Cryptography Reference
In-Depth Information
modulo
F
(
x
)
for the inputs and a multiplication by
x
modulo
F
(
x
)
for the output,
which results in lower time and area overheads.
In [28], time redundancy-based techniques are proposed for polynomial basis,
dual basis, and normal basis finite field arithmetic units. Here, we briefly study the
techniques without considering the architecture of the arithmetic unit, which is a
pipelined architecture.
In the case of polynomial basis multiplication, four finite field arithmetic opera-
tions have been considered in [28] and the fault detection techniques can be summa-
rized as follows.
2
m
Addition: The main inputs are
A
,
B
∈
GF
(
)
and the main output is obtained
B
. The second set of inputs comprises
A
as
C
=
A
+
=
A
·
and
B
2
m
x
mod
F
(
x
)
=
B
·
x
mod
F
(
x
)
∈
GF
(
)
, and therefore
the second output is obtained as
C
A
+
B
. Then, one can
=
compute
C
·
x
−
1
mod
F
(
x
)
and compare it with
C
.
2
m
Multiplication: The main inputs are
A
,
B
∈
GF
(
)
and the main output is obtained
. The second set of inputs comprises
A
=
as
C
=
A
·
B
mod
F
(
x
)
and
B
=
2
m
·
(
)
·
(
)
∈
(
)
A
x
mod
F
x
B
x
mod
F
x
GF
, and therefore
the second output is obtained as
C
=
A
·
B
mod
F
(
)
x
. Then, one
can compute
C
·
x
−
2
mod
F
(
x
)
and compare it with
C
.
2
m
Inversion: The main input is
A
∈
GF
(
)
and the main output is obtained as
A
−
1
. The second input is
A
=
=
1
/
A
mod
F
(
x
)
A
·
x
mod
F
(
x
)
and the second output is
A
−
1
A
mod
F
=
1
/
(
x
)
. Then, one can
compute
A
−
1
and compare it with
A
−
1
.
·
x
mod
F
(
x
)
2
m
Division: The main inputs are
A
,
B
∈
GF
(
)
and the main output is
B
. The second set of inputs comprises
A
obtained as
C
=
A
/
=
and
B
x
−
1
2
m
A
·
x
mod
F
(
x
)
=
B
·
mod
F
(
x
)
∈
GF
(
)
and the
corresponding output is
C
=
A
/
B
. Then, one can compute
C
·
x
−
2
and compare it with
C
.
Fault detection in the dual basis arithmetic operations presented in [28] is similar to
the one explained above for the polynomial basis operations.
In the case of normal basis, it is well known that the square and the square root
operations are performed by a circular left shift and a circular right shift, respectively,
at no cost. Therefore, the following techniques are used for fault detection in normal
basis arithmetic units [28].
2
m
Addition: The main inputs are
A
,
B
∈
GF
(
)
and the main output is obtained
B
. The second set of inputs are
A
=
A
2
,
B
=
B
2
and
as
C
=
A
+
B
. Then, one can take the square root of
C
and compare it with
C
.
Multiplication: The main inputs are
A
,
B
the output is
C
A
+
=
2
m
∈
(
)
GF
and the main output is obtained
B
. The second set of inputs comprises
A
A
2
as
C
=
A
·
=
and
B
. Then, one can take the
square root of
C
and compare it with
C
.
B
B
2
and the output is
C
A
·
=
=
