Hardware acceleration of the Tate pairing on a genus 2 hyperelliptic curve

Many novel and interesting cryptographic protocols have recently been designed with bilinear pairings comprising their main calculation. The @h"T method for pairing calculation is an efficient computation technique based on a generalisation and optimisation of the Duursma-Lee algorithm for calculating the Tate pairing. The pairing can be computed very efficiently on hyperelliptic curves of genus 2. In this paper it is demonstrated that the @h"T method is ideally suited for hardware implementation since much of the more intensive arithmetic can be performed in parallel in hardware. A Tate pairing processor is presented and the architectures required for such a system are discussed. The processor returns a fast pairing computation when compared to the best results in the literature to date. Results are provided when the processor is implemented on an FPGA over the base field F"2"^"1"^"0"^"3.

[1]  Chae Hoon Lim,et al.  Fast Implementation of Elliptic Curve Arithmetic in GF(pn) , 2000, Public Key Cryptography.

[2]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[3]  Paulo S. L. M. Barreto,et al.  Efficient Hardware for the Tate Pairing Calculation in Characteristic Three , 2005, CHES.

[5]  Keshab K. Parhi,et al.  Low-Energy Digit-Serial/Parallel Finite Field Multipliers , 1998 .

[6]  Paulo S. L. M. Barreto,et al.  Efficient Implementation of Pairing-Based Cryptosystems , 2004, Journal of Cryptology.

[7]  Ratna Dutta,et al.  Pairing-based cryptography : A survey , 2004 .

[8]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[9]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[10]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[11]  Dan Page,et al.  Hardware Acceleration of the Tate Pairing in Characteristic Three , 2005, CHES.

[12]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[13]  Christof Paar,et al.  A High Performance Reconfigurable Elliptic Curve Processor for GF(2m) , 2000, CHES.

[14]  Tim Kerins,et al.  An Embedded Processor for a Pairing-Based Cryptosystem , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[15]  Andreas Curiger,et al.  On Computing Multiplicative Inverses in GF(2^m) , 1993, IEEE Trans. Computers.

[16]  Ratna Dutta,et al.  Pairing-Based Cryptographic Protocols : A Survey , 2004, IACR Cryptol. ePrint Arch..

[17]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[18]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[19]  Gerardo Pelosi,et al.  Parallel Hardware Architectures for the Cryptographic Tate Pairing , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[20]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2004, Journal of Cryptology.

[21]  Ian F. Blake,et al.  Advances in Elliptic Curve Cryptography: Preface , 2005 .

[22]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[23]  Maurice Keller,et al.  FPGA Implementation of a GF(2m) Tate Pairing Architecture , 2006, ARC.