of the multiplication operation to obtain an intermediate result which is combined with the elements of the accumulated result vector to obtain a combination result vector. However, the combination result vector is only loaded into the third shift register when a logic ‘1’ value is present in a first position of the first shift register.

Abstract: Apparatus, and an associated method, for performing error-correction operations to correct errors in a block of block-encoded data. Two ALUs are operable in parallel to perform finite-field mathematical operations and to calculate addresses used pursuant to the error-correction calculations. Instructions pursuant to which the ALUs are operable are stored in a memory device. The instructions are retrieved during operation of error-correcting calculations. The manner by which the error-correcting apparatus operates is alterable by appropriate alteration of the instructions stored at the memory device.

Abstract: A method and apparatus are disclosed for performing modular multiplication. Modular multiplication in accordance with the present invention includes precalculating a 2's complement of a given modulus and multiples of the 2's complement and calculating a total magnitude of end-around carries during the modular multiplication. The calculated multiples are selected depending on the total magnitude of the end-around carries, and the selected multiples are added. The disclosure includes array structures in accordance with the present invention. The invention includes an algorithm designed for Rivest-Shamir-Adelman (RSA) cryptography and based on the familiar iterative Homer's rule, but uses precalculated complements of the modulus. The problem of deciding which multiples of the modulus to subtract in intermediate iteration stages has been simplified using simple look-up of precalculated complement numbers, thus allowing a finer-grain pipeline.

Abstract: The invention relates to an arithmetic unit (AU) in combination with an algebraic block ECC decoder for controlling errors in an electronically recorded digital data message by performing at least one of a plurality of predetermined arithmetic operations on the data message in one or more of a plurality of subfields of a first GF(2.sup.12) or a second GF(2.sup.8) finite field. The arithmetic operations are selected either from a first group of operations associated with a first subfield GF(2.sup.4) as cubically extended to the first finite field GF(2.sup.12) or as quadratically extended to the second finite field GF(2.sup.8), or selected from a second group of operations associated with a second subfield GF(2.sup.6) as quadratically extended to the first finite field GF(2.sup.12).

Abstract: An elliptic curve encryption system represents coordinates of a point on the curve as a vector of binary digits in a normal basis representation in F.sub.2.spsb.m. A key is generated from multiple additions of one or more points in a finite field. Inverses of values are computed using a finite field multiplier and successive exponentiations. A key is represented as the coordinates of a point on the curve and key transfer may be accomplished with the transmission of only one coordinate and identifying information of the second. An encryption protocol using one of the coordinates and a further function of that coordinate is also described.

Abstract: A method and a circuit for multiplication on a finite field which operate fast and involve a small circuit scale. There is provided a multiplication circuit on a finite field for multiplication of two arbitrary elements a=(a.sub.0, a.sub.1, . . . , a.sub.m-1) and b=(b.sub.0, b.sub.1, . . . , b.sub.m-1) of a Galois field GF(2.sup.m) utilizing a polynomial .function.=x.sup.m +x.sup.m-1 + . . . +x+1 as a polynomial to derive the GF(2.sup.

Abstract: A combinational logic type inversion circuit for calculating the inverse of an arbitrary element .alpha..sup.i in a finite field, includes a power and multiplication circuit for calculating a primitive element .alpha..sup.i raised to the (2.sup.1)-th power through a primitive element .alpha..sup.i raised to the (2.sup.m-1)-th power and multiplying all of the primitive elements .alpha..sup.i raised to the (2.sup.1)-th power through .alpha..sup.i raised to the (2.sup.m-1)-th power together to generate an output M.sub.OUT, and a divider circuit for dividing the output M.sub.OUT of the power and multiplication circuit by the primitive element .alpha. raised to the (2.sup.m -1)-th power.

Abstract: The present invention represents Galois Field elements using power representation, rather than polynomial representation. Such representation eliminates the need for logarithm operations. It provides a simplified decoder and reduced critical path. Utilizing power notation to present field elements, the inventive implementation with modest support circuitry. Addition is more complicated but has a shorter critical path than the multiplication circuit for the polynomial filed element presentation.

Abstract: Apparatus and an associated method calculates a CRC remainder for a block of data, such as a block of data retrieved from a CD-ROM device. CRC calculations are performed to provide assurances of data integrity subsequent to error corrections of the block of data. CRC remainders associated with N powers of two are stored in the look-up table. When calculating the CRC remainder, selected values stored in the look-up table are retrieved and combined to form the CRC remainder for the block of data.

Abstract: An integrated circuit for error correction takes advantage of a novel data representation ("tower representation") for a selected finite Galois field. Using this representation, novel circuits which utilize the hierarchical structures in the subfields of the selected finite Galois field can be constructed. In one embodiment, GF(256) multipliers, GF(256) multiplicative inverse circuits, GF(256) logarithm circuits can be constructed out of GF(16) multipliers, GF(16) multiplicative inverse circuits and other GF(16) components. These GF(16) components, in turn, can be constructed from still simpler GF(4) components. In that embodiment, a user-programmable burstlimiter is provided. In that embodiment also, a novel quadratic equation solver is provided.

Abstract: Circuits, designed on the basis of power-sum circuits, for performing exponentiation (B.sup.N) and inversion (B.sup.-1) computations in finite field GF(2.sup.m) where B is an arbitrary elements of GF(2.sup.m), are presented . The circuit for performing inversion (B.sup.-1) computations can be deemed another version of the circuit performing exponentiation (B.sup.N) computations. With pipeline architecture and on the basis of power-sum circuits, these circuits are featured by simplicity, regularity, and broader application (applicable to an arbitrary element of the finite field).

Abstract: A method of computing the product D of two finite field elements B and C modulo an irreducible polynomial f.sub.1 (x), wherein the finite field elements B and C are represented in terms of an optimal normal basis (ONB) of Type 1 over a field F.sub.2.spsb.n and the irreducible polynomial f.sub.1 (x) being of degree n, which comprises the steps of representing the element B as a vector of binary digits b.sub.i, where b.sub.i is a co-efficient of an i.sup.th basis element of the ONB representation of element B, in polynomial order, representing the element C as a vector of binary digits c.sub.i, where c.sub.i is a co-efficient of an i.sup.th basis element of the ONB representation of element C, arranged in polynomial order, initializing a register A, selecting a digit c.sub.i of the vector C, computing a partial product vector A of the i.sup.th digit c.sub.i of the element C and the vector B, adding the partial product to the register A, shifting the register A, reducing the partial product A by a multiple f.

Abstract: A system for determining the multiplicative inverse of an element of GF(2.sup.m) by raising the element to the power 2.sup.m -2. The system may raise the element .alpha..sup.j to the power 2.sup.m -2 by repeatedly multiplying the element by itself 2.sup.m -3 times. Alternatively, the system may produce the exponent 2.sup.m -2 as the sum of:2.sup.m-1 +2.sup.m-2 + . . . +2.sup.3 +2.sup.2 +2.sup.1and thus (.alpha..sup.j).sub.2.spsp.m.sup.-2 as(.alpha..sup.j).sup.2.spsp.m.sup.-1 *(.alpha..sup.j).sup.2.spsp.m.sup.-2 * . . . *(.alpha..sup.j).sup.2.spsp.3 *(.alpha..sup.j).sup.2.spsp.2 *(.alpha..sup.j).sup.2The system may iteratively square .alpha..sup.j to produce the various factors (.alpha..sup.j).sup.2.spsp.m.sup.-1 *(.alpha..sup.j).sup.2.spsp.m.sup.-2 * . . . *(.alpha..sup.j).sup.2 and, using a single multiplier, multiply and accumulate the results. Alternatively, the system may use a plurality of circuits operating in parallel and simultaneously raise the element .alpha..sup.j to the powers 2.sup.m-1, 2.sup.

Abstract: The present invention is a 2.sup.n -bit serial multiplier design optimized for both speed and silicon area. The multiplier design includes source registers, recursive multiplication logic, and destination registers. According to the method of the present invention, the 2.sup.n -bit serial multiplier design is implemented by performing a precomputing (cycle-stealing) step in which source registers are preloaded with the recursively reconstructed and zero-padded input data and the designation registers are preloaded with zeros or the highest input field coefficient while the first cycle of the multiplication phase is taking place.

