The Community for Technology Leaders
RSS Icon
Issue No.05 - May (2012 vol.61)
pp: 676-685
Junfeng Fan , Katholieke Universiteit Leuven and IBBT, ESAT/SCD-COSIC, Leuven-Heverlee
Frederik Vercauteren , Katholieke Universiteit Leuven and IBBT, ESAT/SCD-COSIC, Leuven-Heverlee
Ingrid Verbauwhede , Katholieke Universiteit Leuven and IBBT, ESAT/SCD-COSIC, Leuven-Heverlee
This paper describes a new method to speed up {\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_p-arithmetic in hardware for pairing-friendly curves, such as the well-known Barreto-Naehrig (BN) curves. We explore the characteristics of the modulus defined by these curves and choose curve parameters such that {\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_p multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudo-Mersenne number. As an application, we show that the performance of pairings on BN curves in hardware can be significantly improved, resulting in a factor 2.5 speedup compared with state-of-the-art hardware implementations.
Pairing-friendly curves, modular reduction.
Junfeng Fan, Frederik Vercauteren, Ingrid Verbauwhede, "Efficient Hardware Implementation of Fp-Arithmetic for Pairing-Friendly Curves", IEEE Transactions on Computers, vol.61, no. 5, pp. 676-685, May 2012, doi:10.1109/TC.2011.78
[1] D.F. Aranha, K. Karabina, P. Longa, C.H. Gebotys, and J. López, “Faster Explicit Formulas for Computing Pairings over Ordinary Curves,” Proc. Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques (Eurocrypt '11), 2011.
[2] D.F. Aranha, J. López, and D. Hankerson, “High-Speed Parallel Software Implementation of the $\eta_T$ Pairing,” Proc. Cryptographers' Track at RSA Conf. (CT-RSA '10), pp. 89-105, 2010.
[3] R.M. Avanzi, H. Cohen, C. Doche, G. Frey, T. Lange, K. Nguyen, and F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, 2005.
[4] P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,” CRYPTO '02: Proc. 22nd Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 354-368, 2002.
[5] P. Barrett, “Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor,” Proc. Int'l Cryptology Conf., pp. 311-323, 1986.
[6] J.-L. Beuchat, J.E. González-Díaz, S. Mitsunari, E. Okamoto, F. Rodríguez-Henríquez, and T. Teruya, “High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves,” Pairing '10: Proc. Fourth Int'l Conf. Pairing-Based Cryptography, pp. 21-39, 2010.
[7] J.-L. Beuchat, E. López-Trejo, L. Martínez-Ramos, S. Mitsunari, and F. Rodríguez-Henríquez, “Multi-Core Implementation of the Tate Pairing over Supersingular Elliptic Curves,” CANS '09: Proc. Eighth Int'l Conf. Cryptology and Network Security, pp. 413-432, 2009.
[8] G.R. Blakley, “A Computer Algorithm for Calculating the Product AB Modulo M,” IEEE Trans. Computers, vol. C-32, no. 5, pp. 497-500, May 1983.
[9] F. Brezing and A. Weng, “Elliptic Curves Suitable for Pairing Based Cryptography,” Designs, Codes and Cryptography, vol. 37, pp. 133-141, 2003.
[10] Ç.K. Koç, T. Acar, and B.S. Kaliski, “Analyzing and Comparing Montgomery Multiplication Algorithms,” IEEE Micro, vol. 16, no. 3, pp. 26-33, June 1996.
[11] J. Chung and M.A. Hasan, “Low-Weight Polynomial Form Integers for Efficient Modular Multiplication,” IEEE Trans. Computers, vol. 56, no. 1, pp. 44-57, Jan. 2007.
[12] J. Chung and M.A. Hasan, “Montgomery Reduction Algorithm for Modular Multiplication Using Low-Weight Polynomial Form Integers,” ARITH '07: Proc. 18th IEEE Symp. Computer Arithmetic, pp. 230-239, 2007.
[13] A. Devegili, C.Ó' hÉigeartaigh, M. Scott, and R. Dahab, “Multiplication and Squaring on Pairing-Friendly Fields. Cryptology ePrint Archive, Report 2006/471,” http:/, 2011.
