Abstract
This paper presents a design-space exploration of an application-specific instruction-set processor (ASIP) for the computation of various cryptographic pairings over Barreto-Naehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields—in the case of BN curves a field \(\mathbb{F}_p\) of large prime order p. Efficient arithmetic in these fields is crucial for fast computation of pairings. Moreover, computation of cryptographic pairings is much more complex than elliptic-curve cryptography (ECC) in general. Therefore, we facilitate programming of the proposed ASIP by providing a C compiler.
In order to speed up \(\mathbb{F}_p\) arithmetic, a RISC core is extended with additional scalable functional units. Because the resulting speedup can be limited by the memory throughput, utilization of multiple data-memory banks is proposed.
The presented design needs 15.8 ms for the computation of the Optimal-Ate pairing over a 256-bit BN curve at 338 MHz implemented with a 130 nm standard cell library. The processor core consumes 97 kGates making it suitable for the use in embedded systems.
This work has been supported by the UMIC Research Centre, RWTH Aachen University. The third author was supported by the European Commission through the ICT Programme under Contract ICT–2007–216499 CACE and through the ICT Programme under Contract ICT-2007-216646 ECRYPT II. Permanent ID of this document: 7e38974d56cc76a7f572f328ee4a3761. Date: 2009/06/15.
Chapter PDF
Similar content being viewed by others
Keywords
References
Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Information Theory 39(5), 1639–1646 (1993)
Frey, G., Rück, H.G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. of Computation 62(206), 865–874 (1994)
Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)
Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17(4), 297–319 (2004)
Boneh, D.: A brief look at pairings based cryptography. In: Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science – FOCS 2007, pp. 19–26 (2007)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management – part 1: General (revised). National Institute of Standards and Technology, NIST Special Publication 800-57 (2007) http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Näslund, M.: Ecrypt yearly report on algorithms and keysizes (2007-2008) (2008), http://www.ecrypt.eu.org/ecrypt1/documents/D.SPA.28-1.1.pdf
Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)
Grabher, P., Großschädl, J., Page, D.: On software parallel implementation of cryptographic pairings. Cryptology ePrint Archive, Report 2008/205 (2008), http://eprint.iacr.org/2008/205
Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On compressible pairings and their computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008)
Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. Cryptology ePrint Archive, Report 2007/309 (2007), http://eprint.iacr.org/2007/390
Beuchat, J.-L., Brisebarre, N., Detrey, J., Okamoto, E., Rodríguez-Henríquez, F.: A comparison between hardware accelerators for the modified Tate pairing over \(\mathbb{F}_{2^m}\) and \(\mathbb{F}_{3^m}\). In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 297–315. Springer, Heidelberg (2008)
Beuchat, J.-L., Brisebarre, N., Detrey, J., Okamoto, E., Shirase, M., Takagi, T.: Algorithms and arithmetic operators for computing the η t pairing in characteristic three. IEEE Trans. Comput. 57(11), 1454–1468 (2008)
Beuchat, J.-L., Shirase, M., Takagi, T., Okamoto, E.: An algorithm for the η t pairing calculation in characteristic three and its hardware implementation. In: Proc. 18th IEEE Symp. Computer Arithmetic – ARITH 2007, pp. 97–104 (2007)
Beuchat, J.-L., Doi, H., Fujita, K., Inomata, A., Kanaoka, A., Katouno, M., Mambo, M., Okamoto, E., Okamoto, T., Shiga, T., Shirase, M., Soga, R., Takagi, T., Vithanage, A., Yamamoto, H.: FPGA and ASIC implementations of the η t pairing in characteristic three. Cryptology ePrint Archive, Report 2008/280 (2008), http://eprint.iacr.org/2008/280
Shu, C., Kwon, S., Gaj, K.: FPGA accelerated Tate pairing based cryptosystems over binary fields. In: Proc. IEEE Int’l Conf. Field Programmable Technology – FPT 2006, pp. 173–180 (2006)
Keller, M., Ronan, R., Marnane, W., Murphy, C.: Hardware architectures for the Tate pairing over GF(2m). Computers & Electrical Eng. 33(5-6), 392–406 (2007)
