Galois field multiplication function gfp^mmult has 2m]log p[ inputs, (a0, a1,... am-1)=a=a0+a1x+...+am-1xm-1 and (b0, b1,... bm-1)=b=b0+b1x+...+bm-1xm-1, and m]log p[ outputs, (c0, c1,... cm-1)=c=ab=c0+c1x+...+cm-1xm-1, where each ai, bi, and ci is a mod p number. It computes the field product of two GF(pm) elements, a and b. Since to say GF(pm) does not suffice to specify a unique field (up to isomorphism, there is exactly one field GF(pm), however, depending on the primitive polynomial chosen product of two polynomials may look different), each benchmark specification lists the prime p, and the primitive polynomial used.
GF(pm) multiplier is required to launch a quantum polynomial time
attack on elliptic curve cryptography methods, equivalently, it is used in a
quantum polynomial time algorithm that computes discrete logarithm over an
elliptic curve group.