Hardware Accelerator for the Tate Pairing in Characteristic Three Based on Karatsuba-Ofman Multipliers

This paper is devoted to the design of fast parallel accelerators for the cryptographic Tate pairing in characteristic three over supersingular elliptic curves. We propose here a novel hardware implementation of Miller's loop based on a pipelined Karatsuba-Ofman multiplier. Thanks to a careful selection of algorithms for computing the tower field arithmetic associated to the Tate pairing, we manage to keep the pipeline busy. We also describe the strategies we considered to design our parallel multiplier. They are included in a VHDL code generator allowing for the exploration of a wide range of operators. Then, we outline the architecture of a coprocessor for the Tate pairing over $\mathbb{F}_{3^m}$. However, a final exponentiation is still needed to obtain a unique value, which is desirable in most of the cryptographic protocols. We supplement our pairing accelerator with a coprocessor responsible for this task. An improved exponentiation algorithm allows us to save hardware resources. According to our place-and-route results on Xilinx FPGAs, our design improves both the computation time and the area-time trade-off compared to previoulsy published coprocessors.

[1]  Elisa Gorla,et al.  Explicit Formulas for Efficient Multiplication in \mathbbF36m , 2007, Selected Areas in Cryptography.

[2]  Paulo S. L. M. Barreto A note on efficient computation of cube roots in characteristic 3 , 2004, IACR Cryptol. ePrint Arch..

[3]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[4]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[5]  Alessandro Barenghi,et al.  A FPGA Coprocessor for the Cryptographic Tate Pairing over Fp , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[6]  Paulo S. L. M. Barreto,et al.  Efficient Hardware for the Tate Pairing Calculation in Characteristic Three , 2005, CHES.

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Maurice Keller,et al.  FPGA Implementation of a GF(2m) Tate Pairing Architecture , 2006, ARC.

[9]  Francisco Rodríguez-Henríquez,et al.  A Comparison between Hardware Accelerators for the Modified Tate Pairing over F2m and F3m , 2008, Pairing.

[10]  Nicolas Brisebarre,et al.  Algorithms and Arithmetic Operators for Computing the ηT Pairing in Characteristic Three , 2008, IEEE Transactions on Computers.

[11]  Elisa Gorla,et al.  Explicit formulas for efficient multiplication in F_{3^{6m}} , 2007, ArXiv.

[12]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Gerd Ascheid,et al.  Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves , 2009, CHES.

[14]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[15]  Chunming Rong,et al.  Identity-Based Cryptography , 2009, Cryptology and Information Security Series.

[16]  Kris Gaj,et al.  FPGA accelerated tate pairing based cryptosystems over binary fields , 2006, 2006 IEEE International Conference on Field Programmable Technology.

[17]  Tsuyoshi Takagi,et al.  Faster Implementation of eta-T Pairing over GF(3m) Using Minimum Number of Logical Instructions for GF(3)-Addition , 2008, Pairing.

[18]  Tim Kerins,et al.  Hardware acceleration of the Tate pairing on a genus 2 hyperelliptic curve , 2007, J. Syst. Archit..

[19]  Keshab K. Parhi,et al.  Low-Energy Digit-Serial/Parallel Finite Field Multipliers , 1998 .

[20]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[21]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[22]  Shigeo Mitsunari A Fast Implementation of etaT Pairing in Characteristic Three on Intel Core 2 Duo Processor , 2009, IACR Cryptol. ePrint Arch..

[23]  Ming Gu,et al.  Overlap-free Karatsuba-Ofman Polynomial Multiplication Algorithm , 2007 .

[24]  Tim Kerins,et al.  A flexible processor for the characteristic 3 ηT pairing , 2007, Int. J. High Perform. Syst. Archit..

[25]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[26]  Jian Huang,et al.  FPGA implementations of elliptic curve cryptography and Tate pairing over a binary field , 2008, J. Syst. Archit..

[27]  Masaaki Shirase,et al.  FPGA and ASIC implementations of the etaT pairing in characteristic three , 2010, Comput. Electr. Eng..

[28]  William P. Marnane,et al.  Identity- Based Cryptography , 2008 .

[29]  Nicolas Brisebarre,et al.  A Coprocessor for the Final Exponentiation of the eta T Pairing in Characteristic Three , 2007, WAIFI.

[30]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[31]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[32]  Lawrence C. Washington Review of "Handbook of Elliptic and Hyperelliptic Curve Cryptography by H. Cohen and G. Frey", Chapman & Hall/CRC, 2006, 1-58488-518-1 , 2008, SIGA.

[33]  Ming Gu,et al.  Overlap-free Karatsuba-Ofman polynomial multiplication algorithms , 2010 .

[34]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[35]  Maurice Keller,et al.  Hardware architectures for the Tate pairing over GF(2m) , 2007, Comput. Electr. Eng..

[36]  Nigel P. Smart,et al.  High Security Pairing-Based Cryptography Revisited , 2006, ANTS.

[37]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[38]  Guillaume Hanrot,et al.  A long note on Mulders' short product , 2004, J. Symb. Comput..

[39]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[40]  Erkay Savas,et al.  An Efficient Hardware Implementation of the Tate Pairing in Characteristic Three , 2008, Third International Conference on Systems (icons 2008).

[41]  Gerardo Pelosi,et al.  Parallel Hardware Architectures for the Cryptographic Tate Pairing , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[42]  Dan Page,et al.  Hardware Acceleration of the Tate Pairing in Characteristic Three , 2005, CHES.

[43]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[44]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[45]  Tim Kerins,et al.  FPGA acceleration of the tate pairing in characteristic 2 , 2006, 2006 IEEE International Conference on Field Programmable Technology.

[46]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[47]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[48]  M. Mambo,et al.  FPGA and ASIC implementations of the pairing in characteristic three , 2009 .

[49]  Florian Hess,et al.  Pairing Lattices , 2008, Pairing.