Keller, M., Kerins, T., Crowe, F., Marnane, W.: FPGA implementation of a GF(2m) Tate pairing architecture. In: Bertels, K., Cardoso, J.M.P., Vassiliadis, S. (eds.) ARC 2006. LNCS, vol. 3985, pp. 358–369. Springer, Heidelberg (2006)
Ronan, R., Ó hÉigeartaigh, C., Murphy, C., Scott, M., Kerins, T.: FPGA acceleration of the Tate pairing in characteristic 2. In: Proc. IEEE Int’l Conf. Field Programmable Technology, pp. 213–220 (2006)
Grabher, P., Page, D.: Hardware acceleration of the Tate pairing in characteristic three. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 398–411. Springer, Heidelberg (2005)
Jiang, J.: Bilinear pairing (Eta_T pairing) IP core. Technical report (2007), http://www.cs.cityu.edu.hk/~ecc/doc/etat_datasheet_v2.pdf
Kerins, T., Marnane, W.P., Popovici, E.M., Barreto, P.S.L.M.: Efficient hardware for the Tate pairing calculation in characteristic three. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 412–426. Springer, Heidelberg (2005)
Ronan, R., Murphy, C., Kerins, T., Ó hÉigeartaigh, C., Barreto, P.S.L.M.: A flexible processor for the characteristic 3 η t pairing. Int’l J. High Performance Systems Architecture 1(2), 79–88 (2007)
Kömürcü, G., Savas, E.: An efficient hardware implementation of the Tate pairing in characteristic three. In: Proc. Third Int’l Conf. Systems – ICONS 2008, pp. 23–28 (2008)
Barenghi, A., Bertoni, G., Breveglieri, L., Pelosi, G.: A FPGA coprocessor for the cryptographic Tate pairing over \(\mathbb{F}_p\). In: Proc. Fifth Int’l Conf. Information Technology: New Generations – ITNG 2008, pp. 112–119 (2008)
Vejda, T., Page, D., Großschädl, J.: Instruction set extensions for pairing-based cryptography. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 208–224. Springer, Heidelberg (2007)
Satoh, A., Takano, K.: A scalable dual-field elliptic curve cryptographic processor. IEEE Trans. Computers 52(4), 449–460 (2003)
Chen, G., Bai, G., Chen, H.: A high-performance elliptic curve cryptographic processor for general curves over GF(p) based on a systolic arithmetic unit. IEEE Trans. Circuits and Systems II: Express Briefs 54(5), 412–416 (2007)
Güneysu, T., Paar, C.: Ultra high performance ECC over NIST primes on commercial FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 62–78. Springer, Heidelberg (2008)
Galbraith, S.: Pairings. In: Blake, I.F., Seroussi, G., Smart, N.P. (eds.) Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series, Cambridge University Press, Cambridge (2005)
Miller, V.S.: The Weil pairing, and its efficient calculation. J. Cryptology 17, 235–261 (2004)
Hess, F., Smart, N.P., Vercauteren, F.: The Eta pairing revisited. IEEE Trans. Information Theory 52(10), 4595–4602 (2006)
Lee, E., Lee, H.S., Park, C.M.: Efficient and generalized pairing computation on Abelian varieties. Cryptology ePrint Archive, Report 2008/040 (2008), http://eprint.iacr.org/2008/040
Vercauteren, F.: Optimal pairings. Cryptology ePrint Archive, Report 2008/096 (2008), http://eprint.iacr.org/2008/096
Hess, F.: Pairing lattices. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 18–38. Springer, Heidelberg (2008)
Barreto, P.S.L.M., Galbraith, S.D., Ó hÉigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular Abelian varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
CoWare: Processor Designer (2009), http://www.coware.com/products/processordesigner.php
National Institute of Standards and Technology, NIST: FIPS 186-2: Digital Signature Standard (DSS) (2000), http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)
Montgomery, P.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)
Nibouche, O., Bouridane, A., Nibouche, M.: Architectures for Montgomery’s multiplication. IEE Proc. – Computers and Digital Techniques 150(6), 361–368 (2003)
Synopsys: Design Compiler (2009), http://www.synopsys.com/products/logic/design_compiler.html
Shu, C., Kwon, S., Gaj, K.: FPGA accelerated Tate pairing based cryptosystems over binary fields. Cryptology ePrint Archive, Report 2006/179 (2006), http://eprint.iacr.org/2006/179
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kammler, D. et al. (2009). Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves. In: Clavier, C., Gaj, K. (eds) Cryptographic Hardware and Embedded Systems - CHES 2009. CHES 2009. Lecture Notes in Computer Science, vol 5747. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04138-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-04138-9_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04137-2
Online ISBN: 978-3-642-04138-9
eBook Packages: Computer ScienceComputer Science (R0)