Efficient and Low-Cost Modular Polynomial Multiplier for WSN Security

Abstract

Wireless Sensor Network (WSN) technology has constrained computing resources that require efficient and low-cost cryptographic hardware to provide security services, particularly when dealing with large modular polynomial multiplication in cryptography. In this paper, a cost-efficient reconfigurable Karatsuba modular polynomial multiplier is proposed for general modulus polynomials. The modulus polynomial can be changed easily depending on the application. The proposed modular polynomial multiplier is synthesized and simulated by the AMD Vivado Design Tool. The design’s performance on ADP (Area Delay Product) has been improved compared to previous designs. It can be applied in ECC encryption to speed up the security services in WSN.

1. Introduction

The growing dependence on WSNs has resulted in growing demand for effective cryptographic solutions. WSN devices are often resource-constrained, making it essential to implement security measures that balance computational efficiency with robust data protection. Large integer and polynomial multiplications serve as the foundational arithmetic operations in many cryptography algorithms; however, they can lead to significant computational complexity issues. Key-establishing and digital signature techniques are necessary to ensure secure connections on these devices and protect data exchange between channels. They can be divided into two categories: symmetric and asymmetric keys [1]. Within asymmetric keys, there are commonly used public-key algorithms such as Diffie-Hellman [2], RSA [3], ElGamal [4], and Elliptic Curve Cryptography (ECC) [5]. The security of Diffie-Hellman algorithms depends on the Discrete Logarithm Problem (DLP) in finite fields. ECC provides comparable or even higher security with significantly shorter key lengths, making it more efficient in computational performance. ECC stands out as the most suitable for resource-constrained applications due to its ability to provide strong security with shorter key sizes [6]. The core arithmetic operations in ECC rely on finite-field $\mathrm{GF}\left(2^n\right)$ computations [7]. The computation of elliptic curve points is fundamentally dependent on finite-field arithmetic operations, with finite-field multiplication being the most crucial task in its hardware implementation. The size and latency of the multiplier significantly impact area utilization, route delay, and throughput of the overall system, making it an essential component in improving ECC hardware designs. The basis representing the elements of a finite field affects the performance of arithmetic operations. Different types of basis, such as the polynomial basis, normal basis, and dual basis, can be employed to execute multiplication in $\mathrm{GF}\left(2^n\right)$. Moreover, the polynomial basis representation yields more efficient, consistent, and scalable multiplier designs [8]. One of the simplest algorithms for polynomial multiplication is known as the Schoolbook, or Conventional Algorithm (CA). Other algorithms like Karatsuba [9] and Fast Fourier Transform (FFT) [10] are also proposed.

The existing modular polynomial multipliers took up more hardware and processing resources, which were not suitable for computing restricted WSN applications. In addition, the modulus polynomial in the previous designs was fixed. This hardware must be redesigned if the modulus polynomial is changed. In this paper, a low-cost and efficient reconfigurable Karatsuba modular polynomial multiplier is proposed for security services in different applications. The contributions of the paper are as follows:

• Cost-Efficient and Symmetric Design: The proposed modular polynomial multiplier has been designed with symmetric PEs and submodules for efficient implementation. It includes $3n$ registers, $4n$ XOR gates, $3n$ AND gates, and $1.5n$ 2-to-1 multiplexers for the modular polynomial multiplication in $\mathrm{GF}\left(2^n\right)$.
• Serial Input and Parallel Output: One of the multiplicands is serially input to minimize I/O pin usage. After ${\displaystyle \frac{n}{2}}$ clock cycles, the modular product is output in parallel.
• Karatsuba Reconfigurable Polynomial Multiplier for General Modulus Polynomials: The proposed architecture is reconfigurable with respect to the modulus polynomial, which is supplied as an input parameter. It supports dynamic updates of the modulus polynomial without hardware modification and is further optimized using a Karatsuba approach.

2. Background

A finite field, or Galois field (GF), is a set of finite number of elements. The finite field is widely used in cryptography because addition and subtraction in GF(2) are the same XOR operation, which is efficient for implementation. The elements in $\mathrm{GF}\left(2^n\right)$ can be represented by a polynomial with degree less than n.

2.1. Schoolbook Polynomial Multiplication

The schoolbook (or conventional) polynomial multiplication is the most straightforward method used for multiplying two polynomials. In this approach, each coefficient of one polynomial is multiplied by every coefficient of the other polynomial, and the partial products are summed accordingly. Given two polynomials of degree $n-1$ over the finite field $R_q$:

$$A\left(x\right)=a_0+a_{1}x+a_2{x}^2+\cdots +a_{n-1}{x}^{n-1},$$

(1)

$$B\left(x\right)=b_0+b_{1}x+b_2{x}^2+\cdots +b_{n-1}{x}^{n-1},$$

(2)

the product polynomial $P\left(x\right)$ is computed using (1) and (2) as:

$$P\left(x\right)=A\left(x\right)·B\left(x\right)=\sum _{i=0}^{n-1}\sum _{j=0}^{n-1}{a}_i{b}_j{x}^{i+j}.$$

(3)

2.2. Karatsuba Polynomial Multiplication

To enhance efficiency and lower the complexity of schoolbook polynomial multiplication, divide-and-conquer techniques have gained significant attention, particularly for their ability to increase parallelism. Let $A\left(x\right)={\sum }_{i=0}^{n-1}{a}_i{x}^i$ and $B\left(x\right)={\sum }_{i=0}^{n-1}{b}_i{x}^i$ be two polynomials and $P\left(x\right)=A\left(x\right)B\left(x\right)mod(x^n+1)={\sum }_{i=0}^{n-1}{p}_i{x}^i$. By Karatsuba’s divide-and-conquer algorithm [9], $A\left(x\right)$ and $B\left(x\right)$ can be represented by higher and lower degree polynomials:

$$\begin{array}{cc}\hfill A\left(x\right)& =A_1\left(x\right)+A_2\left(x\right)x^{n/2}\hfill \end{array}$$

(4)

$$\begin{array}{cc}\hfill B\left(x\right)& =B_1\left(x\right)+B_2\left(x\right)x^{n/2}\hfill \end{array}$$

(5)

where

$$\begin{array}{cccc}\hfill A_1\left(x\right)& =\sum _{i=0}^{{\displaystyle \frac{n}{2}}-1}{a}_i{x}^i,\hfill & \hfill A_2\left(x\right)& =\sum _{i=0}^{{\displaystyle \frac{n}{2}}-1}{a}_{(i+n/2)}{x}^i\hfill \end{array}$$

(6)

$$\begin{array}{cccc}\hfill B_1\left(x\right)& =\sum _{i=0}^{{\displaystyle \frac{n}{2}}-1}{b}_i{x}^i,\hfill & \hfill B_2\left(x\right)& =\sum _{i=0}^{{\displaystyle \frac{n}{2}}-1}{b}_{(i+n/2)}{x}^i\hfill \end{array}$$

(7)

Then,

$$\begin{array}{cc}\hfill P\left(x\right)& =(A_1\left(x\right)+A_2\left(x\right)x^{n/2})(B_1\left(x\right)+B_2\left(x\right)x^{n/2})mod(x^n+1)\hfill \end{array}$$

(8)

$$\begin{array}{cc}\hfill & =(A_1\left(x\right)B_1\left(x\right)+(A_1\left(x\right)B_2\left(x\right)+A_2\left(x\right)B_1\left(x\right))x^{n/2}+A_2\left(x\right)B_2\left(x\right)x^n)mod(x^n+1)\hfill \end{array}$$

(9)

There are four polynomial multiplications in Equation (9). To save one polynomial multiplication, we calculate:

$$\begin{array}{cc}\hfill A_1\left(x\right)B_2\left(x\right)+A_2\left(x\right)B_1\left(x\right)& =(A_1\left(x\right)+A_2\left(x\right))(B_1\left(x\right)+B_2\left(x\right))-A_1\left(x\right)B_1\left(x\right)-A_2\left(x\right)B_2\left(x\right)\hfill \end{array}$$

