Faster Pairing Coprocessor Architecture

  • Gavin Xiaoxu Yao
  • Junfeng Fan
  • Ray C. C. Cheung
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7708)


In this paper, we present a high-speed pairing coprocessor using Residue Number System (RNS) which is intrinsically suitable for parallel computation. This work improves the design of Cheung et al. [11] using a carefully selected RNS base and an optimized pipeline design of the modular multiplier. As a result, the cycle count for a modular reduction has been halved. When combining with the lazy reduction, Karatsuba-like formulas and optimal pipeline scheduling, a 128-bit optimal ate pairing computation can be completed in less than 100,000 cycles. We prototype the design on a Xilinx Virtex-6 FPGA using 5237 slices and 64 DSPs; a 128-bit pairing is computed in 0.358 ms running at 230MHz. To the best of our knowledge, this implementation outperforms all reported hardware and software designs.


Optimal pairing Residue Number System (RNS) Field Programmable Gate Array (FPGA) 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aranha, D., Beuchat, J.L., Detrey, J., Estibals, N.: Optimal eta pairing on supersingular genus-2 binary hyperelliptic curves. Cryptology ePrint Archive, Report 2010/559 (2010),
  2. 2.
    Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster Explicit Formulas for Computing Pairings over Ordinary Curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Aranha, D.F., López, J., Hankerson, D.: High-Speed Parallel Software Implementation of the η T Pairing. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 89–105. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Bajard, J.C., Kaihara, M., Plantard, T.: Selected RNS bases for modular multiplication. In: ARITH 2009: Proceedings of the 2009 19th IEEE Symposium on Computer Arithmetic, pp. 25–32. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-Speed Software Implementation of the Optimal Ate Pairing over Barreto–Naehrig Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 21–39. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Beuchat, J.-L., López-Trejo, E., Martínez-Ramos, L., Mitsunari, S., Rodríguez-Henríquez, F.: Multi-core Implementation of the Tate Pairing over Supersingular Elliptic Curves. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 413–432. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Cha, J.C., Cheon, J.H.: An Identity-Based Signature from Gap Diffie-Hellman Groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Cheung, R.C.C., Duquesne, S., Fan, J., Guillermin, N., Verbauwhede, I., Yao, G.X.: FPGA Implementation of Pairings Using Residue Number System and Lazy Reduction. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 421–441. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Dutta, R., Barua, R., Sarkar, P.: Pairing-based cryptographic protocols: A survey. Cryptology ePrint Archive, Report 2004/064 (2004)Google Scholar
  13. 13.
    Estibals, N.: Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 397–416. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Fan, J., Vercauteren, F., Verbauwhede, I.: Efficient hardware implementation of \(\mathbb{F}_p\)-arithmetic for pairing-friendly curves. IEEE Transactions on Computers 61(5), 676–685 (2012)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology 23, 224–280 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Ghosh, S., Mukhopadhyay, D., Roychowdhury, D.: High Speed Flexible Pairing Cryptoprocessor on FPGA Platform. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 450–466. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Ghosh, S., Roychowdhury, D., Das, A.: High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 442–458. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Grabher, P., Großschädl, J., Page, D.: On Software Parallel Implementation of Cryptographic Pairings. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 35–50. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Groth, J., Sahai, A.: Efficient Non-interactive Proof Systems for Bilinear Groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Hankerson, D., Menezes, A., Scott, M.: Software Implementation of Pairings. Cryptology and Information Security Series, vol. 2, pp. 188–206. IOS Press (2009)Google Scholar
  21. 21.
    Hess, F., Smart, N., Vercauteren, F.: The Eta pairing revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. Journal of Cryptology 17, 263–276 (2004)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Kammler, D., Zhang, D., Schwabe, P., Scharwaechter, H., Langenberg, M., Auras, D., Ascheid, G., Mathar, R.: Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 254–271. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Kawamura, S.-I., Koike, M., Sano, F., Shimbo, A.: Cox-Rower Architecture for Fast Parallel Montgomery Multiplication. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 523–538. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  25. 25.
    Koblitz, N.: Elliptic Curve Cryptosystem. Mathematics of Computation 48, 203–209 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  26. 26.
    Lee, E., Lee, H.S., Park, C.M.: Efficient and generalized pairing computation on abelian varieties. IEEE Transactions on Information Theory 55(4), 1793–1803 (2009)CrossRefGoogle Scholar
  27. 27.
    Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  28. 28.
    Miller, V.S.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17, 235–261 (2004)zbMATHCrossRefGoogle Scholar
  29. 29.
    Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)MathSciNetzbMATHCrossRefGoogle Scholar
  30. 30.
    Naehrig, M., Niederhagen, R., Schwabe, P.: New Software Speed Records for Cryptographic Pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Parhami, B.: Computer Arithmetic: Algorithms and Hardware Designs. Oxford University Press (2000)Google Scholar
  32. 32.
    Posch, K., Posch, R.: Base extension using a convolution sum in residue number systems. Computing 50, 93–104 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  33. 33.
    Posch, K., Posch, R.: Modulo reduction in residue number systems. IEEE Transactions on Parallel and Distributed Systems 6(5), 449–454 (1995)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  35. 35.
    Scott, M.: Implementing cryptographic pairings. In: Pairing-Based Cryptography - Pairing 2007. LNCS, vol. 4575, pp. 117–196. Springer (2007)Google Scholar
  36. 36.
    Szerwinski, R., Güneysu, T.: Exploiting the Power of GPUs for Asymmetric Cryptography. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 79–99. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  37. 37.
    Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Gavin Xiaoxu Yao
    • 1
  • Junfeng Fan
    • 2
  • Ray C. C. Cheung
    • 1
  • Ingrid Verbauwhede
    • 2
  1. 1.Department of Electronic EngineeringCity University of Hong KongHong Kong SAR
  2. 2.ESAT/SCD-COSICKU LeuvenLeuven-HeverleeBelgium

Personalised recommendations