[14] A. Devegili, M. Scott, and R. Dahab, “Implementing Cryptographic Pairings over Barreto-Naehrig Curves,” Pairing '07: Proc. Int'l Conf. Pairing-Based Cryptography, pp. 197-207, 2007.
[15] J.-F. Dhem, “Design of an Efficient Public-Key Cryptographic Library for RISC-Based Smart Cards,” PhD thesis, Université Catholique de Louvain, Louvain-la-Neuve, 1998.
[16] N. Estibals, “Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves,” Pairing '10: Proc. Fourth Int'l Conf. Pairing-Based Cryptography, pp. 397-416, 2010.
[17] J. Fan, F. Vercauteren, and I. Verbauwhede, “Faster ${\hbox{\rlap{I}\kern 2.0pt{\hbox{F}}}}_p$ -Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '09), pp. 240-253, 2009.
[18] D. Freeman, M. Scott, and E. Teske, “A Taxonomy of Pairing-Friendly Elliptic Curves,” J. Cryptology, vol. 23, no. 2, pp. 224-280, 2010.
[19] S. Ghosh, D. Mukhopadhyay, and D.R. Chowdhury, “High Speed Flexible Pairing Cryptoprocessor on FPGA Platform,” Pairing '10: Proc. Fourth Int'l Conf. Pairing-Based Cryptography, pp. 450-466, 2010.
[20] P. Grabher, J. Großschädl, and D. Page, “On Software Parallel Implementation of Cryptographic Pairings,” Proc. Selected Areas in Cryptography, pp. 34-49, 2008.
[21] D. Hankerson, A. Menezes, and M. Scott, “Software Implementation of Pairings,” Identity-Based Cryptography, M. Joye and G. Neven, eds., IOS Press 2008.
[22] F. Hess, “Pairing Lattices,” Pairing '08: Proc. Second Int'l Conf. Pairing-Based Cryptography, pp. 18-38, 2008.
[23] F. Hess, N.P. Smart, and F. Vercauteren, “The Eta Pairing Revisited,” IEEE Trans. Information Theory, vol. 52, no. 10, pp. 4595-4602, Oct. 2006.
[24] D. Kammler, D. Zhang, P. Schwabe, H. Scharwaechter, M. Langenberg, D. Auras, G. Ascheid, R. Leupers, R. Mathar, and H. Meyr, “Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves,” Proc. 11th Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '09), pp. 254-271, 2009.
[25] A. Karatsuba and Y. Ofman, “Multiplication of Multidigit Numbers on Automata,” Doklady Akademii Nauk SSSR, vol. 145, no. 2, pp. 293-294, 1962.
[26] E. Lee, H.-S Lee, and C.-M. Park, “Efficient and Generalized Pairing Computation on Abelian Varieties,” Cryptology ePrint Archive, Report 2009/040, http:/, 2011.
[27] V.S. Miller, “Short Programs for Functions on Curves, 1986,” Unpublished Manuscript, , 2011.
[28] V.S. Miller, “The Weil Pairing, and Its Efficient Calculation,” J. Cryptology, vol. 17, no. 4, pp. 235-261, 2004.
[29] P.L. Montgomery, “Modular Multiplication without Trial Division,” Math. of Computation, vol. 44, no. 170, pp. 519-521, 1985.
[30] P.L. Montgomery, “Five, Six, and Seven-Term Karatsuba-Like Formulae,” IEEE Trans. Computers, vol. 54, no. 3, pp. 362-369, Mar. 2005.
[31] M. Naehrig, R. Niederhagen, and P. Schwabe, “New Software Speed Records for Cryptographic Pairings,” LATINCRYPT '10: Proc. First Int'l Conf. Progress in Cryptology: Cryptology and Information Security in Latin Am., pp. 109-123, 2010.
[32] P.S.L.M. Barreto and M. Naehrig, “Pairing-Friendly Elliptic Curves of Prime Order,” Proc. Selected Areas in Cryptography (SAC '05), pp. 319-331, 2006.
[33] F. Vercauteren, “Optimal Pairings,” IEEE Trans. Information Theory, vol. 56, no. 1, pp. 455-461, Jan. 2010.
25 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool