Parallelizing the Weil and Tate Pairings

In the past year, the speed record for pairing implementations on desktop-class machines has been broken several times. The speed records for asymmetric pairings were set on a single processor. In this paper, we describe our parallel implementation of the optimal ate pairing over Barreto-Naehrig (BN) curves that is about 1.23 times faster using two cores of an Intel Core i5 or Core i7 machine, and 1.45 times faster using 4 cores of the Core i7 than the state-of-the-art implementation on a single core. We instantiate Hess's general Weil pairing construction and introduce a new optimal Weil pairing tailored for parallel execution. Our experimental results suggest that the new Weil pairing is 1.25 times faster than the optimal ate pairing on 8-core extensions of the aforementioned machines. Finally, we combine previous techniques for parallelizing the eta pairing on a supersingular elliptic curve with embedding degree 4, and achieve an estimated 1.24-fold speedup on an 8-core extension of an Intel Core i7 over the previous best technique.

[1]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[2]  A. Miyaji,et al.  Pairing-Based Cryptography - Pairing 2010 , 2011 .

[3]  Joachim von zur Gathen,et al.  Efficient and optimal exponentiation in finite fields , 1991, computational complexity.

[4]  Patrick Longa,et al.  Faster Explicit Formulas for Computing Pairings over Ordinary Curves , 2011, EUROCRYPT.

[5]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[6]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[7]  Florian Hess,et al.  Pairing Lattices , 2008, Pairing.

[8]  Gerd Ascheid,et al.  Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves , 2009, CHES.

[9]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[10]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[11]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[12]  Tanja Lange,et al.  Progress in Cryptology - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings , 2010, AFRICACRYPT.

[13]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[14]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[15]  Peter Schwabe,et al.  New Software Speed Records for Cryptographic Pairings , 2010, LATINCRYPT.

[16]  Francisco Rodríguez-Henríquez,et al.  A Comparison between Hardware Accelerators for the Modified Tate Pairing over F2m and F3m , 2008, Pairing.

[17]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[18]  Michael Scott,et al.  Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions , 2009, IACR Cryptol. ePrint Arch..

[19]  Yasuyuki Nogami,et al.  Integer Variable chi-Based Ate Pairing , 2008, Pairing.

[20]  Frederik Vercauteren,et al.  Faster -Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves , 2009, CHES.

[21]  Yasuyuki Nogami,et al.  Fast Ate Pairing Computation of Embedding Degree 12 Using Subfield-Twisted Elliptic Curve , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[22]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[23]  Edward A. Lee The problem with threads , 2006, Computer.

[24]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[25]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[26]  Michael E. Kounavis,et al.  Multiplication Instruction and its Usage for Computing the GCM Mode , 2010 .

[27]  Koray Karabina Squaring in cyclotomic subgroups , 2013, Math. Comput..

[28]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[29]  Sylvain Duquesne,et al.  A FPGA pairing implementation using the Residue Number System , 2011, IACR Cryptol. ePrint Arch..

[30]  A. Roberts Multi-Core Programming Increasing Performance through Software Multi-threading Shameem , 2006 .

[31]  Michael J. Oudshoorn,et al.  Visualization techniques for various programming paradigms , 1993, Proceedings of TENCON '93. IEEE Region 10 International Conference on Computers, Communications and Automation.

[32]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[33]  Nicolas Estibals,et al.  Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves , 2010, Pairing.

[34]  Darrel HANKERSON,et al.  Software Implementation of Pairings , 2009, Identity-Based Cryptography.

[35]  Francisco Rodríguez-Henríquez,et al.  Multi-core Implementation of the Tate Pairing over Supersingular Elliptic Curves , 2009, CANS.

[36]  Johann Großschädl,et al.  On Software Parallel Implementation of Cryptographic Pairings , 2008, IACR Cryptol. ePrint Arch..

[37]  Peter Schwabe,et al.  ECC2K-130 on Cell CPUs , 2010, AFRICACRYPT.

[38]  Julio César López-Hernández,et al.  High-Speed Parallel Software Implementation of the ηT Pairing , 2010, CT-RSA.

[39]  Dongqing Xie,et al.  Reducing the Complexity of the Weil Pairing Computation , 2008, IACR Cryptol. ePrint Arch..

[40]  Hyang-Sook Lee,et al.  Efficient and Generalized Pairing Computation on Abelian Varieties , 2009, IEEE Transactions on Information Theory.

[41]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[42]  Paulo S. L. M. Barreto,et al.  A family of implementation-friendly BN elliptic curves , 2011, J. Syst. Softw..

[43]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[44]  Peter L. Montgomery,et al.  Five, six, and seven-term Karatsuba-like formulae , 2005, IEEE Transactions on Computers.

[45]  William P. Marnane,et al.  Identity- Based Cryptography , 2008 .

[46]  Ingrid Verbauwhede,et al.  A High Speed Pairing Coprocessor Using RNS and Lazy Reduction , 2011, IACR Cryptol. ePrint Arch..

[47]  Tim Güneysu,et al.  Utilizing hard cores of modern FPGA devices for high-performance cryptography , 2011, Journal of Cryptographic Engineering.

[48]  Steven D. Galbraith,et al.  Pairing-Based Cryptography - Pairing 2008, Second International Conference, Egham, UK, September 1-3, 2008. Proceedings , 2008, Pairing.

[49]  Julio César López-Hernández,et al.  Efficient Software Implementation of Binary Field Arithmetic Using Vector Instruction Sets , 2010, LATINCRYPT.

[50]  Frederik Vercauteren,et al.  Ate Pairing on Hyperelliptic Curves , 2007, EUROCRYPT.

[51]  ItohToshiya,et al.  A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases , 1988 .

[52]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[53]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[54]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[55]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[56]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[57]  Paulo S. L. M. Barreto,et al.  Progress in Cryptology - LATINCRYPT 2010, First International Conference on Cryptology and Information Security in Latin America, Puebla, Mexico, August 8-11, 2010, Proceedings , 2010, LATINCRYPT.

[58]  Hovav Shacham,et al.  Pairing-Based Cryptography - Pairing 2009, Third International Conference, Palo Alto, CA, USA, August 12-14, 2009, Proceedings , 2009, Pairing.

[59]  Tanja Lange,et al.  Faster Pairing Computations on Curves with High-Degree Twists , 2010, Public Key Cryptography.

[60]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[61]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[62]  Paulo S. L. M. Barreto,et al.  On the Selection of Pairing-Friendly Groups , 2003, Selected Areas in Cryptography.

[63]  Francisco Rodríguez-Henríquez,et al.  High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves , 2010, Pairing.

[64]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.