Carry-less product

Last updated February 05, 2024

The carry-less product of two binary numbers is the result of carry-less multiplication of these numbers. This operation conceptually works like long multiplication except for the fact that the carry is discarded instead of applied to the more significant position. It can be used to model operations over finite fields, in particular multiplication of polynomials from GF(2)[X], the polynomial ring over GF(2).

Definition

Given two numbers $\textstyle a=\sum _{i}a_{i}2^{i}$ and $\textstyle b=\sum _{i}b_{i}2^{i}$ , with $a_{i},b_{i}\in \{0,1\}$ denoting the bits of these numbers. Then the carry-less product of these two numbers is defined to be $\textstyle c=\sum _{i}c_{i}2^{i}$ , with each bit $c_{i}$ computed as the exclusive or of products of bits from the input numbers as follows:^[1]

c_{i}=\bigoplus _{j=0}^{i}a_{j}b_{i-j}

Example

Consider a = 10100010₂ and b = 10010110₂, with all numbers given in binary. Then the carry-less multiplication of these is essentially what one would get from performing a long multiplication but ignoring the carries.

                  1 0 1 0 0 0 1 0 = a    ---------------|---|-------|--    1 0 0 1 0 1 1 0|0 0 0 0 0 0 0        1 0 0 1 0 1 1 0|0 0 0 0 0                1 0 0 1 0 1 1 0|0    ------------------------------    1 0 1 1 0 0 0 1 1 1 0 1 1 0 0              ^ ^

So the carry-less product of a and b would be c = 101100011101100₂. For every bit set in the number a, the number b is shifted to the left as many bits as indicated by the position of the bit in a. All these shifted versions are then combined using an exclusive or, instead of the regular addition which would be used for regular long multiplication. This can be seen in the columns indicated by ^, where regular addition would cause a carry to the column to the left, which does not happen here.

Multiplication of polynomials

The carry-less product can also be seen as a multiplication of polynomials over the field GF(2). This is because the exclusive or corresponds to the addition in this field.

In the example above, the numbers a and b corresponds to polynomials

A=\sum _{i}a_{i}X^{i}=X^{7}+X^{5}+X^{1}\qquad B=\sum _{i}b_{i}X^{i}=X^{7}+X^{4}+X^{2}+X^{1}

and the product of these is

C=A\cdot B=\sum _{i}c_{i}X^{i}=X^{14}+X^{12}+X^{11}+X^{7}+X^{6}+X^{5}+X^{3}+X^{2}

which is what the number c computed above encodes. Notice how $(X^{7}\cdot X^{1})+(X^{1}\cdot X^{7})\equiv 0$ and $(X^{7}\cdot X^{2})+(X^{5}\cdot X^{4})\equiv 0$ thanks to the arithmetic in GF(2). This corresponds to the columns marked ^ in the example.

Applications

The elements of GF(2ⁿ), i.e. a finite field whose order is a power of two, are usually represented as polynomials in GF(2)[X]. Multiplication of two such field elements consists of multiplication of the corresponding polynomials, followed by a reduction with respect to some irreducible polynomial which is taken from the construction of the field. If the polynomials are encoded as binary numbers, carry-less multiplication can be used to perform the first step of this computation.

Such fields have applications in cryptography and for some checksum algorithms.

Implementations

Recent x86 processors support the CLMUL instruction set and thus provide a hardware instruction to perform this operation.

It's also part of RISC-V Bit-Manipulation ISA-extensions Zbc: Carry-less multiplication.

For other targets it is possible to implement the computation above as a software algorithm, and many cryptography libraries will contain an implementation as part of their finite field arithmetic operations.

Other bases

The definition of a carry-less product as the result of a long multiplication discarding carry would readily apply to bases other than 2. But the result depends on the basis, which is therefore an essential part of the operation. As this operation is typically being used on computers operating in binary, the binary form discussed above is the one employed in practice.

Polynomials over other finite fields of prime order do have applications, but treating the coefficients of such a polynomial as the digits of a single number is rather uncommon, so the multiplication of such polynomials would not be seen as a carry-less multiplication of numbers.

Related Research Articles

In mathematics, a field is a set on which addition, subtraction, multiplication, and division are defined and behave as the corresponding operations on rational and real numbers. A field is thus a fundamental algebraic structure which is widely used in algebra, number theory, and many other areas of mathematics.

In computing, floating-point arithmetic (FP) is arithmetic that represents subsets of real numbers using an integer with a fixed precision, called the significand, scaled by an integer exponent of a fixed base. Numbers of this form are called floating-point numbers. For example, 12.345 is a floating-point number in base ten with five digits of precision:

In mathematics, a finite field or Galois field is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtraction and division are defined and satisfy certain basic rules. The most common examples of finite fields are given by the integers mod $p$ when $p$ is a prime number.

