Hydra: An Energy-Efficient Programmable Cryptographic Coprocessor Supporting Elliptic-Curve Pairings over Fields of Large Characteristics

  • Yun-An Chang
  • Wei-Chih Hong
  • Ming-Chun Hsiao
  • Bo-Yin Yang
  • An-Yeu Wu
  • Chen-Mou Cheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8639)


Bilinear pairings on elliptic curves have many applications in cryptography and cryptanalysis. Pairing computation is more complicated compared to that of other popular public-key cryptosystems. Efficient implementation of cryptographic pairing, both software- and hardware-based approaches, has thus received increasing interest. In this paper, we focus on hardware implementation and present the design of Hydra, an energy-efficient programmable cryptographic coprocessor that supports various pairings over fields of large characteristics. We also present several implementations of Hydra, among which the smallest only uses 116 K gates when synthesized in TSMC 90 nm standard cell library. Despite the extra programmability, our design is competitive compared even with specialized implementations in terms of time-area-cycle product, a common figure of merit that provides a good measure of energy efficiency. For example, it only takes 3.04 ms to compute an optimal ate pairing over Barreto-Naehrig curves when the chip operates at 200 MHz. This is certainly a very small time-area-cycle product among all hardware implementations of cryptographic pairing in the current literature.


Elliptic Curf Data Cache Bilinear Pairing Residue Number System Arithmetic Unit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Cheung, R.C.C., Duquesne, S., Fan, J., Guillermin, N., Verbauwhede, I., Yao, G.X.: FPGA implementation of pairings using residue number system and lazy reduction. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 421–441. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Cordes, D., Marwedel, P., Mallik, A.: Automatic parallelization of embedded software using hierarchical task graphs and integer linear programming. In: CODES+ISSS, Montreal, QC, Canada, pp. 267–276 (2010)Google Scholar
  7. 7.
    Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    J. Fan, F. Vercauteren, and I. Verbauwhede. Faster \(\mathbb{F}\_p\)-arithmetic for cryptographic pairings on Barreto-Naehrig curves. In CHES 2009, pages 240–253. Lausanne, Switzerland, 2009.CrossRefGoogle Scholar
  9. 9.
    Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation 62, 865–874 (1994)zbMATHMathSciNetGoogle Scholar
  10. 10.
    Ghosh, S., Mukhopadhyay, D., Roychowdhury, D.: High speed flexible pairing cryptoprocessor on FPGA platform. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 450–466. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Ghosh, S., Roychowdhury, D., Das, A.: High speed cryptoprocessor for η T pairing on 128-bit secure supersingular elliptic curves over characteristic two fields. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 442–458. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS-IV. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Kammler, D., Zhang, D., Schwabe, P., Scharwaechter, H., Langenberg, M., Auras, D., Ascheid, G., Mathar, R.: Designing an ASIP for cryptographic pairings over Barreto-Naehrig curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 254–271. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Miller, V.S.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17(4), 235–261 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44, 519–521 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Nikhil, R.: Bluespec System Verilog: efficient, correct RTL from high level specifications. In: MEMOCODE 2004, San Diego, CA, USA, pp. 69–70 (2004)Google Scholar
  18. 18.
    Schwabe, P.: Pairing computation on BN curves,
  19. 19.
    Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yun-An Chang
    • 1
  • Wei-Chih Hong
    • 2
  • Ming-Chun Hsiao
    • 1
  • Bo-Yin Yang
    • 2
  • An-Yeu Wu
    • 1
  • Chen-Mou Cheng
    • 1
  1. 1.National Taiwan UniversityTaipeiTaiwan
  2. 2.Academia SinicaTaipeiTaiwan

Personalised recommendations