New Software Speed Records for Cryptographic Pairings

This paper presents new software speed records for the computation of cryptographic pairings. More specifically, we present details of an implementation which computes the optimal ate pairing on a 257- bit Barreto-Naehrig curve in only 4,470,408 cycles on one core of an Intel Core 2 Quad Q6600 processor. This speed is achieved by combining 1.) state-of-the-art high-level optimization techniques, 2.) a new representation of elements in the underlying finite fields which makes use of the special modulus arising from the Barreto-Naehrig curve construction, and 3.) implementing arithmetic in this representation using the double-precision floating-point SIMD instructions of the AMD64 architecture.

[1]  Paulo S. L. M. Barreto,et al.  On Compressible Pairings and Their Computation , 2008, AFRICACRYPT.

[2]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[3]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[4]  Daniel J. Bernstein,et al.  FLOATING-POINT ARITHMETIC AND MESSAGE AUTHENTICATION , 2000 .

[5]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[6]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[7]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[8]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[9]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[10]  M. Naehrig Constructive and computational aspects of cryptographic pairings , 2009 .

[11]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[12]  Hyang-Sook Lee,et al.  Efficient and Generalized Pairing Computation on Abelian Varieties , 2009, IEEE Transactions on Information Theory.

[13]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[14]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[15]  Johann Großschädl,et al.  On Software Parallel Implementation of Cryptographic Pairings , 2008, IACR Cryptol. ePrint Arch..

[16]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[17]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[18]  Darrel HANKERSON,et al.  Software Implementation of Pairings , 2009, Identity-Based Cryptography.

[19]  Frederik Vercauteren,et al.  Faster -Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves , 2009, CHES.

[20]  Julio César López-Hernández,et al.  High-Speed Parallel Software Implementation of the ηT Pairing , 2010, CT-RSA.

[21]  Ricardo Dahab,et al.  Implementing Cryptographic Pairings over Barreto-Naehrig Curves , 2007, Pairing.

[22]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[23]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[24]  Michael Scott,et al.  Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions , 2009, IACR Cryptol. ePrint Arch..

[25]  Tanja Lange,et al.  Faster Pairing Computation , 2009 .

[26]  Paulo S. L. M. Barreto,et al.  Efficient Implementation of Pairing-Based Cryptosystems , 2004, Journal of Cryptology.

[27]  Francisco Rodríguez-Henríquez,et al.  High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves , 2010, Pairing.