Extended Euclidean algorithm

Abstract: New high-speed VLSI architectures for decoding Reed-Solomon codes with the Berlekamp-Massey algorithm are presented in this paper. The speed bottleneck in the Berlekamp-Massey algorithm is in the iterative computation of discrepancies followed by the updating of the error-locator polynomial. This bottleneck is eliminated via a series of algorithmic transformations that result in a fully systolic architecture in which a single array of processors computes both the error-locator and the error-evaluator polynomials. In contrast to conventional Berlekamp-Massey architectures in which the critical path passes through two multipliers and 1+[log/sub 2/,(t+1)] adders, the critical path in the proposed architecture passes through only one multiplier and one adder, which is comparable to the critical path in architectures based on the extended Euclidean algorithm. More interestingly, the proposed architecture requires approximately 25% fewer multipliers and a simpler control structure than the architectures based on the popular extended Euclidean algorithm. For block-interleaved Reed-Solomon codes, embedding the interleaver memory into the decoder results in a further reduction of the critical path delay to just one XOR gate and one multiplexer, leading to speed-ups of as much as an order of magnitude over conventional architectures.

Abstract: The problem of finding a greatest common divisor (GCD) of any two nonzero polynomials is fundamental to algebraic and symbolic computations, as well as to the decoder implementation for a variety of error-correcting codes. This paper describes new systolic arrays that can lead to efricient VLSI solutions to both the GCD problem and the extended GCD problem.

Abstract: Euclid's method for finding the greatest common divisor (GCD) of two integers was first described around the year 300 B.C. This simple iterative method is often regarded as the grandfather of all algorithms in Number Theory today. Many advances have been made since then--for example, Berlekamp's algorithm for multiplicative inverse and Montgomery's technique for modular multiplication. These binary add-and-shift algorithms for efficient finite field arithmetic operations have played important roles in today s public-key cryptographic systems. Yet, two thousand three hundred years after Euclid's GCD, one algorithm remained missing--division. For many decades we did not tackle modular division problems directly. Instead, we relied on the Extended Euclidean algorithm for calculating inversion and we computed division in a two-step process--inversion followed by multiplication. This practice is so deeply rooted in our teachings and doings today that we have neglected to ask whether the idea underlying the binary Extended Euclidean algorithm can also be applied to finding a general solution for field division. This paper describes such a solution: a binary add-and-shift algorithm for modular division in a residue class. This technique for fast computation of divisions in GF(2m) is the key to a highly efficient implementation of elliptic curve cryptosystems.

Abstract: A high performance elliptic curve coprocessor is developed, which is optimized for a binary field recommended by NIST The architecture uses a field multiplier capable of performing a field multiplication over the extension field with degree 163 in 0060 /spl mu/sec The coprocessor uses Lopez and Dahab's projective coordinate system and is optimized specifically for Koblitz curves An efficient implementation of Itoh and Tsujii's method for inversion with performance comparable to the extended Euclidean algorithm is used A prototype of the processor has been implemented for the binary extension field with degree 163 on a Xilinx XCV2000E FPGA The prototype runs at 66 MHz and performs an elliptic curve scalar multiplication in 0233 msec on a generic curve and 0075 msec on a Koblitz curve