Evaluating Bernstein–Rabin–Winograd polynomials

Article Type

Research Article

Publication Title

Designs, Codes, and Cryptography

Abstract

We describe an algorithm which can efficiently evaluate Bernstein–Rabin–Winograd (BRW) polynomials. The presently best known complexity of evaluating a BRW polynomial on m≥ 3 field elements is ⌊ m/ 2 ⌋ field multiplications. Typically, a field multiplication consists of a basic multiplication followed by a reduction. The new algorithm requires ⌊ m/ 2 ⌋ basic multiplications and 1 + ⌊ m/ 4 ⌋ reductions. Based on the new algorithm for evaluating BRW polynomials, we propose two new hash functions BRW128 and BRW256 with digest sizes 128 bits and 256 bits respectively. The practicability of these hash functions is demonstrated by implementing them using instructions available on modern Intel processors. Timing results obtained from the implementations suggest that BRW based hashing compares favourably to the highly optimised implementation by Gueron of Horner’s rule based hash function.

First Page

527

Last Page

546

DOI

10.1007/s10623-018-0561-7

Publication Date

3-15-2019

Share

COinS