This Article 
 Bibliographic References 
 Add to: 
Reconfigurable Computing Approach for Tate Pairing Cryptosystems over Binary Fields
September 2009 (vol. 58 no. 9)
pp. 1221-1237
Chang Shu, George Mason University, Fairfax
Soonhak Kwon, Sungkyunkwan University, Suwon
Kris Gaj, George Mason University, Fairfax
Tate-pairing-based cryptosystems, because of their ability to be used in multiparty identity-based key management schemes, have recently emerged as an alternative to traditional public key cryptosystems. Due to the inherent parallelism of the existing pairing algorithms, high performance can be achieved via hardware realizations. Three schemes for Tate pairing computations have been proposed in the literature: cubic elliptic, binary elliptic, and binary hyperelliptic. In this paper, we propose a new FPGA-based architecture of the Tate-pairing-based computation over binary fields. Even though our field sizes are larger than in the architectures based on cubic elliptic curves or binary hyperelliptic curves with the same security strength, nevertheless fewer multiplications in the underlying field need to be performed. As a result, the computational latency for a pairing computation has been reduced, and our implementation runs 2-20 times faster than the equivalent implementations of other pairing-based schemes at the same level of security strength. Furthermore, we ported our pairing designs for eight field sizes ranging from 239 to 557 bits to the reconfigurable computer, SGI Altix 4700 supported by Silicon Graphics, Inc., and performance and cost are demonstrated.

[1] T. Kerins et al., “Efficient Hardware for the Tate Pairing Calculation in Characteristic Three,” Proc. Cryptographic Hardware and Embedded Systems (CHES '05), pp. 412-426, 2005.
[2] T. Kerins , E.M. Popovici , and W.P. Marnane , “Algorithms and Architectures for Use in FPGA Implementations of Identity Based Encryption Schemes,” Proc. Field Programmable Logic and Applications (FPL '04), pp. 74-83, 2004.
[3] P. Grabher and D. Page , “Hardware Acceleration of the Tate Pairing in Characteristic Three,” Proc. Cryptographic Hardware and Embedded Systems (CHES '05), pp. 398-411, 2005.
[4] R. Ronan , C.O. Eigeartaigh , C. Murphy , M. Scott , T. Kerins , and W.P. Marnane , “A Dedicated Processor for the Eta pairing,” Cryptology ePrint Archive,, 2009.
[5] G. Kömürcü and E. Savas , “An Efficient Hardware Implementation of the Tata Pairing in Characteristic Three,” Proc. Third Int'l Conf. Systems (ICONS '08), pp. 23-28, 2008.
[6] J.-L. Beuchat , N. Brisebarre , J. Detrey , E. Okamoto , M. Shirase , and T. Takagi , “Arithmetic Operators for Pairing-Based Cryptography,” Proc. Cryptographic Hardware and Embedded Systems (CHES '07), pp. 239-255, 2007.
[7] J.-L. Beuchat , N. Brisebarre , J. Detrey , E. Okamoto , M. Shirase , and T. Takagi , “Algorithms and Arithmetic Operators for Computing the $\eta_T$ Pairing in Characteristic Three,” IEEE Trans. Computers, vol. 57, no. 11, Nov. 2008.
[8] J.-L. Beuchat , N. Brisebarre , J. Detrey , E. Okamoto , and F.R. Henríquez , “A Comparison Between Hardware Accelerators for the Modified Tate Pairing over ${\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_{2^m}$ and ${\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_{3^m}$ ,” Proc. Int'l Conf. Pairing-Based Cryptography (Pairing '08), pp. 297-315, 2008.
[9] R. Granger , D. Page , and M. Stam , “Hardware and Software Normal Basis Arithmetic for Pairing Based Cryptography in Characteristic Three,” IEEE Trans. Computers, vol. 54, no. 7, Jul. 2005.
[10] R. Granger , D. Page , and M. Stam , “On Small Characteristic Algebraic Tori in Pairing Based Cryptography,” preprint,, 2004.
[11] I. Duursma and H. Lee , “Tate Pairing Implementation for Hyperelliptic Curves $y^2=x^p-x+d$ ,” Proc. Int'l Conf. Theory and Application of Cryptology and Information Security (Asiacrypt '03), pp.111-123, 2003.
