Reduction of space complexity based on symmetric TMVP - IEEE Xplore

Reduction of space complexity based on symmetric TMVP Chunsheng Yang, Jeng-Shyang Pan✉, Chiou-Yng Lee and Lijun Yan Toeplitz matrix–vector product (TMVP) decomposition is one of the high-precision multiplication algorithms. A symmetric TMVP (STMVP) decomposition is presented and theoretical analysis shows that the space complexity of the proposed STMVP scheme is less compared with the traditional TMVP approach. Gaussian normal basis (GNB) multiplication based on the proposed architecture can be used to reduce the space complexity.

STMVP. Let T (i) denote the ith row of the matrix T for 0 ≤ i ≤ m − 1. Then the matrix T can be rewritten as

T T = T (0) T (1) · · · T (m−1) Therefore, STMVP can be represented as

T TV = T (0) V T (1) V · · · T (m−1) V According to the definition of STMVP, T (0) and T (m−1) can be represented as T (0) = [ tm−1 T

Introduction: Finite field GF(2 ) arithmetic plays an important role in many applications such as coding theory, computer algebra and public key cryptography. The GF(2m) arithmetic operations include addition, multiplication, multiplicative inversion and exponentiation. In these operations, addition is a simple operation and multiplication is the most important one due to other complex operations. Therefore, it is important to explore efficient hardware design for high-performance multiplication over large finite fields. In GF(2m), efficient multiplication is dependent on the chosen basis representation. Many bases have been proposed such as the polynomial basis (PB), normal basis (NB) and the dual basis (DB). Each basis has its own advantages. PB is the most widely used basis, which is suitable for hardware implementation due to its advantages of simplicity, regularity and modularity. NB can perform the square operation only by cyclically shifting operation. DB requires smaller area compared with the other two bases. Gaussian NB (GNB) is a special class of NB, and has received a lot of attention to explore efficient multiplication. GNB has the advantage of NB for the performing square operation, which is very useful for performing multiplicative inversion and exponentiation. In the IEEE Standard 1363-2000 [1] and FIPS 186-2 [2], GNBs have been recommended for the elliptic curve digit signature algorithm. In [3], type-2 GNB multiplication can be computed by the sum of two Toeplitz matrix–vector products (TMVPs). According to the TMVP representation for GNB multiplication, Lee and Chang [4] proposed a digitserial systolic GNB multiplier. For type-1 and type-2 GNB multiplications, Fan and Hasan [5] have proposed a subquadratic computational complexity scheme using the TMVP approach. In [6], the recursive form of the 2-way and 3-way splitting methods for TMVP was proposed. In [7], a generalised k-way splitting TMVP is proposed, where k is an arbitrary integer. The complexity of the k-way splitting method is O(nlogk ((k(k+1))/2) ). In [8], the subquadratic space complexity multipliers for type-4 GNB were proposed. The proposed multipliers are based on the fact that the finite field GF(2m) with type-4 GNB can be embedded into fields with type-1 or type-2 GNBs. A block recombination approach for the TMVP architecture is proposed in [9] to reduce the space complexity of the designed multiplier. In this Letter, we propose a symmetric TMVP (STMVP) formula and use it to design the GNB multiplier to reduce the space complexity. m

Proposed STMVP decomposition: Here, we give the definition of the STMVP. Definition: Let T be an m × m symmetric Toeplitz matrix, which satisfies the relations T(i, j) = T(i + 1, j + 1) and T(i, j) = T( j, i) for 0 ≤ i, j ≤ m − 1, where T(i, j) denotes the element of the ith row and jth columns of the matrix T. The symmetric Toeplitz matrix T can be represented as ⎡ ⎤ t1 t0 tm−1 tm−2 · · · ⎢ tm−2 tm−1 · · · t2 t1 ⎥ ⎢ ⎥ ⎢ .. . . . .. ⎥ .. .. .. (1) T=⎢ . . ⎥ ⎢ ⎥ ⎣ t1 t2 · · · tm−1 tm−2 ⎦ t0

t1

· · · tm−2

tm−1

Let V be an m × 1 symmetric column vector, which can be expressed as [ v0 · · · v(m−2/2) v(m−2/2) · · · v0 ]T , m is even V= [ v0 · · · v(m−3/2) 0 v(m−3/2) · · · v0 ]T , m is odd (2) where [*]T denotes the matrix transpose. Then the product TV is called

