Subscribe

Issue No.11 - November (2008 vol.57)

pp: 1454-1468

Nicolas Brisebarre , ENS Lyon, Lyon

Jérémie Detrey , B-it, Bonn

Eiji Okamoto , University of Tsukuba, Tsukuba

Jean-Luc Beuchat , University of Tsukuba, Tsukuba

Tsuyoshi Takagi , Future University, Hakodate

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2008.103

ABSTRACT

Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we discuss several algorithms to compute the ηT pairing in characteristic three and suggest further improvements. These algorithms involve addition, multiplication, cubing, inversion, and sometimes cube root extraction over GF(3m). We propose a hardware accelerator based on a unified arithmetic operator able to perform the operations required by a given algorithm. We describe the implementation of a compact coprocessor for the field GF(397) given by GF(3)[x]/(x97+x12+2), which compares favorably with other solutions described in the open literature.

INDEX TERMS

Eta_T pairing, elliptic curve, finite field arithmetic, hardware accelerator, FPGA

CITATION

Nicolas Brisebarre, Jérémie Detrey, Eiji Okamoto, Jean-Luc Beuchat, Tsuyoshi Takagi, "Algorithms and Arithmetic Operators for Computing the ηT Pairing in Characteristic Three",

*IEEE Transactions on Computers*, vol.57, no. 11, pp. 1454-1468, November 2008, doi:10.1109/TC.2008.103REFERENCES

