Efficient Hardware for the Tate Pairing Calculation in Characteristic Three

Kerins, Tim; Marnane, William P.; Popovici, Emanuel; Barreto, Paulo S. L. M.

doi:10.1007/11545262_30

Cited by 80 publications

(112 citation statements)

References 19 publications

(47 reference statements)

Supporting

Mentioning

108

Contrasting

Unclassified

Order By: Relevance

“…Several architectures for the computation of cryptographic pairings have been proposed in the literature [14,15,16,17,18,19,20,21,22,23,24,25,26]. All these implementations use supersingular curves over fields of characteristic 2 or 3, achieving only very low security levels, sometimes even below 80 bit.…”

Section: Related Workmentioning

confidence: 99%

Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves

Kammler

Zhang

Schwabe

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper presents a design-space exploration of an application-specific instruction-set processor (ASIP) for the computation of various cryptographic pairings over Barreto-Naehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields-in the case of BN curves a field Fp of large prime order p. Efficient arithmetic in these fields is crucial for fast computation of pairings. Moreover, computation of cryptographic pairings is much more complex than elliptic-curve cryptography (ECC) in general. Therefore, we facilitate programming of the proposed ASIP by providing a C compiler.In order to speed up Fp arithmetic, a RISC core is extended with additional scalable functional units. Because the resulting speedup can be limited by the memory throughput, utilization of multiple data-memory banks is proposed.The presented design needs 15.8 ms for the computation of the Optimal-Ate pairing over a 256-bit BN curve at 338 MHz implemented with a 130 nm standard cell library. The processor core consumes 97 kGates making it suitable for the use in embedded systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves

Kammler

Zhang

Schwabe

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Intra-pairing parallelism is clearly possible at the field arithmetic level as evidenced by related hardware based approaches [26]. In software however, the overhead of thread management is a limiting factor: if the threads are too finegrained then the cost of their management will dominate useful computation and eliminate the advantage of parallelism.…”

Section: Multi-core Processorsmentioning

confidence: 99%

“…Put more simply, in the first case the aim is to compute R = e(P, Q) for some P and Q from the appropriate groups; our focus is on parallelism within algorithms for the pairing and constituent arithmetic. Efficient implementation of pairings in hardware have used this feature to great effect; see [26] for an example design where extension field arithmetic is realised using several parallel computational units to reduce latency. In the second case, the aim is to compute all n pairings R i = e(P i , Q i ) for 0 ≤ i < n; our focus in on the fact that each R i can be computed independently.…”

Section: Introductionmentioning

confidence: 99%

On Software Parallel Implementation of Cryptographic Pairings

Grabher

Großschädl

Page

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. A significant amount of research has focused on methods to improve the efficiency of cryptographic pairings; in part this work is motivated by the wide range of applications for such primitives. Although numerous hardware accelerators for pairing evaluation have used parallelism within extension field arithmetic to improve efficiency, similar techniques have not been examined in software thus far. In this paper we focus on parallelism within one pairing evaluation (intra-pairing), and parallelism between different pairing evaluations (inter-pairing). We identify several methods for exploiting such parallelism (extending previous results in the context of ECC) and show that it is possible to accelerate pairing evaluation by a significant factor in comparison to a naive approach.

show abstract

“…Moreover, following [17], we construct F 3 6m as an extension of F 3 m using the basis (1, σ, ρ, σρ, ρ 2 , σρ 2 ), which is equivalent to considering the tower F 3 m ,…”

Section: Introductionmentioning

confidence: 99%

Arithmetic Operators for Pairing-Based Cryptography

Beuchat

Brisebarre

Detrey

et al. 2007

Cryptographic Hardware and Embedded Systems - CHES 2007

View full text Add to dashboard Cite

Abstract. Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we first study an accelerator for the ηT pairing over F3 [x]/(x 97 + x 12 + 2). Our architecture is based on a unified arithmetic operator which performs addition, multiplication, and cubing over F 3 97 . This design methodology allows us to design a compact coprocessor (1888 slices on a Virtex-II Pro 4 FPGA) which compares favorably with other solutions described in the open literature. We then describe ways to extend our approach to any characteristic and any extension field.

show abstract

Efficient Hardware for the Tate Pairing Calculation in Characteristic Three

Cited by 80 publications

References 19 publications

Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves

Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves

On Software Parallel Implementation of Cryptographic Pairings

Arithmetic Operators for Pairing-Based Cryptography

Contact Info

Product

Resources

About