[12] P. Barreto , H. Kim , B. Lynn , and M. Scott , “Efficient Algorithms for Pairing Based Cryptosystems,” Proc. Int'l Cryptology Conf. (Crypto '02), pp. 354-368, 2002.
[13] P. Barreto , S. Galbraith , C. OhEigeartaigh , and M. Scott , “Efficient Pairing Computation on Supersingular Abelian Varieties,” Design, Codes and Cryptography, vol. 42, no. 3, pp. 239-271, 2007.
[14] S. Kwon , “Efficient Tate Pairing Computation for Supersingular Elliptic Curves Over Binary Fields,” Proc. Australasian Conf. Information Security and Privacy (ACISP '05), pp. 134-145, 2005.
[15] S. Galbraith , K. Harrison , and D. Soldera , “Implementing the Tate Pairing,” Proc. Int'l Workshop ANT Algorithms (ANTS '02), pp.324-337, 2002.
[16] V. Miller , “Short Programs for Functions on Curves,” unpublished manuscript, 1986.
[17] F. Hess , N. Smart , and F. Vercauteren , “The Eta Pairing Revisited,” IEEE Trans. Information Theory, vol. 52, no. 10, Oct. 2006.
[18] A.J. Menezes , Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, 1993.
[19] L.C. Washington , Elliptic Curves: Number Theory and Cryptography. CRC Press, Apr. 2008.
[20] H. Cohen , G. Frey , R. Avanzi , C. Doche , T. Lange , K. Nguyen , and F. Vercauteren , Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, July 2005.
[21] I.F. Blake , G. Seroussi , and N.P. Smart , Advances in Elliptic Curve Cryptography. Cambridge Univ. Press, 2005.
[22] A. Shamir , “Identity-Based Cryptosystems and Signature Schemes,” Proc. Int'l Cryptology Conf. (Crypto '85), vol. 196, pp.47-53, 1985.
[23] K. Fong , D. Hankerson , J. López , and A. Menezes , “Field Inversion and Point Halving Revisited,” Technical Report CORR 2003-18, Univ. of Waterloo, 2003.
[24] D. Boneh and M. Franklin , “Identity Based Encryption from the Weil Pairing,” Proc. Int'l Cryptology Conf. (Crypto '01), pp. 213-229, 2001.
[25] R. Sakai , K. Ohgishi , and M. Kasahara , “Cryptosystems Based on Pairing,” Proc. Symp. Cryptography and Information Security (SICS '00), pp. 26-28, 2000.
[26] A. Karatsuba and Y. Ofman , “Multiplication on Many-Digit Numbers by Automatic Computers,” Translation in Physics-Doklady, vol. 7, pp. 595-596, 1963.
[27] L. Song and K.K. Parhi , “Efficient Finite Field Serial/Parallel Multiplication,” Proc. Int'l Conf. Application Specific Systems, Architectures and Processors (ASAP '96), pp. 72-82, 1996.
[28] LiDIA, A C++ Library for Computational Number Theory, LiDIA, 2009.
[29] T. Itoh and S. Tsujii , “A Fast Algorithm for Computing Multiplicative Inverses in $GF(2^m)$ Using Normal Bases,” Information and Computation, vol. 78, pp. 171-177, 1988.
[30] Silicon Graphics, Inc., Reconfigurable Application-Specific Computer User's Guide. 2008.
[31] Maplesoft, Inc., http:/, 2009.
[32] A.J. Menezes , P.C. van Oorschot , and S.A. Vanstone , Handbook of Applied Cryptography. CRC Press, 1997.

Index Terms:
Tate pairing, elliptic curve, reconfigurable computing, field-programmable gate arrays (FPGAs), finite field.
Chang Shu, Soonhak Kwon, Kris Gaj, "Reconfigurable Computing Approach for Tate Pairing Cryptosystems over Binary Fields," IEEE Transactions on Computers, vol. 58, no. 9, pp. 1221-1237, Sept. 2009, doi:10.1109/TC.2009.64
Usage of this product signifies your acceptance of the Terms of Use.