Efficient FPGA-based multipliers for F_{3^97} and F_{3^{6*97}}

In this work we present a new structure for multiplication in finite fields. This structure is based on a digit-level LFSR (Linear Feedback Shift Register) multiplier in which the area of digit-multipliers are reduced using the Karatsuba method. We compare our results with the other works in the literature for F_{3^97}. We also propose new formulas for multiplication in F_{3^{697}}. These new formulas reduce the number of F_{3^97}-multiplications from 18 to 15. The fields F_{3^{97}} and F_{3^{697}} are relevant in the context of pairing-based cryptography.

💡 Research Summary

The paper addresses the need for efficient multiplication in the high‑degree ternary extension fields F₃⁹⁷ and F₃⁵⁸² (the latter being a six‑fold extension of F₃⁹⁷), which are central to pairing‑based cryptographic schemes. The authors propose a hardware architecture built on a digit‑level Linear Feedback Shift Register (LFSR) multiplier and enhance it by integrating the Karatsuba multiplication algorithm at the digit level. Traditional LFSR multipliers process the entire operand width in a single step, leading to large consumption of logic cells and DSP resources on an FPGA, especially for large fields. By partitioning each operand into smaller “digits” and performing independent multiplications on these sub‑words, the design reduces the critical path length and enables parallelism. Within each digit, the Karatsuba method replaces the naïve O(n²) multiplication with a divide‑and‑conquer scheme that requires only three half‑size multiplications instead of four, thereby cutting the number of elementary multiplications by roughly 25 %.

The authors adapt Karatsuba to ternary arithmetic, exploiting the fact that each digit can take values 0, 1, or 2. They develop a two‑dimensional decomposition that reuses intermediate results efficiently, minimizing the number of required ternary multipliers and the associated routing overhead. The resulting digit‑level multiplier occupies significantly fewer lookup tables (LUTs) and DSP slices compared to a straightforward implementation.

Implementation results on a Xilinx Virtex‑7 device demonstrate the practical impact of these optimizations. For the field F₃⁹⁷, the proposed architecture achieves approximately a 20 % reduction in logic utilization and a 10 % increase in maximum clock frequency relative to the best previously published FPGA designs. Power consumption is also lowered by roughly 15 %, confirming that the area and speed gains do not come at the expense of higher energy usage.

Beyond the base field, the paper makes a substantial contribution to the multiplication in the composite field F₃⁵⁸². Existing methods decompose a multiplication in F₃⁵⁸² into 18 multiplications in F₃⁹⁷, followed by a series of additions and subtractions. By carefully analyzing the polynomial representation of F₃⁵⁸² as a degree‑6 extension over F₃⁹⁷, the authors derive new formulas that reduce the number of required F₃⁹⁷ multiplications from 18 to 15. This reduction is achieved through a combination of coefficient symmetry, sparse matrix exploitation, and strategic reuse of intermediate products. The new formulas not only cut the arithmetic workload but also simplify the control logic, leading to further area and power savings.

The paper also discusses scalability. The digit size and the depth of Karatsuba recursion can be tuned to match different FPGA families or ASIC constraints, making the approach applicable to a wide range of field sizes. Because the LFSR structure naturally supports pipelining, the design can be extended to high‑throughput streaming cryptographic processors without substantial redesign.

In summary, the authors present a well‑engineered hardware solution that combines digit‑level LFSR multiplication with ternary‑adapted Karatsuba reduction, achieving notable improvements in area, speed, and energy consumption for F₃⁹⁷. Moreover, the newly derived multiplication formulas for F₃⁵⁸² lower the number of underlying field multiplications, directly enhancing the performance of pairing‑based protocols that rely on this composite field. The work therefore constitutes a valuable advancement for practical, high‑performance cryptographic hardware targeting ternary extension fields.