Polynomial basis

In mathematics, a polynomial basis is basis of a polynomial ring, viewed as a vector space over the field of coefficients, or as a free module over the ring of coefficients. The most common polynomial basis is the monomial basis consisting of all monomials. Other useful polynomial bases are the Bernstein basis and the various sequences of orthogonal polynomials.

In the case of a finite extension of a finite fields, polynomial basis may also refer to a basis of the extension of the form

\{ 1, \alpha, \ldots, \alpha^{m-1}\}\,,

where α is the root of a primitive polynomial of degree m equal of the degree of the extension).^[1]

The set of elements of GF(p^m) can then be represented as:

\{ 0, 1, \alpha, \alpha^2, \ldots, \alpha^{p^{m}-2} \}

using Zech's logarithms.

Addition

Addition using the polynomial basis is as simple as addition modulo p. For example, in GF(3^m):

(2\alpha^2 + 2\alpha + 1) + (2\alpha + 2) = 2\alpha^2 + 4\alpha + 3 \mod{3} = 2\alpha^2 + \alpha

In GF(2^m), addition is especially easy, since addition and subtraction modulo 2 are the same thing (so like terms "cancel out"), and furthermore this operation can be done in hardware using the basic XOR logic gate.

Multiplication

Multiplication of two elements in the polynomial basis can be accomplished in the normal way of multiplication, but there are a number of ways to speed up multiplication, especially in hardware. Using the straightforward method to multiply two elements in GF(p^m) requires up to m² multiplications in GF(p) and up to m² − m additions in GF(p).

Some of the methods for reducing these values include:

Lookup tables — a prestored table of results; mainly used for small fields, otherwise the table is too large to implement
The Karatsuba algorithm — repeatedly breaking the multiplication into pieces, decreasing the total number of multiplications but increasing the number of additions. As seen above, addition is very simple, but the overhead in breaking down and recombining the parts make it prohibitive for hardware, although it is often used in software. It can even be used for general multiplication, and is done in many computer algebra systems.
Linear feedback shift register-based multiplication
Subfield computations — breaking the multiplication in GF(p^m) to multiplications in GF(p^x) and GF(p^y), where x × y = m. This is not frequently used for cryptographic purposes, since some composite degree fields are avoided because of known attacks on them.
Pipelined multipliers — storing intermediate results in buffers so that new values can be loaded into the multiplier faster
Systolic multipliers — using many cells that communicate with neighboring cells only; typically systolic devices are used for computation-intensive operations where input and output sizes are not as important, such as multiplication.

Squaring

Squaring is an important operation because it can be used for general exponentiation as well as inversion of an element. The most basic way to square an element in the polynomial basis would be to apply a chosen multiplication algorithm on an element twice. In general case, there are minor optimizations that can be made, specifically related to the fact that when multiplying an element by itself, all the bits will be the same. In practice, however, the irreducible polynomial for the field is chosen with very few nonzero coefficients which makes squaring in polynomial basis of GF(2^m) much simpler than multiplication.^[2]

Inversion

Inversion of elements can be accomplished in many ways, including:

Lookup tables — once again, only for small fields otherwise the table is too large for implementation
Subfield inversion — by solving systems of equations in subfields
Repeated square and multiply — for example in GF(2^m), A⁻¹ = A^{2^m− 2}
The Extended Euclidean algorithm
The Itoh-Tsujii inversion algorithm

Usage

The polynomial basis is frequently used in cryptographic applications that are based on the discrete logarithm problem such as elliptic curve cryptography.

The advantage of the polynomial basis is that multiplication is relatively easy. For contrast, the normal basis is an alternative to the polynomial basis and it has more complex multiplication but squaring is very simple. Hardware implementations of polynomial basis arithmetic usually consume more power than their normal basis counterparts.

References

↑ Roman, Steven (1995). Field Theory. New York: Springer-Verlag. ISBN 0-387-94407-9.
↑ Huapeng, Wu (2001). "Selected Areas in Cryptography: 7th Annual International Workshop, SAC 2000, Waterloo, Ontario, Canada, August 14–15, 2000,". Springer. p. 118. |chapter= ignored (help)