(10)

Let

$$\begin{array}{cc}\hfill P_1& =A_1\left(x\right)B_1\left(x\right)\hfill \end{array}$$

(11)

$$\begin{array}{cc}\hfill P_2& =A_2\left(x\right)B_2\left(x\right)\hfill \end{array}$$

(12)

$$\begin{array}{cc}\hfill P_3& =(A_1\left(x\right)+A_2\left(x\right))(B_1\left(x\right)+B_2\left(x\right))\hfill \end{array}$$

(13)

Then,

$$P\left(x\right)=(P_1+(P_3-P_1-P_2)x^{n/2}+P_2{x}^n)mod(x^n+1)$$

(14)

The Karatsuba method reduces the total number of coefficient multiplications greatly by employing the divide-and-conquer strategy.

Heidarpur et al. proposed a fast finite-field multiplier and implemented it in FPGA devices. Compared to the CA and Karatsuba, the entire Area-Delay Product (ADP) was nearly 25% and 30% more efficient [11]. Thirumoorthi et al. presented a binary polynomial multiplier with M-term overlap-free Karatsuba multiplication to reduce the delay and ADP [12]. Meher designed a piped systolic multiplier at the digit level based on trinomial field polynomials [13]. Zeghid et al. proposed a digit-serial multiplier $\mathrm{GF}\left(2^n\right)$ based on Bivariate Polynomial Basis representation and a modified Radix-n Interleaved Multiplication method [14]. Kumari et al. presented a hybrid Karatsuba multiplier with the conventional polynomial multiplier and further reduced Karatsuba decompositions [15]. Das and Jaiodia designed a hybrid recursive Karatsuba multiplier with an optimized Schoolbook multiplier at the lowest levels [16].

Previous multipliers required hardware modification to change the parameter of the modulus polynomial in cryptography, which was troublesome. Our design allows for changing the parameter of the modulus polynomial without hardware modification.

If there is an irreducible trinomial $x^m+x^k+1$ for Elliptic Curve Cryptography, it is advised that k be as minimal as feasible, that is, the lowest degree for the middle term $x^k$. NIST has recommended the trinomials $x^{233}+x^{73}+1$ and $x^{409}+x^{87}+1$ for finite fields $\mathrm{GF}\left(2^{233}\right)$ and $\mathrm{GF}\left(2^{409}\right)$, respectively, where the value of k is less than half the value of m [17]. An irreducible trinomial cannot be found for certain values of m. An irreducible polynomial, or polynomial with five terms, can be the next-best option in certain situations and still allow reasonably efficient computing to perform modular reduction operations.

Table 1. Symbol table for polynomial multiplication in $\mathrm{GF}\left(2^n\right)$.

Symbol	Description
$A\left(x\right),B\left(x\right)$	Input polynomials to be multiplied
$f\left(x\right)$	Modulus polynomial (e.g., $x^n+1$)
$P\left(x\right)$	Output modular product: $A\left(x\right)·B\left(x\right)modf\left(x\right)$
$a_i,b_i$	Coefficients of $A\left(x\right)$ and $B\left(x\right)$, elements of $\mathrm{GF}\left(2\right)$
n	Degree or bit-width of the polynomials
⊕	XOR operation (addition/subtraction in $\mathrm{GF}\left(2\right)$)
∧	AND operation (multiplication in $\mathrm{GF}\left(2\right)$)

summarizes the essential mathematical symbols utilized in this paper for clarity.

3. Proposed Reconfigurable Karatsuba Modular Polynomial Multiplier

We have proposed a cost-efficient reconfigurable general modular polynomial multiplier in which the modulus polynomial is one of the input parameters, and it can be easily changed without hardware modification [18].

