Operations over GF(2^m): Comments and Conclusion

This book, page 231 (based on FPGA implementation) :

  1. For modular multipliers, combinational circuits are too expensive in terms of area for big polynomials in cases that can’t be implemented in a single device. Sequential implementations need m (degree of f(x)) cycles to obtain a result and could be too slow. A trade-off can be obtained using a sequential circuit that computes G bits per cycle. Tables 7.5 and 7.6 show results for the 163- and 233-bits NIST-recommended polynomials.
  2. Regarding squaring, combinational circuits are simpler and faster than the corresponding sequential circuits.
  3. For exponentiation, the computation time depends on the number of ones in the exponent and the multiplication deter- mines the worst time. For faster exponentiation, multipli- cation such as in Sec. 7.7.5 should be used.
  4. For division-inversion, the binary division can be used for in- version with good results. The MAIA inversion has the critical path in the computation of the degree of polynomials.
  5. For multipliers with special irreducible polynomials (AOPs, trinomials, pentanomials), combinational circuits have the same area problems as combinational multipliers with general irreducible polynomials, but with a lower complexity (area, delay).