Abstract
In this study, we present a new formal method for verifying the functionality of Galois-field (GF) arithmetic circuits. Assuming that the input–output relation (i.e., the specification of a GF arithmetic circuit) can be represented as polynomials over 2, the proposed method formally checks the equivalence between GF polynomials derived from a netlist and the specification. To efficiently verify the equivalence, we employ a zero-suppressed binary decision diagram (ZDD) to represent polynomials over 2. Even though polynomial reduction is the most time-consuming process of verification (i.e., equivalence checking), our new algorithm can efficiently reduce the GF polynomials in the form of a zero-suppressed binary decision diagram derived from the target netlist. The proposed algorithm derives the polynomials representing all intermediate nodes (i.e., the outputs of all gates) in the order from primary inputs to those primary outputs that are in accordance with the reverse topological traversal order. We demonstrated the efficiency and effectiveness of the proposed method via a set of experimental verifications. In particular, we confirmed that the proposed method can verify practical GF multipliers (including those used in standardized elliptic curve cryptography) approximately 30 times faster on average and at most 170 times faster than the best conventional method.
Highlights
G ALOIS-FIELD (GF) arithmetic circuits have been widely employed in cryptographic and errorcorrecting modules for constructing secure and reliable information systems
Formal verification was initially performed by checking the equivalence between the target and reference circuits using a decision diagram (DD), such as a binary DD (BDD) and binary moment diagram (BMD) [3], [4]
We propose a novel formal method for verifying GF arithmetic circuits based on equivalence checking between circuit specification and the gate-level netlist
Summary
G ALOIS-FIELD (GF) (or finite field) arithmetic circuits have been widely employed in cryptographic and errorcorrecting modules for constructing secure and reliable information systems. Formal verification was initially performed by checking the equivalence between the target and reference circuits using a decision diagram (DD), such as a binary DD (BDD) and binary moment diagram (BMD) [3], [4] Even though these DD-based methods have been efficiently applied to integer arithmetic circuits, their application to practical GF arithmetic circuits (e.g., multipliers with an operand bit length exceeding 16 bits) would be difficult because of the difference in logical structures [5]. We attempted to address the abovementioned problems by proposing a new formal method to verify the functionality of practical and sophisticated GF arithmetic circuits that can be applied to gate-level flattened netlists without any golden models. The proposed method verified 571-bit Mastrovito and Montgomery multipliers within approximately 1.49 and 427 s, respectively, whereas the conventional method required 109 s and 9 h, respectively
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
