A FPGA pairing implementation using the Residue Number System

Recently, a lot of progresses have been made in software implementations of pairings at the 128-bit security level in large characteristic. In this work, we obtain analogous progresses for hardware implementations. For this, we use the RNS representation of numbers which is especially well suited for pairing computation in a hardware context. A FPGA implementation is proposed, based on an adaptation of Guillermin’s architecture which computes a pairing in 1.07 ms. It is 2 times faster than all previous hardware implementations (including ASIC and small characteristic implementations) and almost as fast as best software implementations.

[1]  Koray Karabina Squaring in cyclotomic subgroups , 2013, Math. Comput..

[2]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[3]  Michael Scott,et al.  Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions , 2009, IACR Cryptol. ePrint Arch..

[4]  Francisco Rodríguez-Henríquez,et al.  High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves , 2010, Pairing.

[5]  Milos D. Ercegovac,et al.  Combining leak-resistant arithmetic for elliptic curves defined over Fp and RNS representation , 2010, IACR Cryptol. ePrint Arch..

[6]  Atsushi Shimbo,et al.  Cox-Rower Architecture for Fast Parallel Montgomery Multiplication , 2000, EUROCRYPT.

[7]  Jean-Claude Bajard,et al.  An RNS Montgomery Modular Multiplication Algorithm , 1998, IEEE Trans. Computers.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Paulo S. L. M. Barreto,et al.  A family of implementation-friendly BN elliptic curves , 2011, J. Syst. Softw..

[11]  Patrick Longa,et al.  Faster Explicit Formulas for Computing Pairings over Ordinary Curves , 2011, EUROCRYPT.

[12]  Frederik Vercauteren,et al.  Faster -Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves , 2009, CHES.

[13]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[14]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[15]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[16]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[17]  Nicolas Estibals,et al.  Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves , 2010, Pairing.

[18]  Nicolas Guillermin A high speed coprocessor for elliptic curve scalar multiplication over Fp , 2010 .

[19]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[20]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[21]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[22]  Jérémie Detrey,et al.  Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves , 2012, CT-RSA.

[23]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[24]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[25]  Tanja Lange,et al.  Faster Pairing Computations on Curves with High-Degree Twists , 2010, Public Key Cryptography.

[26]  Sylvain Duquesne,et al.  RNS arithmetic in 𝔽 pk and application to fast pairing computation , 2011, J. Math. Cryptol..

[27]  Peter Schwabe,et al.  New Software Speed Records for Cryptographic Pairings , 2010, LATINCRYPT.