- [1] D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,”
Advances in Cryptology—Proc. ASIACRYPT '01, C.Boyd, ed., pp. 514-532, 2001.- [4] S. Mitsunari, R. Sakai, and M. Kasahara, “A New Traitor Tracing,”
IEICE Trans. Fundamentals, vol. E85-A, no. 2, pp. 481-484, Feb. 2002.- [5] R. Sakai, K. Ohgishi, and M. Kasahara, “Cryptosystems Based on Pairing,”
Proc. Symp. Cryptography and Information Security (SCIS '00), pp. 26-28, Jan. 2000.- [6] A. Joux, “A One Round Protocol for Tripartite Diffie-Hellman,”
Proc. Algorithmic Number Theory—ANTS IV, W. Bosma, ed., pp.385-394, 2000.- [7] R. Dutta, R. Barua, and P. Sarkar,
Pairing-Based Cryptographic Protocols: A Survey, cryptology ePrint Archive, Report 2004/64, 2004.- [8] R. Granger, D. Page, and N.P. Smart, “High Security Pairing-Based Cryptography Revisited,”
Proc. Algorithmic Number Theory —ANTS VII, F. Hess, S. Pauli, and M. Pohst, eds., pp. 480-494, 2006.- [9] N. Koblitz and A. Menezes, “Pairing-Based Cryptography at High Security Levels,”
Cryptography and Coding, N.P. Smart, ed., pp. 13-36, Springer, 2005.- [10] J.H. Silverman,
The Arithmetic of Elliptic Curves. Springer-Verlag, 1986.- [11] P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,”
Advances in Cryptology—Proc. CRYPTO '02, M. Yung, ed., pp. 354-368, 2002.- [12] E.R. Verheul, “Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems,”
J. Cryptology, vol. 17, no. 4, pp. 277-296, 2004.- [13] V.S. Miller,
Short Programs for Functions on Curves, http://crypto. stanford.edumiller, 1986.- [14] V.S. Miller, “The Weil Pairing, and Its Efficient Calculation,”
J.Cryptology, vol. 17, no. 4, pp. 235-261, 2004.- [15] S.D. Galbraith, K. Harrison, and D. Soldera, “Implementing the Tate Pairing,”
Algorithmic Number Theory—Proc. ANTS V, C.Fieker and D. Kohel, eds., pp. 324-337, 2002.- [16] I. Duursma and H.S. Lee, “Tate Pairing Implementation for Hyperelliptic Curves $y^{2} = x^{p} - x + d$ ,”
Advances in Cryptology— Proc. ASIACRYPT '03, C.S. Laih, ed., pp.111-123, 2003.- [17] S. Kwon, “Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields,”
Information Security and Privacy—Proc. ACISP '05, C. Boyd and J.M. González Nieto, eds., pp.134-145, 2005.- [19] P. Grabher and D. Page, “Hardware Acceleration of the Tate Pairing in Characteristic Three,”
Cryptographic Hardware and Embedded Systems—Proc. CHES '05, J.R. Rao and B.Sunar, eds., pp. 398-411, 2005.- [20] T. Kerins, W.P. Marnane, E.M. Popovici, and P. Barreto, “Efficient Hardware for the Tate Pairing Calculation in Characteristic Three,”
Cryptographic Hardware and Embedded Systems— Proc. CHES '05, J.R. Rao and B. Sunar, eds., pp. 412-426, 2005.- [21] G. Bertoni, L. Breveglieri, P. Fragneto, and G. Pelosi, “Parallel Hardware Architectures for the Cryptographic Tate Pairing,”
Proc. Third Int'l Conf. Information Technology: New Generations (ITNG), 2006.- [23] R. Ronan, C. Murphy, T. Kerins, C. Ó hÉigeartaigh, and P.S.L.M. Barreto, “A Flexible Processor for the Characteristic 3$\eta_{T}$ Pairing,”
Int'l J. High Performance Systems Architecture, vol. 1, no. 2, pp. 79-88, 2007.- [24] J. Jiang, “Bilinear Pairing ($\eta_{T}$ Pairing) IP Core,” technical report, Dept. of Computer Science, City Univ. of Hong Kong, May 2007.
- [26] J.-L. Beuchat, N. Brisebarre, M. Shirase, T. Takagi, and E. Okamoto, “A Coprocessor for the Final Exponentiation of the$\eta_{T}$ Pairing in Characteristic Three,”
Proc. First Int'l WorkshopArithmetic of Finite Fields (WAIFI '07), C. Carlet and B. Sunar, eds., pp. 25-39, 2007.- [27] J.-L. Beuchat, N. Brisebarre, J. Detrey, and E. Okamoto, “Arithmetic Operators for Pairing-Based Cryptography,”
Cryptographic Hardware and Embedded Systems—Proc. CHES '07, P.Paillier and I.Verbauwhede, eds., pp. 239-255, 2007.- [28] R. Granger, D. Page, and M. Stam, “On Small Characteristic Algebraic Tori in Pairing-Based Cryptography,”
LMS J. Computation and Math., vol. 9, pp. 64-85, Mar. 2006.- [29] M. Shirase, T. Takagi, and E. Okamoto, “Some Efficient Algorithms for the Final Exponentiation of $\eta_{T}$ Pairing,”
Proc. Third Int'l Information Security Practice and Experience Conf. (ISPEC'07), E. Dawson and D.S. Wong, eds., pp.254-268, May 2007.- [30] J.-L. Beuchat, T. Miyoshi, J.-M. Muller, and E. Okamoto, “Horner's Rule-Based Multiplication over ${\rm GF}(p)$ and ${\rm GF}(p^{n})$ : A Survey,”
Int'l J. Electronics, to appear. - [33] L. Song and K.K. Parhi, “Low Energy Digit-Serial/Parallel Finite Field Multipliers,”
J. VLSI Signal Processing, vol. 19, no. 2, pp. 149-166, July 1998.- [34] R. Ronan, C. Ó hÉigeartaigh, C. Murphy, M. Scott, T. Kerins, and W. Marnane, “An Embedded Processor for a Pairing-Based Cryptosystem,”
Proc. Third Int'l Conf. Information Technology: New Generations (ITNG), 2006.- [35] G. Meurice de Dormale, personal communication.
- [39] F. Rodríguez-Henríquez, G. Morales-Luna, N.A. Saqib, and N. Cruz-Cortés, “A Parallel Version of the Itoh-Tsujii Multiplicative Inversion Algorithm,”
Reconfigurable Computing: Architectures, Tools and Applications—Proc. ARC '07, P.C. Diniz, E. Marques, K. Bertels, M.M. Fernandes, and J.M.P. Cardoso, eds., pp.226-237, 2007.- [40] D.E. Knuth,
The Art of Computer Programming, third ed. Addison-Wesley, 1998.- [41] P.S.L.M. Barreto,
A Note on Efficient Computation of Cube Roots in Characteristic 3, 2004 cryptology ePrint Archive, Report 2004/305. - [42] A. Vithanage, personal communication.
- [43] T. Kerins, E. Popovici, and W. Marnane, “Algorithms and Architectures for Use in FPGA Implementations of Identity Based Encryption Schemes,”
Field-Programmable Logic and Applications, J.Becker, M. Platzner, and S. Vernalde, eds., pp. 74-83, Springer, 2004.- [44] E. Gorla, C. Puttmann, and J. Shokrollahi, “Explicit Formulas for Efficient Multiplication in ${\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_{3^{6m}}$ ,”
Selected Areas in Cryptography— Proc. SAC '07, C. Adams, A. Miri, and M. Wiener, eds., pp. 173-183, 2007. |