This Article 
 Bibliographic References 
 Add to: 
Hardware and Software Normal Basis Arithmetic for Pairing-Based Cryptography in Characteristic Three
July 2005 (vol. 54 no. 7)
pp. 852-860
Although identity-based cryptography offers a number of functional advantages over conventional public key methods, the computational costs are significantly greater. The dominant part of this cost is the Tate pairing, which, in characteristic three, is best computed using the algorithm of Duursma and Lee. However, in hardware and constrained environments, this algorithm is unattractive since it requires online computation of cube roots or enough storage space to precompute required results. We examine the use of normal basis arithmetic in characteristic three in an attempt to get the best of both worlds: an efficient method for computing the Tate pairing that requires no precomputation and that may also be implemented in hardware to accelerate devices such as smart-cards.

[1] D. Bailey and C. Paar, “Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography,” J. Cryptology, vol. 14, no. 3, pp. 153-176, 2001.
[2] P. Barreto, H. Kim, B. Lynn, and M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,” Proc. CRYPTO '02, pp. 354-368, 2002.
[3] G. Bertoni, J. Guajardo, S. Kumar, G. Orlando, C. Paar, and T. Wollinger, “Efficient $GF(p^m)$ Arithmetic Architectures for Cryptographic Applications,” Proc. Cryptographers Track-RSA '03, pp. 158-175, 2003.
[4] D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
[5] I. Duursma and H. Lee, “Tate Pairing Implementation for Hyperelliptic Curves $y^2 = x^p - x + d$ ,” Proc. ASIACRYPT '03, pp. 111-123, 2003.
[6] G. Frey and H. Ruck, “A Remark Concerning m-Divisibility and the Discrete Logarithm Problem in the Divisor Class Group of Curves,” Math. Computation, vol. 62, pp. 865-874, 1994.
[7] S. Galbraith, “Supersingular Curves in Cryptography,” Proc. ASIACRYPT '01, pp. 495-513, 2001.
[8] S. Galbraith, K. Harrison, and D. Soldera, “Implementing the Tate Pairing,” Proc. Fifth Algorithmic Number Theory Symp. (ANTS-V), pp. 324-337, 2002.
[9] S. Gao, “Normal Bases over Finite Fields,” PhD thesis, Waterloo Univ., 1993.
[10] R. Granger, D. Page, and M. Stam, “On Small Characteristic Algebraic Tori in Pairing-Based Cryptography,” Cryptology ePrint Archive, Report 2004/132, 2004.
[11] K. Harrison, D. Page, and N.P. Smart, “Software Implementation of Finite Fields of Characteristic Three, for Use in Pairing Based Cryptosystems,” LMS J. Computation and Math., vol. 5, no. 1, pp. 181-193, 2002.
[12] M.A. Hassan, M.Z. Wang, and V.K. Bhargava, “A Modified Massey-Omura Parallel Multiplier for a Class for Finite Fields,” IEEE Trans. Computers, vol. 42, no. 10, pp. 1278-1280, Oct. 1993.
[13] IEEEP 1363, “Standard Specifications for Public Key Cryptography,” IEEE Standards Dept., 1999.
[14] T. Itoh and S. Tsujii, “A Fast Algorithm for Computing Multiplicative Inverses in $GF(2^n)$ Using Normal Bases,” Information and Computation, vol. 78, pp. 171-177, 1988.
[15] B.S. Kaliski Jr. and Y.L. Yin, “Storage Efficient Finite Field Basis Conversion,” Proc. Symp. Applied Computing (SAC '99), pp. 81-93, 1999.
[16] A. Karatsuba and Y. Ofman, “Multiplication of Many-Digital Numbers by Automatic Computers,” Doklady Akad. Nauk SSSR, vol. 145, pp. 293-294, 1962. Translation in Physics-Doklady, vol. 7, pp. 595-596, 1963.
[17] Ç.K. Koç and B. Sunar, “Low-Complexity Bit-Parallel Canonical and Normal Basis Multipliers for a Class for Finite Fields,” IEEE Trans. Computers, vol. 47, no. 3, pp. 353-356, Mar. 1998.
[18] J. López and R. Dahab, “High Speed Software Multiplication in ${\hbox{\rlap{F}\kern 1.5pt{\hbox{F}}}}_{2^m}$ ,” Proc. INDOCRYPT '00, pp. 203-212, 2000.
[19] A. Menezes, T. Okamoto, and S.A. Vanstone, “Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field,” IEEE Trans. Information Theory, vol. 39, pp. 1639-1646, 1993.
[20] P. Ning and Y.L. Yin, “Efficient Software Implementation for Finite Field Multiplication in Normal Basis,” Proc. Int'l Conf. Information and Comm. Security (ICICS '01), pp. 177-188, 2001.
[21] M. Nöcker, “Data Structures for Parallel Exponentiation in Finite Fields,” PhD thesis, Universität Paderborn, 2001.
[22] D. Page and N.P. Smart, “Hardware Implementation of Finite Fields of Characteristic Three,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 529-539, 2002.
[23] A. Reyhani-Masoleh and M.A. Hasan, “Fast Normal Basis Multiplication Using General Purpose Processors,” Proc. Symp. Applied Computing (SAC '01), pp. 230-244, 2001.
[24] A. Reyhani-Masoleh and M.A. Hassan, “A New Construction of Massey-Omura Parallel Multiplier over $GF(2^m)$ ,” IEEE Trans. Computers, vol. 51, no. 5, pp. 511-520, May 2002.
[25] R. Sakai, K. Ohgishi, and M. Kasahara, “Cryptosystems Based on Pairings,” Proc. Symp. Cryptography and Information Security (SCIS '00), 2000.
[26] M. Scott and P. Barreto, “Compressed Pairings,” Cryptology ePrint Archive, Report 2004/032, 2004.
[27] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Proc. CRYPTO '85, pp. 47-53, 1985.
[28] J. Silverman, The Arithmetic of Elliptic Curves. Springer GTM 106, 1986.
[29] C.C. Wang, T.K. Truong, H.M. Shao, L.J. Deutsch, J.K. Omura, and I.S. Reed, “VLSI Architectures for Computing Multiplications and Inverses in $GF(2^m)$ ,” IEEE Trans. Computers, vol. 34, no. 8, pp. 709-716, Aug. 1985.

Index Terms:
Index Terms- Public key cryptosystems, computer arithmetic, high-speed arithmetic.
Robert Granger, Daniel Page, Martijn Stam, "Hardware and Software Normal Basis Arithmetic for Pairing-Based Cryptography in Characteristic Three," IEEE Transactions on Computers, vol. 54, no. 7, pp. 852-860, July 2005, doi:10.1109/TC.2005.120
Usage of this product signifies your acceptance of the Terms of Use.