Optimal extension fields for XTR

Abstract

Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security [6]. XTR is a new method to represent elements of a subgroup of a multiplicative group of a finite field GF(p6) and it can be generalized to the field GF(p6m) [6,9]. This paper proposes optimal extension fields for XTR among Galois fields GF(p6m) which can be applied to XTR. In order to select such fields, we introduce a new notion of Generalized Optimal Extension Fields(GOEFs) and suggest a condition of prime p, a defining polynomial of GF(p2m) and a fast method of multiplication in GF(p2m) to achieve fast finite field arithmetic in GF(p2m). From our implementation results, GF(p36) → GF(p12) is the most efficient extension fields for XTR and computing Tr(gn) given Tr(g) in GF(p12) is on average more than twice faster than that of the XTR system[6,10] on Pentium III/700MHz which has 32-bit architecture. © Springer-Verlag Berlin Heidelberg 2003.