Figure 1 illustrates the reconfigurable polynomial multiplier for $n=4$, which is used as a base module to implement the reconfigurable Karatsuba multiplier. The partial product is stored in the registers $p\left[0\right]$ to $p\left[3\right]$, with the coefficients of $b\left(x\right)$ serially inputting from the least significant bit $p\left[0\right]$. The coefficients of $b\left(x\right)$ and $f\left(x\right)$ are parallel input. The multiplexers select one of the two inputs as the output depending on a clock counter. In the first clock, the coefficients of $a\left(x\right)$ will be loaded into the shift registers SR. In subsequent clock cycles, the output of $AND$ gate will be selected and loaded into the shift register SR. That is, in the first clock, $\mathrm{SR}=a\left(x\right)$. After that, $\mathrm{SR}\leftarrow a\left(x\right)·xmodf\left(x\right)$ in the next clock. PE calculates $p\left[i\right]=p\left[i\right]+a\left[i\right]·x^i·b\left(x\right)modf\left(x\right)$ at each clock cycle. The final product will be derived in n clock cycles. Algorithm 1 describes the detailed operations for the reconfigurable modular polynomial multiplier.

The further Karatsuba optimization effectively reduces latency by decomposing the n-bit modular multiplication into concurrent ${\displaystyle \frac{n}{2}}$-bit operations. This strategy enables parallel processing and significantly reduces delay. In a n-bit multiplier, three ${\displaystyle \frac{n}{2}}$-bit multiplications are performed in parallel, reducing the critical path latency from n clock cycles to ${\displaystyle \frac{n}{2}}$ clock cycles. This structure enables low-latency computation and is suitable for scalable hardware implementations.

The entire design promotes modularity and hardware efficiency for polynomial arithmetic operations in cryptographic systems, especially where the area and power are restricted.

Algorithm 1 GF-based Reconfigurable Modular Polynomial Multiplier

Input:    Polynomial $A\left(x\right)$: Coefficients $a[0:n-1]$    Polynomial $B\left(x\right)$: Coefficients $b[0:n-1]$    Modulus $f\left(x\right)$: Coefficients $f[0:n-1]$

Output:    $P\left(x\right)=A\left(x\right)B\left(x\right)modf\left(x\right)$

Load $a[0:n-1]$ into shift registers $SR[0:n-1]$

for ($i=0$; $i\le n-1$; $i++$) {

$p\left[i\right]\leftarrow b\left[0\right]\wedge a\left[i\right]$

}

for ($j=1$; $j\le n-1$; $j++$) {

$SR\left[0\right]\leftarrow SR[n-1]\wedge f\left[0\right]$

for ($i=1$; $i\le n-1$; $i++$) {

$SR\left[i\right]\leftarrow SR[i-1]\oplus \left(SR\right[n-1]\wedge f[i\left]\right)$

}

Right Shift $SR[0:n-1]$

for ($i=0$; $i\le n-1$; $i++$) {

$p\left[i\right]\leftarrow p\left[i\right]\oplus \left(b\right[j]\wedge SR[i\left]\right)$

}

}

In this design, the polynomial $A\left(x\right)$ is partitioned into two subsets: odd-indexed coefficients and even-indexed coefficients represented as $A_{even}\left(x\right)$ and $A_{odd}\left(x\right)$. These subsets undergo independent multiplication with corresponding subsets of polynomials $B\left(x\right)$, denoted similarly as $B_{even}\left(x\right)$ and $B_{odd}\left(x\right)$. The product is computed by decomposing it into three sub-multiplications. Figure 2 illustrates the proposed Karatsuba polynomial multiplier for n = 8 with $f\left(x\right)=x^8+1$. It accepts an 8-bit input polynomial $A\left(x\right)$, and 1-bit serial inputs corresponding to bits from another polynomial $B\left(x\right)$. The input polynomial $A\left(x\right)$ is first partitioned into two subsets: evenA, comprising the even-indexed coefficients $\left\{A\right[6],A[4],A[2],A[0\left]\right\}$, and oddA, comprising the odd-indexed coefficients $\left\{A\right[7],A[5],A[3],A[1\left]\right\}$. An intermediate sum, Asum, is calculated as the bitwise XOR of evenA and oddA. These components serve as the basis for three sub-multiplications in the Karatsuba scheme: $evenA\times evenB$, $oddA\times oddB$, and $Asum\times Bsum$. The coefficients of $B\left(x\right)$ are serially passed into the system. Three 4-bit modular multiplier modules are instantiated to compute the partial products, where $f\left(x\right)=x^4+1$ is the irreducible polynomial used for modular reduction. We should first verify that the modular polynomial is legitimate to prevent incorrect input of modular polynomials.

