Designs, Codes and Cryptography

, Volume 87, Issue 2–3, pp 527–546 | Cite as

Evaluating Bernstein–Rabin–Winograd polynomials

  • Sebati Ghosh
  • Palash SarkarEmail author
Part of the following topical collections:
  1. Special Issue: Coding and Cryptography


We describe an algorithm which can efficiently evaluate Bernstein–Rabin–Winograd (BRW) polynomials. The presently best known complexity of evaluating a BRW polynomial on \(m\ge 3\) field elements is \(\lfloor m/2\rfloor \) field multiplications. Typically, a field multiplication consists of a basic multiplication followed by a reduction. The new algorithm requires \(\lfloor m/2\rfloor \) basic multiplications and \(1+\lfloor m/4\rfloor \) reductions. Based on the new algorithm for evaluating BRW polynomials, we propose two new hash functions \({\textsf {BRW}}128\) and \({\textsf {BRW}}256\) with digest sizes 128 bits and 256 bits respectively. The practicability of these hash functions is demonstrated by implementing them using instructions available on modern Intel processors. Timing results obtained from the implementations suggest that \({\textsf {BRW}}\) based hashing compares favourably to the highly optimised implementation by Gueron of Horner’s rule based hash function.


Almost universal hash function BRW polynomials Field multiplication Reduction Message authentication code 

Mathematics Subject Classification

11T71 68P25 94A60 



We acknowledge with thanks several helpful discussions with Debrup Chakraborty. We are indebted to the reviewers for their careful reading of the paper and providing helpful comments.


  1. 1.
    Bernstein D.J.: The Poly1305-AES message-authentication code. In: Gilbert H., Handschuh H. (eds.) FSE, Lecture Notes in Computer Science, vol. 3557, pp. 32–49. Springer, Berlin (2005).Google Scholar
  2. 2.
    Bernstein D.J.: Polynomial evaluation and message authentication (2007).
  3. 3.
    Carter L., Wegman M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979).MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Chakraborty D., Ghosh S., Sarkar P.: A fast single-key two-level universal hash function. IACR Trans. Symmetric Cryptol. 2017(1), 106–128 (2017).Google Scholar
  5. 5.
    Chakraborty D., Mancillas-López C., Rodríguez-Henríquez F., Sarkar P.: Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes. IEEE Trans. Comput. 62(2), 279–294 (2013).MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Gueron S., Kounavis M.E.: Efficient implementation of the Galois Counter Mode using a carry-less multiplier and a fast reduction algorithm. Inf. Process. Lett. 110(14–15), 549–553 (2010).MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Gueron S., Langley A., Lindell Y.: AES-GCM-SIV: specification and analysis. IACR Cryptol. 2017, 168 (2017).Google Scholar
  8. 8.
    Krovetz T., Rogaway P.: The software performance of authenticated-encryption modes. In: Joux A. (ed.) Fast Software Encryption—18th International Workshop, FSE 2011, Lyngby, Denmark, 13–16 February, 2011, Revised Selected Papers, vol. 6733 of Lecture Notes in Computer Science, pp. 306–327. Springer, Berlin (2011).Google Scholar
  9. 9.
    Rabin M.O., Winograd S.: Fast evaluation of polynomials by rational preparation. Commun. Pure Appl. Math. 25, 433–458 (1972).MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Sarkar P.: Efficient tweakable enciphering schemes from (block-wise) universal hash functions. IEEE Trans. Inf. Theory 55(10), 4749–4760 (2009).MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Sarkar P.: A new multi-linear universal hash family. Des. Codes Cryptogr. 69(3), 351–367 (2013).MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Wegman M.N., Carter L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981).MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Indian Statistical InstituteKolkataIndia

Personalised recommendations