T

(i)

(m−1)

= [ t0

tm−2 t1

· · · t1

· · · tm−2

for 0 < i < m − 1 can be expressed as T (i) = tm−1−i · · · tm−1

and T

(m−1−i)

can be expressed as T (m−1−i) = ti · · · tm−1

t0 ]

(3)

tm−1 ]

(4)

· · · ti

···

tm−1−i

(5)

(6)

From (3) to (6), we can obtain that T is the reverse vector T for (m−1−i) . Since V is a symmetric vector, 0 ≤ i ≤ m − 1, denoted as T (i) = T the reverse vector of V is equal to itself, denoted as V = V . For the computation T (m−1−i)V, we can obtain the following relationship: (m−1−i)

T (m−1−i) V = T

(i)

(m−1−i)

V = T (i) V

(7)

Therefore, TV can be calculated by the half of itself, which can be expressed as TV = G(T ′ V) where T′ is denoted as T ′ = T (0)

T (1)

· · · T (⌈m−2/2⌉)

(8)

T

and the G(*) function denotes that TV is obtained by repeating the result of T′V. To optimise the STMVP further, we need to consider whether m is an even number or an odd number. If m is an even number, the (m/2) × m Toeplitz matrix T′ can be denoted as

T T ′ = T (0) T (1) · · · T (m−2/2) Then we can split the (m/2) × m matrix into two (m/2) × (m/2) matrices T′0 and T′1, denoted as T′ = [T′0 T′1]. Since the column vector V is an

′ T , where V′ m × 1 symmetric vector, V can be denoted as V = V ′ V ′ are (m/2) × 1 vectors and V ′ is the reverse vector of V′. T′V can and V be rewritten as

V′ ′ T ′ V = T ′0 T ′1 (9) = T ′0 V ′ + T ′1 V ′ V If m is an odd number, the (m + 1/2) × m Toeplitz matrix T′ can be denoted as follows:

T T ′ = T (0) T (1) · · · T (m−1/2) We note that the row vector T (m−1/2) is a symmetric vector. Since V is also a symmetric vector, the multiplication T (m−1/2)V must be zero in GF(2m) over GF(2). Therefore, we can remove the vector T (m−1/2) from the matrix T′. The new (m − 1/2) × m matrix T′ can be rewritten as

T T ′ = T (0) T (1) · · · T (m−3/2) Now we can represent the new matrix T′ as T′ = [T′0 T′ (m−1/2) T′1], where T′ (m−1/2) is the middle column vector of T′. T′0 and T′1 are (m − 1/2) × (m − 1/2) Toeplitz matrices. According to the definition of STMVP, the symmetric vector V can be represented as

′ ′ are (m − 1)/2 × 1 vectors and V ′ , where V′ and V V = V′ 0 V is the reverse vector of V′. Then the multiplication in T′V can be rewritten as follows: ⎡ ′⎤ V

′ ⎢ ⎥ ′ ′ (m−1/2) ′ ′ (10) T V = T0 T T 1 ⎣ 0 ⎦ = T ′0 V ′ + T ′1 V ′ V

ELECTRONICS LETTERS 30th April 2015 Vol. 51 No. 9 pp. 697–699

Combining the two cases, we can obtain the following lemma. Lemma: Let TV be an STMVP, where T is an m × m symmetric Toeplitz matrix and V is an m × 1 symmetric vector. Then TV can be calculated by the following equation:

If m is an odd number, where V is a symmetric vector and V = A + A. then the (m + 1/2)th element of V is zero. According the above fact, the GNB multiplication can be rewritten again as follows:

′) TV = G′ (T ′0 V ′ + T ′1 V

+ TV = M A¯ + TV + T)A C = (H

(11) T ′0 V ′

′, T ′1 V

where G′(*) is to reconstruct TV from the result of + T′0 and T′1 are ⌊m/2⌋ × ⌊m/2⌋ Toeplitz matrices, V′ is an ⌊m/2⌋ × 1 column ′ is the reverse vector of V′. vector and V For example, let TV be an STMVP, where m = 5. Then the symmetric Toeplitz matrix T can be denoted as T = [T (0) T (1) T (2) T (3) T (4)]T and the ′ T . According symmetric vector V can be denoted as V = V ′ 0 V to (7), we can obtain ⎧ ⎨ T (0) V = T (4) V (12) T (1) V = T (3) V ⎩ (2) T V =0 Then TV can be expressed by TV = G(T′V), where T′ = [T (0) T (1)]T. According to the definition of STMVP, we can rewrite the product T′V as ⎡ ⎤ v0 ⎢v ⎥ ⎢ 1 ⎥ t4 t3 t2 t1 t0 ⎢ ⎥ ⎢0⎥ T′ V = ⎥ t3 t4 t3 t2 t1 ⎢ ⎢ ⎥ ⎣ v1 ⎦ (13) v0 t4 t3 v0 t1 t0 v1 = G′ + t3 t4 v1 t2 t1 v0 ′) = G′ (T ′0 V ′ + T ′1 V where T′0 and T′1 are 2 × 2 Toeplitz matrices t t T ′0 = 4 3 t3 t4

T ′1 =

t1 t2

t0 t1

Table 1: Complexities comparison of traditional TMVP and STMVP for m = 2i

TMVP

m

log2 3

STMVP 2 mlog2 3 3

#XOR

Time delay

11 log2 3 1 − 6m + m 2 2

(2 log2m)TX + TA

11 log2 3 11 − m m + 1 (2 log2m − 1)TX + TA 3 2

GNB multiplication using STMVP: Let A and B be two elements of type-2 GNB over GF(2m), C denotes the product of A and B. According to [3], the GNB multiplication C can be transformed into ¯ A¯ + TA C = AB = H

(14)

is an m × m Toeplitz matrix, T is an m × m symmetric Toeplitz where H is the reverse vector of A. matrix, A is an m × 1 column vector and A exist in Fact: In GF(2m), the m × 1 vector A and its reverse vector A the following relationship: A=V+A

#AND

#XOR

Time delay

Type-2 GNB

2mlog2 3

11mlog2 3 − 11m + 1

(2 log2m)TX + TA

Proposed

5 log2 3 m 3

55 log2 3 17 1 (2 log m)T + T 2 X A − m m+ 6 2 2

Conclusion: In this Letter, a STMVP is proposed. The space complexity of the STMVP is less than the traditional TMVP approach. The STMVP approach can be used in GNB multiplication to design and implement the low-complexity architecture. This work may be applied in other multiplier architectures using the traditional TMVP approach.

Chunsheng Yang, Jeng-Shyang Pan and Lijun Yan (Shenzhen Graduate School, Harbin Institute of Technology, Shenzhen, People’s Republic of China)

′ = v1 v0 T , respectively. ′ are denoted as V′ = [v0 v1]T and V V′ and V Table 1 shows the complexities comparison of the traditional TMVP and the proposed STMVP. We assume that the sizes of TMVP and STMVP are m and m = 2i. #AND and #XOR denote the number of AND gates and XOR gates, respectively. TX and TA are the delays of one XOR gate and one AND gate, respectively. According to [10], the traditional TMVP requires mlog2 3 AND gates and (11/2) mlog2 3 − 6m + (1/2) XOR gates. The time delay is (2 log2m)TX + TA. The proposed STMVP of size m can be represented by the sum of two TMVP products of size (m/2). The proposed STMVP requires (2/3)mlog2 3 AND gates and (11/3)mlog2 3 − (11/2)m + 1 XOR gates. The delay is (2 log2m − 1)TX + TA. We note that the space complexity of the proposed STMVP is less than the traditional TMVP.

