Updated 无进位乘法和GHASH (markdown)

无进位乘法和GHASH.md

@@ -2,12 +2,23 @@
 参考Reference 1，Page 35 - 39
 * The PCLMULQDQ + AES-NI combination for AES-GCM
   * AES-NI facilitate high performance AES encryption and decryption
-  * PCLMULQDQ            ```64 x 64 -> 128 (carry-less)```
+  * PCLMULQDQ            $64 \times 64 \rightarrow 128$ (carry-less)
     * Binary polynomial multiplication; speed up computations in binary fields
   * Using it for AES-GCM:
   * To use it for GHASH computations: GF($2^{128}$) multiplication:
-    1.  Compute ```128 x 128 -> 256``` via carry-less multiplication (of 64-bit operands)
-    2.  Reduction: 256 -> 128 modulo $x^{128} + x^7 + x^2 + x + 1$ (done efficiently via software)
+    1.  Compute $128 \times 128 \rightarrow 256$ via carry-less multiplication (of 64-bit operands)
+    2.  Reduction: ${256 \rightarrow 128} \ modulo \ {x^{128} + x^7 + x^2 + x + 1}$ (done efficiently via software)
+* 128-bit Carry-less Multiplication using PCLMULQDQ  
+(Gueron Kounavis, 2009) Multiply $128 \times 128 \rightarrow 256 \ [A_1 : A_0]\cdot[B_1 : B_0]$
+  * Schoolbook (4 PCLMULQDQ invocations)  
+$A_0 \cdot B_0 = [C_1 : C_0], \ A_1 \cdot B_1 = [D_1 : D_0]$  
+$A_0 \cdot B_1 = [E_1 : E_0], \ A_1 \cdot B_0 = [F_1 : F_0]$  
+$[A_1 : A_0] \cdot [B_1 : B_0] = [D_1:D_0 \oplus E_1 \oplus F_1:C_1 \oplus E_0 \oplus F_0 : C_0]$
+  * Carry-less Karatsuba (3 PCLMULQDQ invocations)  
+$A_1 \cdot B_1 = [C_1 : C_0], \ A_0 \cdot B_0 = [D_1 : D_0]$  
+$(A_1 \oplus A_0) \cdot (B_1 \oplus B_0) = [E_1 : E_0]$  
+$[A_1 : A_0] \cdot [B_1 : B_0] = [C_1:C_0 \oplus C_1 \oplus D_1 \oplus E_1 : D_1 \oplus C_0 \oplus D_0 \oplus E_0 : D_0]$
+
 
 # 参考
 * [Cryptographic Hardware and Software and useful architectures](https://www.esat.kuleuven.be/cosic/events/ecrypt-net-school-2018/wp-content/uploads/sites/23/2018/10/kos-school-gueron-2.pdf)