Abstract: Method and apparatus for efficiently producing a delayed version of a maximum length sequence output from a linear feedback shift register. Polynomial (vector) exponentiation is performed instead of matrix exponentiation to calculate the mask coefficients which yield the delayed sequence from the linear feedback shift register. Polynomial (vector) operations are much simpler and faster than the corresponding matrix operations and require substantially less circuitry and computational effort. Modulo exponentiation of polynomials is done by repeated squaring and shifting, and a division circuit built on a linear feedback shift register is provided to perform an efficient modulo squaring of polynomials.

Abstract: A scheme for arithmetic operations in finite field and group operations over elliptic curves capable of realizing a very fast implementation. According to this scheme, by using a normal basis [.alpha. .alpha.+1], the multiplicative inverse calculation and the multiplication in the finite field GF(2.sup.2n) can be realized as combinations of multiplications, additions and a multiplicative inverse calculation in the subfield GF(2.sup.n). Also, by using a standard basis [1.alpha.], the multiplication, the square calculation, and the multiplicative inverse calculation in the finite field GF(2.sup.2n) can be realized as combinations of multiplications, additions and a multiplicative inverse calculation in the subfield GF(2.sup.n). These arithmetic operations can be utilized for calculating rational expressions expressing group operations over elliptic curves that are used in information security techniques such as elliptic curve cryptosystems.

Abstract: A coprocessor including a first multiplication circuit and a second multiplication circuit with a series input to receive n bits and a series output to give n+k bits. The coprocesser also includes addition and multiplexing circuits enabling the data elements produced by the multiplication circuits to be added up with one another and with other data elements encoded on n bits. The invention makes parallel use of the multiplication circuits to carry out modular or non-modular operations on pieces of binary data having n bits or more.

Abstract: A method and device for calculating Cyclical Redundancy Checksums (CRC) used in error-detection codes. To calculate CRCs more quickly using a computer with memory access latency, a frame of data is partitioned into a plurality of sub-frames. A look-up table containing pre-computed CRC values is stored in computer memory and accessed during the CRC calculation of the sub-frames. The CRC of the sub-frames can then be calculated and combined to form the CRC of the frame of data. To speed the calculation, CRCs of a number of the sub-frames can be calculated simultaneously.

Abstract: A method and device for evaluating polynomial equations with a logic computer. To evaluate the polynomial equation more efficiently using a computer with latent memory accesses, the polynomial is split into a plurality of sub-polynomials. The sub-polynomials can be simultaneously evaluated using Horner's rule. The results of the sub-polynomial evaluations are summed to obtain the evaluation of the polynomial equation. A device and method are described.

Abstract: A process and an apparatus to calculate the FCS (Frame Check Sequence) error checking code of packets payload sent over a fixed size packet networks in a network equipment sending said packets and to check said FCS in the network equipment receiving said packet; this invention applies to calculations of FCS based on CRC (Cyclic Redundancy Checking) codes generated by the polynomial generator of degree 10, G(X)=X.sup.10 +X.sup.9 +X.sup.5 +X.sup.4 +X+1. Particularly, this invention is for use in the ATM layer of ATM nodes processing OA&M and AAL3/4 ATM cells. The solution consists in using the calculation of the FCS based on the CRC code generated by the polynomial generator of degree 9, X.sup.9 +X.sup.4 +1 and simple operations. The calculation and the checking of the FCS is simple and thus the performance are improved authorizing the support of higher speed network lines.

Abstract: A finite field inverse circuit has a finite field data unit (1112) and an inverse control unit (1110). The inverse control unit includes (1110) a k.sub.l and k.sub.u decrementer pair (1108, 1122), a k.sub.l -k.sub.u difference unit (1106), an inverse control finite state machine (1102), and a one-bit memory (1104) coupled to the inverse control finite state machine (1102). The finite field data unit (1112) includes four m bit wide registers that are shift registers designated as B (1120), A (1118), M (1114), and C (1116), where B- is a first register, A- is a second register, M- is a irreducible polynomial register, and C- is a field element register. An the irreducible polynomial is loaded left justified in the M-register, a field element to be inverted is loaded left justified in the C-register, and a single "1" is loaded in an LSB bit of the B-register. The field element is then inverted in 2n+2 system clock cycles where n is a field size associated with the field element.