Figure 3 demonstrates how to break down the 8-bit polynomial multiplication into three 4-bit polynomial multiplications.

4. Performance Comparison

All hardware designs and experiments in the journal paper were conducted using the AMD Xilinx Vivado Design Suite, version 2022.2, installed on Windows 10 (64-bit). The Vivado toolchain was used for both the simulation and synthesis of the VHDL/Verilog designs. Simulation and functional verification were performed using Vivado’s built-in simulator. The FPGA platforms utilized for prototyping and validation included the Digilent Nexys A7 (Artix-7 XC7A100T-1CSG324C), Digilent Arty S7 (Spartan-7 XC7S50-1CSGA324C), and ZedBoard (Zynq-7000 XC7Z020-1CLG484C). Resource utilization metrics such as Look-Up Tables (LUTs), Flip-Flops (FFs), and Critical Path Delay were collected from the synthesis reports generated by Vivado Design Suite.

This paper employs realistic standardized delay values of logic gates from common integrated circuits (ICs) produced by STMicroelectronics N.V., Geneva, Switzerland (e.g., M74HC08, M74HC86), to measure real-world performance accurately. This gives realistic delay estimates for hardware implementations that are feasible. By employing a uniform baseline for every kind of logic gate (AND, XOR, OR, etc.), it guarantees a balanced comparison. The theoretical delay in the critical path at the gate level of the design was calculated using discrete component delays for the 2-input AND gates ($T_{AND}=6$ ns), the XOR gates ($T_{XOR}=12$ ns), and the 2:1 MUXes ($T_{MUX}=11$ ns). The steps of our proposed design are split into two parts: (1) the reduction stage (modular reduction logic), which involves an AND gate, an XOR gate, and a MUX, resulting in a total delay of $T_{AND}+T_{XOR}+T_{MUX}=6+12+11=29$ ns; and (2) the PE stage (product accumulation logic), comprising an AND gate followed by an XOR gate, resulting in $T_{AND}+T_{XOR}=6+12=18$ ns. The reduction stage dominates the critical path due to the additional MUX delay. To estimate the quantity of CMOS transistors utilized, conventional counts have been employed: six transistors for an AND gate, six for an XOR gate, six for an OR gate, six for a 2:1 multiplexer, eight for a latch, and four for a NAND gate. The metrics are studied and compared with similar designs in

Table 2. Comparison of hardware cost (gates, FF, Mux), latency, and delays.

Designs	#AND	#XOR	#FF	#Mux	Latency	Delay
[19]	$2n-1$	$2n+N_{\alpha }^2-1$	$3n-2$	0	n	$max\{T_{\alpha }^2+T_X,T_A+2T_X\}$
[20]	$n^2$	$n^2-1$	$1.5n^2+n$	0	${\displaystyle \frac{n}{2}}+2$	$T_A+T_X$
[21]	${\displaystyle \frac{n^2+n}{2}}$	${\displaystyle \frac{n^2+n}{2}}$	$5n-1$	$4n$	$2k_t+1$	$T_A+\lfloor {log}_{2}n\rfloor T_X+2T_{MUX}$
[22]	$3n$	$2n$	$4n+2$	$2n$	$0.664n$	$2T_X+T_{MUX}$
Prop.	$3n$	$4n$	$3n$	$1.5n$	${\displaystyle \frac{n}{2}}$	$T_A+T_X+T_{MUX}$

k: digit size; $k_t$: cycles for right-shifts/additions; latency: clock cycles; and $N_{\alpha }^2$: XOR count for ${\alpha }^2$ module.

.

This section examines the performance of the proposed multiplier and compares it with other studies in this field. Theoretical metrics such as area (number of gates, FF, and Mux), delay, and ADP (Area × Delay) are used to assess algorithm efficiency. FPGA synthesis is carried out on various bit sizes from 4-bit to 233-bit multipliers and was created using irreducible trinomials to verify this methodology. The work in [19] introduced a most-significant-bit (MSB)-first fully bit level serial-in parallel-out polynomial basis (PB) multiplier based on a definition of the field elements. Pillutla et al. designed a systolic polynomial basis finite field multiplier based on a class of trinomials [20]. A parallel-in and parallel-out sequential polynomial basis multiplier was proposed in [21]. Our proposed architecture accepts any modulus polynomial $f\left(x\right)$ as input. This eliminates hardware redesign costs for different standards, making it ideal for WSN devices that require cryptographic agility and adaptability. Design [19] employs $2n-1$ AND gates and a significantly higher number of XOR gates, expressed as $2n+N_{\alpha }^2-1$, along with $3n-2$ flip-flops. It uses no multiplexers, indicating a purely combinational implementation. However, the delay, given as $max\{T_{\alpha }^2+T_X,T_A+2T_X\}$, may become substantial depending on the complexity of the ${\alpha }^2$ module. In contrast, the proposed design offers better balance, with lower FF and XOR counts and a predictable delay of $T_A+T_X+T_{\mathrm{MUX}}$. Pillutla et al. utilized $n^2$ AND gates and $n^2-1$ XOR gates, with a high storage requirement of $1.5n^2+n$ flip-flops [20]. Although it has no MUX overhead and maintains a moderate latency of ${\displaystyle \frac{n}{2}}+2$, its quadratic hardware complexity limits scalability. The proposed design improves upon this by reducing all components to linear growth with respect to n, making it more hardware-efficient. Similarly, ref. [21] features a hardware cost of ${\displaystyle \frac{n^2+n}{2}}$ for both AND and XOR gates and uses $5n-1$ flip-flops and $4n$ multiplexers. Its latency, $2k_t+1$, is the highest among all designs due to shift and addition cycles, and the delay is relatively complex: $T_A+\lfloor {log}_{2}n\rfloor T_X+2T_{\mathrm{MUX}}$. While it introduces logarithmic efficiency in delay, its significant resource demands and high latency make it less suitable for efficient implementations compared to the proposed design.

The work in [22] is relatively efficient, with $3n$ AND and $2n$ XOR gates, and uses $4n+2$ flip-flops and $2n$ multiplexers. It achieves a low latency of $0.664n$ and a straightforward delay of $2T_X+T_{\mathrm{MUX}}$. The proposed design is comparable in terms of gate usage and delay but uses fewer flip-flops and multiplexers, improving area efficiency. In conclusion, the proposed design achieves a well-balanced trade-off between hardware complexity and performance. With $3n$ AND gates, $5n$ XOR gates, $3n+{\displaystyle \frac{n}{2}}$ flip-flops, and $1.5n$ multiplexers, it delivers reduced latency (${\displaystyle \frac{n}{2}}$) and consistent delay ($T_A+T_X+T_{\mathrm{MUX}}$). Compared to existing designs [19,20,21,22] in

Table 3. Analyzing the transistor count and delay of the proposed multiplier and comparing it with related studies for NIST $\mathrm{GF}\left(2^{233}\right)$, where in table, ADP (in ${10}^6$) stands for Total Area Delay Product, where Delay Product = $Delay\times Latency$ and Area = #Transistors Count.

