Faster binary-field multiplication and faster binary-field MACs

D.J. Bernstein; T. Chou

doi:10.1007/978-3-319-13051-4_6

Faster binary-field multiplication and faster binary-field MACs

D.J. Bernstein
, T. Chou

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

12 Citaten (Scopus)

Samenvatting

This paper shows how to securely authenticate messages using just 29 bit operations per authenticated bit, plus a constant overhead per message. The authenticator is a standard type of "universal" hash function providing information-theoretic security; what is new is computing this type of hash function at very high speed. At a lower level, this paper shows how to multiply two elements of a field of size 2^128 using just 9062 \approx 71 * 128 bit operations, and how to multiply two elements of a field of size 2^256 using just 22164 \approx 87 * 256 bit operations. This performance relies on a new representation of field elements and new FFT-based multiplication techniques. This paper's constant-time software uses just 1.89 Core 2 cycles per byte to authenticate very long messages. On a Sandy Bridge it takes 1.43 cycles per byte, without using Intel's PCLMULQDQ polynomial-multiplication hardware. This is much faster than the speed records for constant-time implementations of GHASH without PCLMULQDQ (over 10 cycles/byte), even faster than Intel's best Sandy Bridge implementation of GHASH with PCLMULQDQ (1.79 cycles/byte), and almost as fast as state-of-the-art 128-bit prime-field MACs using Intel's integer-multiplication hardware (around 1 cycle/byte). Keywords: Performance, FFTs, Polynomial multiplication, Universal hashing, Message authentication

Originele taal-2	Engels
Titel	Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers
Redacteuren	A. Joux, A. Youssef
Uitgeverij	Springer
Pagina's	92-111
ISBN van geprinte versie	978-3-319-13050-7
DOI's	https://doi.org/10.1007/978-3-319-13051-4_6
Status	Gepubliceerd - 2014
Evenement	21st International Conference on Selected Areas in Cryptography (SAC 2014) - Sackville, Canada Duur: 14 aug. 2014 → 15 aug. 2014 Congresnummer: 21

Publicatie series

Naam	Lecture Notes in Computer Science
ISSN van geprinte versie	0302-9743

Congres

Congres	21st International Conference on Selected Areas in Cryptography (SAC 2014)
Verkorte titel	SAC 2014
Land/Regio	Canada
Stad	Sackville
Periode	14/08/14 → 15/08/14
Ander	21st International Conference on Selected Areas in Cryptography

Toegang tot document

10.1007/978-3-319-13051-4_6

Citeer dit

Bernstein, D. J., & Chou, T. (2014). Faster binary-field multiplication and faster binary-field MACs. In A. Joux, & A. Youssef (editors), Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers (blz. 92-111). (Lecture Notes in Computer Science). Springer. https://doi.org/10.1007/978-3-319-13051-4_6

@inproceedings{42f264c1fd654cc5964b47daaf5efd19,

title = "Faster binary-field multiplication and faster binary-field MACs",

abstract = "This paper shows how to securely authenticate messages using just 29 bit operations per authenticated bit, plus a constant overhead per message. The authenticator is a standard type of {"}universal{"} hash function providing information-theoretic security; what is new is computing this type of hash function at very high speed. At a lower level, this paper shows how to multiply two elements of a field of size 2\textasciicircum{}128 using just 9062 \textbackslash{}approx 71 * 128 bit operations, and how to multiply two elements of a field of size 2\textasciicircum{}256 using just 22164 \textbackslash{}approx 87 * 256 bit operations. This performance relies on a new representation of field elements and new FFT-based multiplication techniques. This paper's constant-time software uses just 1.89 Core 2 cycles per byte to authenticate very long messages. On a Sandy Bridge it takes 1.43 cycles per byte, without using Intel's PCLMULQDQ polynomial-multiplication hardware. This is much faster than the speed records for constant-time implementations of GHASH without PCLMULQDQ (over 10 cycles/byte), even faster than Intel's best Sandy Bridge implementation of GHASH with PCLMULQDQ (1.79 cycles/byte), and almost as fast as state-of-the-art 128-bit prime-field MACs using Intel's integer-multiplication hardware (around 1 cycle/byte). Keywords: Performance, FFTs, Polynomial multiplication, Universal hashing, Message authentication",

author = "D.J. Bernstein and T. Chou",

year = "2014",

doi = "10.1007/978-3-319-13051-4\_6",

language = "English",

isbn = "978-3-319-13050-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "92--111",

editor = "A. Joux and A. Youssef",

booktitle = "Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers",

address = "Germany",

note = "21st International Conference on Selected Areas in Cryptography (SAC 2014), SAC 2014 ; Conference date: 14-08-2014 Through 15-08-2014",