Abstract: A Galois Field arithmetic logic unit (GF ALU) circuit (200) that generates a GF product of size M includes a first and a second input field element register (205, 210), a result field element register (215), a plurality, I, of subfield sets of logic gates (255, 260, 265), a plurality, S, of extension sets of logic gates (270, 275), and 3M switches (135). M is equal to S multiplied by I. A Galois Field of size M, S, and I each has an optimal normal basis. The first and second input field element registers (205, 210) are alternately coupled to the result field element register (215) by the I subfield sets of logic gates (255, 260, 265) in a first configuration and by the S extension sets of logic gates (270, 275) in a second configuration. The 3M switches (135) alternate the first and second configurations.

Abstract: A Galois field multiplier for GF(2.sup.n), with n=2m, multiplies two n-bit polynomials to produce a(x)*b(x)=a(x)b(x) mod g(x), where g(x) is a generator polynomial for the Galois field and "*" represents multiplication over the Galois field, by treating each polynomial as the sum of two m-bit polynomials:a(x)=a.sub.H (x)x.sup.m +a.sub.L (x) and b(x)=b.sub.H (x)x.sup.m +b.sub.L (x),witha.sub.H (x)x.sup.m =[a.sub.n-1 x.sup.(n-1)-m +a.sub.n-2 x.sup.(n-2)-m + . . . +a.sub.m+1 x.sup.(m+1)-m +a.sub.m ]x.sup.ma.sub.L (x)=a.sub.m-1 x.sup.m-1 +a.sub.m-2 x.sup.m-2 + . . . +a.sub.2 x.sup.2 +a.sub.1 x+a.sub.0and b.sub.H and b.sub.L having corresponding terms. Multiplying the two polynomials then becomes:a(x)*b(x)=(a.sub.H (x)x.sup.m +a.sub.L (x))*(b.sub.H (x)x.sup.m +b.sub.L (x))=[(a.sub.H (x)b(x).sub.H)x.sup.m mod g(x)+(b.sub.H (x)a.sub.L (x)+a.sub.L (x)b.sub.L (x))]x.sup.m mod g(x)+a.sub.L (x)b.sub.L (x).The Galois field multiplier produces four degree-(n-2) polynomial products, namely, a.sub.H (x)b.sub.H (x)=V.sub.

Abstract: Disclosed is a device including three registers, one input terminal to receive pieces of binary data to be stored in these registers, a multiplication circuit enabling the performance of a multiplication operation between two pieces of data stored in two of the registers, a first addition circuit enabling the performance of an addition operation between a piece of data stored in the second register and a piece of data produced by the multiplication circuit, a subtraction circuit placed between the second register and the addition circuit, a delay cell and a second addition circuit placed between the first addition circuit and the input of the second register, multiplexing circuitry making it possible to provide the contents of the second register or a permanent logic state to one input of one of the addition circuits, to connect another input of the addition circuit to an output of the multiplication circuit and to connect an output of the addition circuit to an input of the second register.

Abstract: The present invention includes a Chien search device that implements an error-locator polynomial divided by a factor. The device includes first and second devices to generate .alpha..sup.i and .alpha..sup.-i, respectively. The device also includes a root determination block coupled to receive .alpha..sup.i and .alpha..sup.-i to provide a signal responsive to .alpha..sup.-i. In particular, the signal represents that .alpha..sup.-i is a root of the error-locator polynomial. The root determination block includes multiple root determination circuits to find the roots of the error-locator polynomial for each data interleave.

Abstract: Circuits, designed on the basis of power-sum circuits and inversion (B.sup.-1) computation structure where B is an arbitrary elements of GF(2.sup.m), for performing division computations in finite field GF(2.sup.m), are presented. The circuit can be deemed an extension of the circuit performing inversion (B.sup.-1) computations. With pipeline architecture and on the basis of power-sum circuits, the circuit is featured by simplicity, regularity, and broader application (applicable to arbitrary elements of the finite field) GF(2.sup.m).

Abstract: Disclosed is an integrated circuit device enabling the computation of multiplication of A by B, especially a computation of the P.sub.field (A,B).sub.N type as defined in the Montgomery method, using a subdivision into words of Bt bits to carry out the different computations. This device is improved by the addition of a register of m * Bt bits containing the totality of the data element A. The invention also relates to a device for the implementation of a modular P.sub.field (A,B).sub.N operation according to the Montgomery method using the improved device presented by the invention.