Towards Faster and Greener Cryptoprocessor for Eta Pairing on Supersingular Elliptic Curve over F_{2^{1223}}

For the rst time ever, the FPGA based cryptoprocessor presented in (12) makes it possible to compute an eta pairing at the 128-bit security level in less than one millisecond. The high performance of their cryptoprocessor comes largely from the use of the Karatsuba method for eld multiplication. In this article, for the same type of pairing we propose hybrid sequential/parallel multipliers based on the Toeplitz matrix-vector products and present some optimizations for the nal exponentiation, resulting in high performance cryptoprocessors. On the same kind of FPGA devices, our cryptoprocessor performs pairing faster than that of (12) while requiring less hardware resources. We also present ASIC implementations and report that the three-way split multiplier based cryptoprocessor consumes less energy than the two-way. Moreover, by taking advantage of the area eciency of the Toeplitz matrix-vector product approach, we are able to deploy additional hardware to concurrently perform two multiplications with one common input, completing a pairing operation in less than 88 s and 48 s (i.e., about 11K and 21K pairing operations per second) in FPGA and ASIC, respectively.

[1]  Francisco Rodríguez-Henríquez,et al.  Fast Architectures for the \eta_T Pairing over Small-Characteristic Supersingular Elliptic Curves , 2011, IEEE Transactions on Computers.

[2]  Ming Gu,et al.  Overlap-free Karatsuba-Ofman polynomial multiplication algorithms , 2010 .

[3]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4]  Frederik Vercauteren,et al.  Faster -Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves , 2009, CHES.

[5]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[6]  M. Anwar Hasan,et al.  Block Recombination Approach for Subquadratic Space Complexity Binary Field Multiplication Based on Toeplitz Matrix-Vector Product , 2012, IEEE Transactions on Computers.

[7]  Dipanwita Roy Chowdhury,et al.  High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields , 2011, CHES.

[8]  Gerd Ascheid,et al.  Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves , 2009, CHES.

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Ingrid Verbauwhede,et al.  FPGA Implementation of Pairings Using Residue Number System and Lazy Reduction , 2011, CHES.

[11]  Berk Sunar,et al.  A generalized method for constructing subquadratic complexity GF(2/sup k/) multipliers , 2004, IEEE Transactions on Computers.

[12]  M. Anwar Hasan,et al.  A New Approach to Subquadratic Space Complexity Parallel Multipliers for Extended Binary Fields , 2007, IEEE Transactions on Computers.

[13]  Jérémie Detrey,et al.  Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves , 2012, CT-RSA.

[14]  Debdeep Mukhopadhyay,et al.  High Speed Flexible Pairing Cryptoprocessor on FPGA Platform , 2010, Pairing.

[15]  S. Winograd Arithmetic complexity of computations , 1980 .

[16]  Frederik Vercauteren,et al.  Efficient Hardware Implementation of Fp-Arithmetic for Pairing-Friendly Curves , 2012, IEEE Transactions on Computers.

[17]  David R. Canright,et al.  A very compact Rijndael S-box , 2005 .

[18]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[19]  Nicolas Estibals,et al.  Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves , 2010, Pairing.