In mathematics, an integral domain is a nonzero commutative ring in which the product of any two nonzero elements is nonzero. Integral domains are generalizations of the ring of integers and provide a natural setting for studying divisibility. In an integral domain, every nonzero element a has the cancellation property, that is, if a ≠ 0, an equality ab = ac implies b = c.

Multiplication is one of the four elementary mathematical operations of arithmetic, with the other ones being addition, subtraction, and division. The result of a multiplication operation is called a product.

In mathematics, a product is the result of multiplication, or an expression that identifies objects to be multiplied, called factors. For example, 21 is the product of 3 and 7, and $is the product of and . When one factor is an integer, the product is called a multiple .$

In mathematics, a sequence is an enumerated collection of objects in which repetitions are allowed and order matters. Like a set, it contains members. The number of elements is called the length of the sequence. Unlike a set, the same elements can appear multiple times at different positions in a sequence, and unlike a set, the order does matter. Formally, a sequence can be defined as a function from natural numbers to the elements at each position. The notion of a sequence can be generalized to an indexed family, defined as a function from an arbitrary index set.

In mathematics, a square-free integer (or squarefree integer) is an integer which is divisible by no square number other than 1. That is, its prime factorization has exactly one factor for each prime that appears in it. For example, 10 = 2 ⋅ 5 is square-free, but 18 = 2 ⋅ 3 ⋅ 3 is not, because 18 is divisible by 9 = 3². The smallest positive square-free numbers are

In mathematics and physics, a vector space is a set whose elements, often called vectors, may be added together and multiplied ("scaled") by numbers called scalars. Scalars are often real numbers, but can be complex numbers or, more generally, elements of any field. The operations of vector addition and scalar multiplication must satisfy certain requirements, called vector axioms. Real vector space and complex vector space are kinds of vector spaces based on different kinds of scalars: real coordinate space or complex coordinate space.

A multiplication algorithm is an algorithm to multiply two numbers. Depending on the size of the numbers, different algorithms are more efficient than others. Efficient multiplication algorithms have existed since the advent of the decimal numeral system.

In mathematics, the distributive property of binary operations is a generalization of the distributive law, which asserts that the equality

In mathematics, an algebra over a field is a vector space equipped with a bilinear product. Thus, an algebra is an algebraic structure consisting of a set together with operations of multiplication and addition and scalar multiplication by elements of a field and satisfying the axioms implied by "vector space" and "bilinear".

In abstract algebra, a semiring is an algebraic structure. It is a generalization of a ring, dropping the requirement that each element must have an additive inverse. At the same time, it is a generalization of bounded distributive lattices.

In mathematics, especially in the field of algebra, a polynomial ring or polynomial algebra is a ring formed from the set of polynomials in one or more indeterminates with coefficients in another ring, often a field.

In mathematics, finite field arithmetic is arithmetic in a finite field contrary to arithmetic in a field with an infinite number of elements, like the field of rational numbers.

The Schönhage–Strassen algorithm is an asymptotically fast multiplication algorithm for large integers, published by Arnold Schönhage and Volker Strassen in 1971. It works by recursively applying fast Fourier transform (FFT) over the integers modulo 2ⁿ+1. The run-time bit complexity to multiply two $n$ -digit numbers using the algorithm is $in big O notation .$

In mathematics, differential algebra is, broadly speaking, the area of mathematics consisting in the study of differential equations and differential operators as algebraic objects in view of deriving properties of differential equations and operators without computing the solutions, similarly as polynomial algebras are used for the study of algebraic varieties, which are solution sets of systems of polynomial equations. Weyl algebras and Lie algebras may be considered as belonging to differential algebra.

In mathematics, more specifically field theory, the degree of a field extension is a rough measure of the "size" of the field extension. The concept plays an important role in many parts of mathematics, including algebra and number theory — indeed in any area where fields appear prominently.

In mathematics, more specifically algebra, abstract algebra or modern algebra is the study of algebraic structures. Algebraic structures include groups, rings, fields, modules, vector spaces, lattices, and algebras over a field. The term abstract algebra was coined in the early 20th century to distinguish it from older parts of algebra, and more specifically from elementary algebra, the use of variables to represent numbers in computation and reasoning. The abstract perspective on algebra has become so fundamental to advanced mathematics that it is simply called "algebra", while the term "abstract algebra" is seldom used except in pedagogy.

Carry-less Multiplication (CLMUL) is an extension to the x86 instruction set used by microprocessors from Intel and AMD which was proposed by Intel in March 2008 and made available in the Intel Westmere processors announced in early 2010. Mathematically, the instruction implements multiplication of polynomials over the finite field GF(2) where the bitstring $represents the polynomial . The CLMUL instruction also allows a more efficient implementation of the closely related multiplication of larger finite fields GF(2 k) than the traditional instruction set.$

References

↑ Shay Gueron (2011-04-13). "Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode - Rev 2". Intel.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Shay Gueron (2011-04-13). "Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode - Rev 2". Intel.

[1]