}

Bernstein, DJ & Chou, T 2014, Faster binary-field multiplication and faster binary-field MACs. in A Joux & A Youssef (reds.), Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers. Lecture Notes in Computer Science, Springer, blz. 92-111, 21st International Conference on Selected Areas in Cryptography (SAC 2014), Sackville, New Brunswick, Canada, 14/08/14. https://doi.org/10.1007/978-3-319-13051-4_6

Faster binary-field multiplication and faster binary-field MACs. / Bernstein, D.J.; Chou, T.
Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers. reds. / A. Joux; A. Youssef. Springer, 2014. blz. 92-111 (Lecture Notes in Computer Science).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Faster binary-field multiplication and faster binary-field MACs

AU - Bernstein, D.J.

AU - Chou, T.

N1 - Conference code: 21

PY - 2014

Y1 - 2014

N2 - This paper shows how to securely authenticate messages using just 29 bit operations per authenticated bit, plus a constant overhead per message. The authenticator is a standard type of "universal" hash function providing information-theoretic security; what is new is computing this type of hash function at very high speed. At a lower level, this paper shows how to multiply two elements of a field of size 2^128 using just 9062 \approx 71 * 128 bit operations, and how to multiply two elements of a field of size 2^256 using just 22164 \approx 87 * 256 bit operations. This performance relies on a new representation of field elements and new FFT-based multiplication techniques. This paper's constant-time software uses just 1.89 Core 2 cycles per byte to authenticate very long messages. On a Sandy Bridge it takes 1.43 cycles per byte, without using Intel's PCLMULQDQ polynomial-multiplication hardware. This is much faster than the speed records for constant-time implementations of GHASH without PCLMULQDQ (over 10 cycles/byte), even faster than Intel's best Sandy Bridge implementation of GHASH with PCLMULQDQ (1.79 cycles/byte), and almost as fast as state-of-the-art 128-bit prime-field MACs using Intel's integer-multiplication hardware (around 1 cycle/byte). Keywords: Performance, FFTs, Polynomial multiplication, Universal hashing, Message authentication

AB - This paper shows how to securely authenticate messages using just 29 bit operations per authenticated bit, plus a constant overhead per message. The authenticator is a standard type of "universal" hash function providing information-theoretic security; what is new is computing this type of hash function at very high speed. At a lower level, this paper shows how to multiply two elements of a field of size 2^128 using just 9062 \approx 71 * 128 bit operations, and how to multiply two elements of a field of size 2^256 using just 22164 \approx 87 * 256 bit operations. This performance relies on a new representation of field elements and new FFT-based multiplication techniques. This paper's constant-time software uses just 1.89 Core 2 cycles per byte to authenticate very long messages. On a Sandy Bridge it takes 1.43 cycles per byte, without using Intel's PCLMULQDQ polynomial-multiplication hardware. This is much faster than the speed records for constant-time implementations of GHASH without PCLMULQDQ (over 10 cycles/byte), even faster than Intel's best Sandy Bridge implementation of GHASH with PCLMULQDQ (1.79 cycles/byte), and almost as fast as state-of-the-art 128-bit prime-field MACs using Intel's integer-multiplication hardware (around 1 cycle/byte). Keywords: Performance, FFTs, Polynomial multiplication, Universal hashing, Message authentication

U2 - 10.1007/978-3-319-13051-4_6

DO - 10.1007/978-3-319-13051-4_6

M3 - Conference contribution

SN - 978-3-319-13050-7

T3 - Lecture Notes in Computer Science

SP - 92

EP - 111

BT - Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers

A2 - Joux, A.

A2 - Youssef, A.

PB - Springer

T2 - 21st International Conference on Selected Areas in Cryptography (SAC 2014)

Y2 - 14 August 2014 through 15 August 2014

ER -

Faster binary-field multiplication and faster binary-field MACs

Samenvatting

Publicatie series

Congres

Toegang tot document

Vingerafdruk

Citeer dit