Carry-less Multiplication (CLMUL) is an extension to the x86 instruction set used by

microprocessor A microprocessor is a computer processor where the data processing logic and control is included on a single integrated circuit, or a small number of integrated circuits. The microprocessor contains the arithmetic, logic, and control circ ...

s from

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 ser ...

and AMD which was proposed by Intel in March 2008 and made available in the Intel Westmere processors announced in early 2010. Mathematically, the instruction implements multiplication of polynomials over the

finite field In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...

GF(2) where the bitstring

a_0a_1\ldots a_

represents the polynomial

a_0 + a_1X + a_2X^2 + \cdots + a_X^

. The CLMUL instruction also allows a more efficient implementation of the closely related multiplication of larger finite fields GF(2^''k'') than the traditional instruction set. One use of these instructions is to improve the speed of applications doing block cipher encryption in Galois/Counter Mode, which depends on finite field GF(2^''k'') multiplication. Another application is the fast calculation of CRC values, including those used to implement the LZ77

sliding window A sliding window protocol is a feature of packet-based data transmission protocols. Sliding window protocols are used where reliable in-order delivery of packets is required, such as in the data link layer (OSI layer 2) as well as in the Trans ...

DEFLATE algorithm in zlib and

pngcrush pngcrush is a free and open-source command-line utility for optimizing PNG image files. It reduces the size of the file losslessly that is, the resulting "crushed" image will have the same quality as the source image. The main purpose of pngc ...

. ARMv8 also has a version of CLMUL. SPARC calls their version XMULX, for "XOR multiplication".

New instructions

The instruction computes the 128-bit carry-less product of two 64-bit values. The destination is a 128-bit XMM register. The source may be another XMM register or memory. An immediate operand specifies which halves of the 128-bit operands are multiplied. Mnemonics specifying specific values of the immediate operand are also defined: A EVEX vectorized version (VPCLMULQDQ) is seen in AVX-512.

CPUs with CLMUL instruction set

** Westmere processor (March 2010). ** Sandy Bridge processor ** Ivy Bridge processor ** Haswell processor ** Broadwell processor (with increased throughput and lower latency) ** Skylake (and later) processor ** Goldmont processor * AMD: ** Jaguar-based processors and newer ** Puma-based processors and newer ** "Heavy Equipment" processors *** Bulldozer-based processors *** Piledriver-based processors *** Steamroller-based processors *** Excavator-based processors and newer ** Zen processors ** Zen+ processors ** Zen2 (and later) processors The presence of the CLMUL instruction set can be checked by testing one of the CPU feature bits.

References

{{Multimedia extensions, state=uncollapsed X86 architecture X86 instructions

New instructions

CPUs with CLMUL instruction set

See also

References