Hydra: An Energy-Efficient Programmable Cryptographic Coprocessor Supporting Elliptic-Curve Pairings over Fields of Large Characteristics
- 636 Downloads
Bilinear pairings on elliptic curves have many applications in cryptography and cryptanalysis. Pairing computation is more complicated compared to that of other popular public-key cryptosystems. Efficient implementation of cryptographic pairing, both software- and hardware-based approaches, has thus received increasing interest. In this paper, we focus on hardware implementation and present the design of Hydra, an energy-efficient programmable cryptographic coprocessor that supports various pairings over fields of large characteristics. We also present several implementations of Hydra, among which the smallest only uses 116 K gates when synthesized in TSMC 90 nm standard cell library. Despite the extra programmability, our design is competitive compared even with specialized implementations in terms of time-area-cycle product, a common figure of merit that provides a good measure of energy efficiency. For example, it only takes 3.04 ms to compute an optimal ate pairing over Barreto-Naehrig curves when the chip operates at 200 MHz. This is certainly a very small time-area-cycle product among all hardware implementations of cryptographic pairing in the current literature.
KeywordsElliptic Curf Data Cache Bilinear Pairing Residue Number System Arithmetic Unit
Unable to display preview. Download preview PDF.
- 6.Cordes, D., Marwedel, P., Mallik, A.: Automatic parallelization of embedded software using hierarchical task graphs and integer linear programming. In: CODES+ISSS, Montreal, QC, Canada, pp. 267–276 (2010)Google Scholar
- 13.Kammler, D., Zhang, D., Schwabe, P., Scharwaechter, H., Langenberg, M., Auras, D., Ascheid, G., Mathar, R.: Designing an ASIP for cryptographic pairings over Barreto-Naehrig curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 254–271. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 17.Nikhil, R.: Bluespec System Verilog: efficient, correct RTL from high level specifications. In: MEMOCODE 2004, San Diego, CA, USA, pp. 69–70 (2004)Google Scholar
- 18.Schwabe, P.: Pairing computation on BN curves, http://cryptojedi.org/crypto/#bnpairings