Optimum Digit Serial GF(2^m) Multipliers for Curve-Based Cryptography

Digit serial multipliers are used extensively in hardware implementations of elliptic and hyperelliptic curve cryptography. This contribution shows different architectural enhancements in least significant digit (LSD) multiplier for binary fields GF(2^m). We propose two different architectures, the double accumulator multiplier (DAM) and N-accumulator multiplier (NAM), which are both faster compared to traditional LSD multipliers. Our evaluation of the multipliers for different digit sizes gives optimum choices and shows that currently used digit sizes are the worst possible choices. Hence, one of the most important results of this contribution is that digit sizes of the form 2^l - 1, where l is an integer, are preferable for the digit multipliers. Furthermore, one should always use the NAM architecture to get the best timings. Considering the time area product DAM or NAM gives the best performance depending on the digit size