#AND

Table 2: Complexities comparison for type-2 GNB with m = 2i

© The Institution of Engineering and Technology 2015 19 January 2015 doi: 10.1049/el.2015.0014

and

(16)

+ T. The computation where M is an m × m Toeplitz matrix and M = H of M A¯ can be calculated using the traditional TMVP approach. The computation of TV can be calculated using the STMVP approach. Table 2 presents the complexities comparison for type-2 GNB multiplication with m = 2i. The traditional type-2 GNB multiplication requires 2mlog2 3 AND gates and 11mlog2 3 − 11m + 1 XOR gates. The new type-2 GNB multiplier based on the proposed STMVP approach requires (5/3)mlog2 3 AND gates and (55/6)mlog2 3 − (17/2)m + (1/2) XOR gates. The new GNB multiplier reduces (1/3)mlog2 3 AND gates and (11/6)mlog2 3 − (5/2)m + (1/2) XOR gates. The AND gates are reduced by 33%. The GNB multiplier using the STMVP approach can be implemented with less area.

(15)

✉ E-mail: [email protected] Chiou-Yng Lee (Department of Computer Information and Network Engineering, Lunghwa University of Science and Technology, Taoyuan County 333, Taiwan) References 1 IEEE Std. 1363-2000: ‘IEEE specifications for public-Key cryptography’, 2000 2 FIPS, PUB: ‘186-2: Digital signature standard (DSS)’, National Institute of Standards and Technology (NIST), 2000 3 Lee, C.Y., Chen, Y.H., Chiou, C.W., and Lin, J.M.: ‘Unified parallel systolic multiplier over GF(2m)’, J. Comput. Sci. Technol., 2007, 22, (1), pp. 28–38 4 Lee, C.Y., and Chang, P.L.: ‘Digit-serial Gaussian normal basis multiplier over GF(2m) using Toeplitz matrix-approach’. Int. Conf. on Computational Intelligence and Software Engineering, Wuhan, China, December 2009, pp. 1–4 5 Fan, H., and Hasan, M.A.: ‘Subquadratic computational complexity schemes for extended binary field multiplication using optimal normal bases’, IEEE Trans. Comput., 2007, 56, (10), pp. 1435–1437 6 Fan, H., and Hasan, M.A.: ‘A new approach to subquadratic space complexity parallel multipliers for extended binary fields’, IEEE Trans. Comput., 2007, 64, (2), pp. 224–233 7 Hasan, M.A., and Negre, C.: ‘Multiway splitting method for Toeplitz matrix vector product’, IEEE Trans. Comput., 2013, 62, (7), pp. 1467–1471 8 Park, S.M., Hong, D., and Seo, C.: ‘Subquadratic space complexity multiplier for GF(2n) using type 4 Gaussian normal bases’, ETRI J., 2013, 35, (3), pp. 523–529 9 Hasan, M.A., Meloni, N., Namin, A.H., and Negre, C.: ‘Block recombination approach for subquadratic space complexity binary field multiplication based on Toeplitz matrix–vector product’, IEEE Trans. Comput., 2012, 61, (2), pp. 151–163 10 Pan, J.S., Azarderakhsh, R., Kermani, M.M., et al.: ‘Low-latency digitserial systolic double basis multiplier over GF(2m) using subquadratic Toeplitz matrix–vector product approach’, IEEE Trans. Comput., 2014, 63, (5), pp. 1169–1181

ELECTRONICS LETTERS 30th April 2015 Vol. 51 No. 9 pp. 697–699