Itoh–Tsujii inversion algorithm: Difference between revisions

Content deleted Content added
m Undid revision 1251620855 by Linos Ellis (talk)
No edit summary
Line 1:
While the algorithm is often called the Itoh-Tsujii algorithm, it was first presented by Feng<ref>{{cite journal |first=Gui-Liang |last=Feng |title=A {VLSI} architecture for fast inversion in {{math|GF(2<sup>''m''</sup>)}}
The '''Itoh–Tsujii inversion algorithm''' is used to invert elements in a [[finite field]]. It was introduced in 1988, first over GF(2<sup>''m''</sup>) using the [[normal basis]] representation of elements, however, the algorithm is generic and can be used for other bases, such as the [[polynomial basis]]. It can also be used in any finite field GF(''p''<sup>''m''</sup>).
|journal=[[IEEE Transactions on Computers]] |volume=38 |issue=10 |pages=1383-1386 |date=Oct. 1989 } }</ref>. This paper was received on March 13, 1987 and published in October 1989.
Itoh and Tsujii's paper
<ref>{{cite journal |first1=Toshiya |last1=Itoh|first2=Shigeo |last2=Tsujii
|title=A fast algorithm for computing multiplicative inverses in {{math|GF(2<sup>''m''</sup>)}}
|journal=[[Information and Computation]]
|volume=78 |pages=171-177 |date=1988 } }</ref>
was received on July 8, 1987 and published in 1988.
 
This algorithm is first used to invert elements in [[finite field]] {{math|GF(2<sup>''m''</sup>)}} using
the [[normal basis]] representation of elements, however, it is generic and can be used for other bases,
such as the [[polynomial basis]]. It can also be used in any finite field {{math|GF(''p''<sup>''m''</sup>)}}.
 
The algorithm is as follows:
Line 12 ⟶ 23:
 
This algorithm is fast because steps 3 and 5 both involve operations in the subfield GF(''p''). Similarly, if a small value of ''p'' is used, a lookup table can be used for inversion in step 4. The majority of time spent in this algorithm is in step&nbsp;2, the first exponentiation. This is one reason why this algorithm is well suited for the normal basis, since squaring and exponentiation are relatively easy in that basis.
 
This algorithm is based on the fact that {{math|GF(''p''<sup>''m''</sup>)<sup>*</sup>}} is a cyclic group of order {{math|''p''<sup>''m''</sup>-1}}.
Given a nonzero element {{math|''A''}} in [[finite field]] {{math|GF(2<sup>''m''</sup>)}}, we have
<math display="block">
A^{-1}=A^{2^m-2}=A^{2^{m-1}} \cdot A^{2^{m-2}} \cdot A^{2^{m-3}} \cdots A^{2^{2}} \cdot A^{2^{1}}=\prod_{i=1}^{m-1}{A^{2^i}}.
</math>
 
The above {{math|''A''<sup>-1</sup>}} expression itself is close to that of the multiplicative Norm function, which is defined as
<math display="block">
Norm(A)=\prod_{i=0}^{m-1}{A^{2^i}}.
</math>
 
This viewpoint leads us to consider the additive absolute Trace function
<ref>{{cite web |url=http://eprint.iacr.org/2020/482.pdf |title=A Trace Based {{math|GF(2<sup>''n''</sup>)}} Inversion Algorithm
|access-date=2022-08-08 |archive-url=http://eprint.iacr.org/2020/482
|archive-date=May 6, 2020 }}</ref>
, which is defined as
<math display="block">
Tr(A)=\sum_{i=0}^{m-1}{A^{2^i}}.
</math>
 
If {{math|''Tr''(''A'')=0}}, then we have
<math display="block">
A=\sum_{i=1}^{m-1}{A^{2^i}}$
</math>
and can express {{math|''A''<sup>-1</sup>}} as
<math display="block">
A^{-1}=A^{-2}\sum_{i=1}^{m-1}{A^{2^i}}=\sum_{i=1}^{m-1}{A^{2^i-2}}=\sum_{j=0}^{m-2}{(A^2)^{2^{j}-1}}.
</math>
 
In some {{math|GF(2<sup>''m''</sup>)}}s, for example, {{math|{{math|GF(2<sup>8</sup>)}}, this formula needs 1 less
multiplication operation than Feng and Itoh-Tsujii algorithm for elements with Trace value 0:
because
<math display="block">
0=Tr(A)=A+A^2+A^4+A^8+A^{16}+A^{32}+A^{64}+A^{128},
</math>
we have
<math display="block">
A=A^2+A^4+A^8+A^{16}+A^{32}+A^{64}+A^{128}
</math>
and
<math display="block">
A^{-1}=1+A^2+A^6+A^{14}+A^{30}+A^{62}+A^{126}=1+ \{(A+A^3+A^7)+[(A+A^{3}+A^{7})^8A^7] \}^2.
</math>
 
This additive formula needs 3 multiplications, 4 additions and 6 squarings.
 
But the multiplicative formula
<math display="block">
A^{-1}=A^{254}=A^2A^4A^8A^{16}A^{32}A^{64}A^{128}=\{ A(A \cdot A^2A^4)^2 (A \cdot A^2A^4)^{16} \}^2
</math>
needs 4 multiplications and 7 squarings.
 
 
== See also ==