Designs	#AND	#XOR	#FF	#Mux	Latency	Delay	#Trans.	ADP	% Reduction
[19]	465	467	697	0	233	30	11,168	78	24.04
[20]	54,289	54,288	81,666	0	119	18	1,304,794	2794	97.87
[21]	27,261	27,261	1164	932	149	124	342,036	6319	99.06
[22]	699	466	934	466	155	35	17,258	93	36.66
Prop.	699	932	699	350	117	29	17,475	59	—

, it demonstrates substantial improvements in key metrics such as area, delay, and latency. In particular, the proposed design reduces total ADP count by 24.04% compared to [19], 97.87% compared to [20], 99.06% compared to [21], and 36.66% compared to [22].

The proposed Karatsuba 8-bit modular polynomial multiplier was synthesized on the AMD/Xilinx Spartan-7 SP701 Evaluation Platform (AMD/Xilinx, San Diego, CA, USA). Figure 4 illustrates the module-level visualization of the design. The use of the Spartan-7 platform validates the practicality and scalability of the proposed design for real-world cryptographic applications.

5. Discussion

The results demonstrate that the proposed multiplier achieves an effective balance between hardware efficiency and performance. Compared to previous work, it significantly reduces area and latency while maintaining competitive delay. Its linear scalability with operand size makes it suitable for large-field arithmetics, such as $\mathrm{GF}\left(2^{233}\right)$. The architecture also supports arbitrary modulus polynomials, enabling cryptographic agility without hardware redesign, which is ideal for resource-constrained environments like WSNs.

Table 4. Comparison of Different multipliers by FPGA implementation.

Algorithm	GF($2^{\mathit{n}}$)	LUTs	Slices	Total Delay	ADP	% Reduction	FPGA Device Board
[23]		62	36	13.95	1367	74.16
[11]	8	46	24	11.01	770	54.12	Spartan-7
Prop.		27	45	4.906	353.232	–
[24]		1018	972	13.00	25,870	91.52	Virtex-4
[11]	24	360	184	12.51	6805	67.78	Virtex-4
[12]		522	N/A	10.15	5298	58.63	Virtex-4
Prop.		79	130	10.488	2191.992	–	Zynq UltraScale+
[25]		5501	2354	20.56	161,498	74.71
[11]	113	3792	1084	10.52	51,295	20.40	Artix-7
Prop.		355	585	43.434	40,827.96	–

illustrates the simulation performance with different FPGA boards by AMD Vivado Design Tool and compares it with other work. It can be seen that our proposed polynomial multiplier reduces ADP and logic usage greatly. As shown in Table 4, the proposed design demonstrates clear advantages in terms of the Area-Delay Product (ADP) compared to previous multipliers. For the 8-bit implementation, the ADP is reduced to 353.232, compared to 770 in [11] and 1367 in [23]. In the 24-bit case, the ADP is 2191.992, which is lower than the 6805 in [11] and 25,870 in [24]. For larger operand sizes such as 113-bit, the ADP is 40,827.96, offering an improvement over the 51,295 in [11] and the 161,498 in [25]. The proposed design achieves significant ADP reduction compared to previous work.

The proposed reconfigurable modular polynomial multiplier can be easily integrated into the ECC crypto chip and improve security performance in WSN.

6. Conclusions

A cost-efficient reconfigurable Karatsuba modular polynomial multiplier is proposed for WSN security services in which the modulus polynomial can be changed easily depending on the user’s specific applications and requirements. The features of modularity and reconfigurability are highly suitable for applications that require adaptability and optimized performance. The proposed modular polynomial multiplier has been synthesized and simulated by AMD Vivado Design Suite.

The proposed design demonstrates advantages in terms of the Area-Delay Product (ADP) compared to previous modular polynomial multipliers. In terms of area, the proposed design uses fewer logic resources than most compared works, maintaining a compact structure suitable for WSN applications. The delay is also competitive, remaining lower than or close to the best reported values in the literature, further supporting its suitability for resource-constrained cryptographic applications. Thus, it can be applied in ECC encryption to speed up security services in resource-constrained environments such as embedded systems and WSN devices, and IoT.

In the future, we will try to reduce the three sub-multiplier modules in the proposed Karatsuba multiplier to only one sub-multiplier with serial processing and resource sharing in order to save the area cost.