By Robert W. Fitzgerald, Joseph L. Yucas (auth.), Claude Carlet, Berk Sunar (eds.)

Specific factorizations, right into a fabricated from irreducible polynomials, over Fq of thecyclotomic polynomials Q2n(x) are given in [4] while q ≡ 1 (mod 4). The caseq ≡ three (mod four) is completed in [5]. the following we supply factorizations of Q2nr(x) the place ris leading and q ≡ ±1 (mod r). particularly, this covers Q2n3(x) for all Fq ofcharacteristic now not 2, three. We practice this to get specific factorizations of the firstand moment variety Dickson polynomials of order 2n3 and 2n3 − 1 respectively.Explicit factorizations of convinced Dickson polynomials were used to computeBrewer sums [1]. yet our easy motivation is interest, to determine what factorsarise. Of curiosity then is how the generalized Dickson polynomials Dn(x, b) arisein the criteria of the cyclotomic polynomials and the way the Dickson polynomialsof the 1st style look within the elements of either varieties of Dickson polynomials.

32 bits) of the multiplication result after step 2 (with reduced coeﬃcients) is added to the lower word. e. the accumulator) of the uniﬁed MAC unit without much overhead. The only remaining operation to perform is the reduction modulo f (x) (step 2). In the following we introduce the basic ideas for integrating this operation into the uniﬁed multiplier presented in [6]. 1 Basic Uniﬁed Multiplier Architecture The white blocks in Figure 1 show the structure of our baseline multiplier. All grey blocks are added for AES MixColumns support and will be described in detail in Section 5.

In: Proceedings of the 18th IEEE Symposium on Computer Arithmetic (To appear, 2007) A Coprocessor for the Final Exponentiation of the ηT Pairing 37 6. : Identity-based encryption from the Weil pairing. In: Kilian, J. ) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001) 7. : Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. ) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005) 8. : Short signatures from the Weil pairing.

A multiplication of two binary polynomials of degree ≤ 7 can be easily performed in one clock cycle with the help of a custom instruction like gf2mul [17]. e. requires much longer than one cycle. Therefore, it is desirable to provide hardware support for the reduction operation modulo irreducible polynomials of small degree. 44 3 S. Tillich and J. Großsch¨ adl Implementation Options for AES The Advanced Encryption Standard (AES) is a block cipher with a ﬁxed block size of 128 bits and a variable key size of 128, 192, or 256 bits [3].