Advertisement

A Coprocessor for the Final Exponentiation of the ηT Pairing in Characteristic Three

  • Jean-Luc Beuchat
  • Nicolas Brisebarre
  • Masaaki Shirase
  • Tsuyoshi Takagi
  • Eiji Okamoto
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4547)

Abstract

Since the introduction of pairings over (hyper)elliptic curves in constructive cryptographic applications, an ever increasing number of protocols based on pairings have appeared in the literature. Software implementations being rather slow, the study of hardware architectures became an active research area. Beuchat et al. proposed for instance a coprocessor which computes the characteristic three η T pairing, from which the Tate pairing can easily be derived, in 33 μs on a Cyclone II FPGA. However, a final exponentiation is required to ensure a unique output value and the authors proposed to supplement their η T pairing accelerator with a coprocessor for exponentiation. Thus, the challenge consists in designing the smallest possible piece of hardware able to perform this task in less than 33 μs on a Cyclone II device. In this paper, we propose a novel arithmetic operator implementing addition, cubing, and multiplication over \(\mathbb{F}_{3^{97}}\) and show that a coprocessor based on a single such operator meets this timing constraint.

Keywords

ηT pairing characteristic three final exponentiation hardware accelerator FPGA 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Altera.: Cyclone II Device Handbook (2006), Available from Altera’s web site (http://altera.com)
  2. 2.
    Barreto, P.S.L.M., Galbraith, S.D., Ó hÉigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Beuchat, J.-L., Miyoshi, T., Oyama, Y., Okamoto, E.: Multiplication over \(\mathbb{F}_{p^m}\) on FPGA: A survey. In: Diniz, P.C., Marques, E., Bertels, K., Fernandes, M.M., Cardoso, J.M.P. (eds.) Reconfigurable Computing: Architectures, Tools and Applications – Proceedings of ARC 2007. LNCS, vol. 4419, pp. 214–225. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Beuchat, J.-L., Shirase, M., Takagi, T., Okamoto, E.: An algorithm for the η T pairing calculation in characteristic three and its hardware implementation. In: Proceedings of the 18th IEEE Symposium on Computer Arithmetic (To appear 2007)Google Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53(6), 760–768 (2004)CrossRefGoogle Scholar
  10. 10.
    Duursma, I., Lee, H.S.: Tate pairing implementation for hyperelliptic curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62(206), 865–874 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Algorithmic Number Theory – ANTS V. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Grabher, P., Page, D.: Hardware acceleration of the Tate Pairing in characteristic three. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 398–411. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. LMS Journal of Computation and Mathematics 9, 64–85 (2006), Available from http://www.lms.ac.uk/jcm/9/lms2004-025/ zbMATHMathSciNetGoogle Scholar
  15. 15.
    Guajardo, J., Güneysu, T., Kumar, S., Paar, C., Pelzl, J.: Efficient hardware implementation of finite fields with applications to cryptography. Acta Applicandae Mathematicae 93(1–3), 75–118 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases. Information and Computation 78, 171–177 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Kerins, T., Marnane, W.P., Popovici, E.M., Barreto, P.S.L.M.: Efficient hardware for the Tate Pairing calculation in characteristic three. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 412–426. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Kerins, T., Popovici, E., Marnane, W.: Algorithms and architectures for use in FPGA implementations of identity based encryption schemes. In: Becker, J., Platzner, M., Vernalde, S. (eds.) FPL 2004. LNCS, vol. 3203, pp. 74–83. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Kwon, S.: Efficient Tate pairing computation for supersingular elliptic curves over binary fields. Cryptology ePrint Archive, Report 2004/303 (2004)Google Scholar
  20. 20.
    Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curves logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Miller, V.S.: Short programs for functions on curves. (1986) Unpublished manuscript available at http://crypto.stanford.edu/miller/miller.pdf
  22. 22.
    Ronan, R., Ó hÉigeartaigh, C., Murphy, C., Kerins, T., Barreto, P.S.L.M.: Hardware implementation of the η T pairing in characteristic 3. Cryptology ePrint Archive, Report 2006/371 (2006)Google Scholar
  23. 23.
    Ronan, R., Ó hÉigeartaigh, C., Murphy, C., Scott, M., Kerins, T., Marnane, W.P.: An embedded processor for a pairing-based cryptosystem. In: Proceedings of the Third International Conference on Information Technology: New Generations (ITNG’06), IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  24. 24.
    Shirase, M., Takagi, T., Okamoto, E.: Some efficient algorithms for the final exponentiation of η T pairing. In: 3rd Information Security Practice and Experience Conference – ISPEC 2007. LNCS, Springer, Heidelberg (2007)Google Scholar
  25. 25.
    Shu, C., Kwon, S., Gaj, K.: FPGA accelerated Tate pairing based cryptosystem over binary fields. In: Proceedings of 2006 IEEE International Conference on Field Programmable Technology (FPT 2006), pp. 173–180. IEEE Computer Society Press, Los Alamitos (2006)CrossRefGoogle Scholar
  26. 26.
    Song, L., Parhi, K.K.: Low energy digit-serial/parallel finite field multipliers. Journal of VLSI Signal Processing 19(2), 149–166 (1998)CrossRefGoogle Scholar
  27. 27.
    Vithanage, A.: Personal communicationGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Jean-Luc Beuchat
    • 1
  • Nicolas Brisebarre
    • 2
    • 3
  • Masaaki Shirase
    • 4
  • Tsuyoshi Takagi
    • 4
  • Eiji Okamoto
    • 1
  1. 1.Laboratory of Cryptography and Information Security, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Ibaraki, 305-8573Japan
  2. 2.LaMUSE, Université J. Monnet, 23, rue du Dr P. Michelon, F-42023 Saint-Étienne Cedex 02France
  3. 3.LIP/Arénaire (CNRS-ENS Lyon-INRIA-UCBL), ENS Lyon, 46 Allée d’Italie, F-69364 Lyon Cedex 07France
  4. 4.Future University-Hakodate, School of Systems Information Science, 116-2 Kamedanakano-cho, Hakodate, Hokkaido, 041-8655Japan

Personalised recommendations