Exponentiation in finite fields: Theory and practice

  • Joachim von zur Gathen
  • Michael Nöcker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1255)


Finally we want to outline the main properties for a fast software exponentiation algorithm in \(\mathbb{F}_{2^n }\)for large n∈ℕ:

  1. 1.

    The algorithm should use fast polynomial multiplication. Neither multiplication by multiplication tensors nor classical polynomial arithmetic is fast enough.

  2. 2.

    The algorithm should be based upon an addition chain for the exponent e with a small number of non-doubling steps.

  3. 3.

    The algorithm should offer a cheap way to compute \(\alpha ^{2^m }\)for m∈ℕ and \(\alpha \in \mathbb{F}_{2^n }\). Both Shoup's and Gao et al.'s algorithm achieve this.



Finite Field Normal Basis Polynomial Multiplication Addition Chain Exponentiation Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. G. B. Agnew, R. C. Mullin, and S. A. Vanstone, Fast exponentiation in GF(2n). In Advances in Cryptology—EUROCRYPT '88, ed. C. G. Günther, vol. 330 of Lecture Notes in Computer Science, 251–255. Springer, Berlin, 1988.Google Scholar
  2. I. Bocharova and B. Kudryashov, Fast exponentiation in cryptography. In Proceedings Applied algebra, algebraic algorithms and error correcting codes: 11th International Symposium AAECC, ed. G. Cohen, Lecture notes in computer science 948, Berlin, 1995, Springer, 146–157.Google Scholar
  3. A. Brauer, On addition chains. Bull. Amer. Math. Soc.45 (1939), 736–739.Google Scholar
  4. R. P. Brent and H. T. Kung, Fast algorithms for manipulating formal power series. J. Assoc. Comput. Mach.25 (1978), 581–595.Google Scholar
  5. E. Brickell, D. Gordon, K. McCurley, and D. Wilson, Fast exponentiation with precompuation. In Advances in cryptology: Proceedings EUROCRYPT '92, ed. R. Rueppel, Lecture notes in computer science 658, Berlin, 1993, Springer, 200–207.Google Scholar
  6. D. G. Cantor, On arithmetical algorithms over finite fields. Journal of Combinatorial Theory, Series A50 (1989), 285–300.Google Scholar
  7. D. G. Cantor and E. Kaltofen, On fast multiplication of polynomials over arbitrary algebras. Acta. Inform.28 (1991), 693–701.Google Scholar
  8. D. Coppersmith and S. Winograd, Matrix multiplication via arithmetic progressions. J. Symb. Comp.9 (1990), 251–280.Google Scholar
  9. W. Diffie and M. E. Hellman, New directions in cryptography. IEEE Trans. Inform. Theory22 (1976), 644–654.CrossRefGoogle Scholar
  10. P. Downey, B. Leong, and R. Sethi, Computing sequences with addition chains. SIAM J. Comput.10(3) (1981), 638–646.Google Scholar
  11. T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on information theoryIT-31(4) (1985), 469–472.CrossRefGoogle Scholar
  12. S. Gao and H. W. Lenstra, Jr., Optimal normal bases. Designs, Codes, and Cryptography2 (1992), 315–323.Google Scholar
  13. S. Gao, J. von Zur Gathen, and D. Panario, Gauss periods and fast exponentiation in finite fields. In Proc. Latin '95, Valparaiso, Chile, Springer Lecture Notes in Computer Science 911, 1995, 311–322.Google Scholar
  14. J. von Zur Gathen, Efficient and optimal exponentiation in finite fields. Comput complexity1 (1991), 360–394.Google Scholar
  15. J. von Zur Gathen and J. Gerhard, Arithmetic and factorization of polynomials over \(\mathbb{F}_2\). In Proc. ISSAC '96, Zürich, Switzerland. ACM press, 1996, 1–9.Google Scholar
  16. Joachim von Zur Gathen and Sandra Schlink, Normal bases via general Gauss periods. Reihe Informatik tr-ri-96-177, Universität-Gesamthochschule Paderborn, 1996.Google Scholar
  17. J. von Zur Gathen and V. Shoup, Computing Frobenius maps and factoring polynomials. Computational complexity 2 (1992), 187–224.Google Scholar
  18. W. Geiselmann, Algebraische Algorithmenentwicklung am Beispiel der Arithmetik in endlichen Körpern. Dissertation, Universität Karlsruhe, Aachen, 1994.Google Scholar
  19. T. Itoh and S. Tsujii, A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases. Information and Computation78 (1988), 171–177.Google Scholar
  20. D. Jungnickel, Finite Fields: Structure and Arithmetics. BI Wissenschaftsverlag, Mannheim, 1993.Google Scholar
  21. A. Karatsuba and Y. Ofman, УМНожеНИе МНогозНаЧНЫх чИсел На автОМатах. Dokl. Akad. Nauk USSR145 (1962), 293–294. Multiplication of multidigit numbers on automata, Soviet Physics-Doklady 7 (1963), 595–596.Google Scholar
  22. D. E. Knuth, The Art of Computer Programming, Vol.2, Seminumerical Algorithms. Addison-Wesley, Reading MA, 2 edition, 1981.Google Scholar
  23. D. H. Lehmer, Euclid's algorithm for large numbers. American Mathematical Monthly45 (1938), 227–233.Google Scholar
  24. R. Lidl and H. Niederreiter, Finite Fields. Encyclopedia of Mathematics and its Applications 20. Addison-Wesley, Reading MA, 1983.Google Scholar
  25. M. Lothaire, Combinatorics on Words. Addison-Wesley Reading, MA, 1983.Google Scholar
  26. Alfred J. Menezes, Ian F. Blake, XuHong Gao, Ronald C. Mullin, Scott A. Vanstone, and Tomik Yaghoobian, Applications af finite fields. Kluwer Academic Publishers, Norwell MA, 1993.Google Scholar
  27. R. C. Mullin, I. M. Onyszchuk, S. A. Vanstone, and R. M. Wilson, Optimal normal bases in GF(pn). Discrete Applied Math.22 (1989), 149–161.Google Scholar
  28. A. Odlyzko, Discrete logarithms and their cryptographic significance. In Advances in Cryptology, Proceedings of Eurocrypt 1984. Springer-Verlag, 1985, 224–314.Google Scholar
  29. R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM21 (1978), 120–126.CrossRefGoogle Scholar
  30. P. de Rooij, Efficient exponentiation using precomputation and vector addition chains. In Advances in cryptology: Proceedings EUROCRYPT '94, ed. A. DeSantis, Lecture notes in computer science 950, Berlin, 1995, Springer, 389–399.Google Scholar
  31. A. Schönhage, Schnelle Berechnung von Kettenbruchentwicklungea. Acta Informatica1 (1971), 139–144.Google Scholar
  32. A. Schönhage, A lower bound for the length of addition chains. Theor. Computer Science1 (1975), 1–12.Google Scholar
  33. A. Schönhage, Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Inf.7 (1977), 395–398.Google Scholar
  34. A. Schönhage and V. Strassen, Schnelle Multiplikation großer Zahlen. Computing7 (1971), 281–292.Google Scholar
  35. V. Shoup, Exponentiation in GF(2 n) using fewer polynomial multiplications. Preprint, 1994.Google Scholar
  36. D. R. Stinson, Some observations on parallel algorithms for fast exponentiation in GF(2n). SIAM J. Comput.19 (1990), 711–717.Google Scholar
  37. V. Strassen, Gaussian elimination is not optimal. Numer. Mathematik13 (1969), 354–356.Google Scholar
  38. V. Strassen, The computational complexity of continued fractions. SIAM J. Comput.12 (1983), 1–27.Google Scholar
  39. B. P. Tunstall, Synthesis of noiseless compression codes. Ph.D. dissertation, Georgia Inst. Technol., 1968.Google Scholar
  40. A. Wassermann, Zur Arithmetik in endlichen Körpern. Bayreuther Math. Schriften44 (1993), 147–251.Google Scholar
  41. Y. Yacobi, Exponentiating faster with addition chains. In Advances in cryptology: Proceedings EUROCRYPT '90, ed. I. Damgard, Lecture notes in computer science 473, Berlin, 1991, Springer, 222–229.Google Scholar
  42. J. Ziv and A. Lempel, Compression of individual sequences via variable-rate coding. IEEE Trans. Inform. TheoryIT-24(5) (1978), 530–536.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Joachim von zur Gathen
    • 1
  • Michael Nöcker
    • 1
  1. 1.Fachbereich 17 Mathematik-InformatikUniversität-GH PaderbornPaderbornGermany

Personalised recommendations