Abstract
This paper introduces PandA, a software framework for Pairings and Arithmetic. It is designed to bring together advances in the efficient computation of cryptographic pairings and the development and implementation of pairing-based protocols. The intention behind the PandA framework is to give protocol designers and implementors easy access to a toolbox of all functions needed for implementing pairing-based cryptographic protocols, while making it possible to use state-of-the-art algorithms for pairing computation and group arithmetic. PandA offers an API in the C programming language and all arithmetic operations run in constant time to protect against timing attacks. The framework also makes it easy to consistently test and benchmark the lower level functions used in pairing-based protocols.
As an example of how easy it is to implement pairing-based protocols with PandA, we use Boneh-Lynn-Shacham (BLS) signatures. Our PandA-based implementation of BLS needs only 434640 cycles for signature generation and 5832584 cycles for signature verification on one core of an Intel i5-3210M CPU. This includes full protection against timing attacks and compression of public keys and signatures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \(\mbox{${\mathbb F}$}_{3^{6 \cdot 509}}\) for discrete logarithm cryptography (2013), http://eprint.iacr.org/2013/446/
Adj, G., Rodríguez-Henríquez, F.: Square root computation over even extension fields (2012), http://eprint.iacr.org/
Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. Journal of Cryptographic Engineering, 3(2):111–128 (2013), http://eprint.iacr.org/2011/617/
Aranha, D.F., Gouvêa, C.P.L.: RELIC is an Efficient LIbrary for Cryptography, http://code.google.com/p/relic-toolkit/ (accessed November 5, 2013).
Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster explicit formulas for computing pairings over ordinary curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011), http://eprint.iacr.org/2010/526/
Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic (2013), http://eprint.iacr.org/2013/400/
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002), http://eprint.iacr.org/2002/008
Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006), http://cryptosith.org/papers/#bn
Barrett, P.: Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 311–323. Springer, Heidelberg (1987)
Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable Proofs and Delegatable Anonymous Credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009), http://research.microsoft.com/pubs/122759/anoncred.pdf
Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards Curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008), http://cr.yp.to/papers.html#twisted
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-Speed High-Security Signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011) see also full version [13]
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. Journal of Cryptographic Engineering 2(2), 77–89 (2012), http://cryptojedi.org/papers/#ed25519 , see also short version [12]
Bernstein, D.J., Lange, T.: eBACS: ECRYPT benchmarking of cryptographic systems, http://bench.cr.yp.to (accessed August 15, 2013)
Bernstein, D.J., Lange, T.: Faster Addition and Doubling on Elliptic Curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007), http://cr.yp.to/papers.html#newelliptic
Bernstein, D.J., Lange, T., Schwabe, P.: The Security Impact of a New Cryptographic Library. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012), http://cryptojedi.org/papers/#coolnacl
Beuchat, J.-L., Díaz, J.E.G., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-speed software implementation of the optimal ate pairing over Barreto-Naehrig curves (2010), http://eprint.iacr.org/2010/354/
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001), http://www.iacr.org/archive/crypto2001/21390212.pdf
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004), http://crypto.stanford.edu/~dabo/pubs/papers/weilsigs.ps
Bos, J.W., Costello, C., Naehrig, M.: Exponentiating in pairing groups. In: Selected Areas in Cryptography – SAC 2013. LNCS (to appear, 2013), http://cryptosith.org/papers/#exppair
Bosma, W., Lenstra, H.W.: Complete systems of two addition laws for elliptic curves. Journal of Number Theory 53, 229–240 (1995), http://www.math.ru.nl/~bosma/pubs/JNT1995.pdf
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011), http://eprint.iacr.org/2011/232/
Certivox. MIRACL Cryptographic SDK, http://www.certivox.com/miracl
Chatterjee, S., Menezes, A.: On cryptographic protocols employing asymmetric pairings – the role of ψ revisited. Discrete Applied Mathematics 159, 1311–1322 (2011), http://eprint.iacr.org/2009/480/
de Rooij, P.: Efficient exponentiation using precomputation and vector addition chains. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 389–399. Springer, Heidelberg (1995)
Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: Breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, pp. 526–540. IEEE Computer Society (2013), www.isg.rhul.ac.uk/tls/TLStiming.pdf
Fouque, P.-A., Tibouchi, M.: Indifferentiable hashing to barreto–naehrig curves. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 1–17. Springer, Heidelberg (2012), www.di.ens.fr/~fouque/pub/latincrypt12.pdf
Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology 23(2), 224–280 (2010), http://eprint.iacr.org/2006/372/
Gentry, C., Silverberg, A.: Hierarchical ID-Based Cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002), http://www.cs.ucdavis.edu/~franklin/ecs228/pubs/extra_pubs/hibe.pdf
The GNU MP library, http://gmplib.org/ (accessed November 02, 2013)
Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. In: Selected Areas in Cryptography. LNCS. Springer (to appear, 2013), http://eprint.iacr.org/2013/306
Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography, p. 132 (2004), http://eprint.iacr.org/2004/132
Granger, R., Scott, M.: Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 209–223. Springer, Heidelberg (2010)
Groth, J.: Short Pairing-Based Non-interactive Zero-Knowledge Arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010), http://www.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf
Groth, J., Sahai, A.: Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput. 41(5), 1193–1232 (2012), http://www0.cs.ucl.ac.uk/staff/J.Groth/WImoduleFull.pdf
Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006), http://eprint.iacr.org/2006/110
Hışıl, H.: Elliptic Curves, Group Law, and Efficient Computation. PhD thesis, Queensland University of Technology (2010), http://eprints.qut.edu.au/33233/
Horwitz, J., Lynn, B.: Toward Hierarchical Identity-Based Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002), http://theory.stanford.edu/~horwitz/pubs/hibe.pdf
Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000), cgi.di.uoa.gr/~aggelos/crypto/page4/assets/joux-tripartite.pdf
Joux, A.: A one round protocol for tripartite Diffie-Hellman. Journal of Cryptology, 17(4):263–276 (2004)
Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in very small characteristic. In: SAC 2013. LNCS. Springer (invited paper) (to appear, 2013), http://eprint.iacr.org/2013/095/
Lynn, B.: PBC library – the pairing-based cryptography library, http://crypto.stanford.edu/pbc/ (accessed November 05, 2013).
Mitsunari, S.: A fast implementation of the optimal ate pairing over BN curve on Intel Haswell processor (2013), http://eprint.iacr.org/2013/362/
Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On Compressible Pairings and Their Computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008), http://eprint.iacr.org/2007/429/
Naehrig, M., Niederhagen, R., Schwabe, P.: New Software Speed Records for Cryptographic Pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010), http://cryptojedi.org/users/peter/#dclxvi
Ohgishi, K., Sakai, R., Kasahara, M.: Notes on ID-based key sharing systems over elliptic curve (in Japanese). Technical Report ISEC99-57, IEICE (1999)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006), http://eprint.iacr.org/2005/271/
Parno, B., Gentry, C., Howell, J., Raykova, M.: Pinocchio: Nearly practical verifiable computation. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE (2013), http://eprint.iacr.org/2013/279
Pereira, G.C.C.F., Simplício Jr., M.A., Naehrig, M., Barreto, P.S.L.M.: A family of implementation-friendly BN elliptic curves. Journal of Systems and Software 84(8), 1319–1326 (2011), http://cryptojedi.org/papers/#fast-bn
Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005), http://eprint.iacr.org/2004/086/
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pp. 135–148 (2000)
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing over elliptic curve (in Japanese). In: The 2001 Symposium on Cryptography and Information Security, Oiso, Japan, pp. 23–26 (2001)
Sánchez, A.H., Rodríguez-Henríquez, F.: NEON Implementation of an Attribute-Based Encryption Scheme. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 322–338. Springer, Heidelberg (2013), http://cacr.uwaterloo.ca/techreports/2013/cacr2013-07.pdf
Scott, M.: On the efficient implementation of pairing-based protocols. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 296–308. Springer, Heidelberg (2011), http://eprint.iacr.org/2011/334/
Scott, M., Barreto, P.S.L.M.: Compressed Pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004)
Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009), eprint.iacr.org/2008/490/
Shallue, A., van de Woestijne, C.E.: Construction of Rational Points on Elliptic Curves over Finite Fields. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510–524. Springer, Heidelberg (2006)
Stam, M., Lenstra, A.K.: Efficient subgroup exponentiation in quadratic and sixth degree extensions. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 318–332. Springer, Heidelberg (2003)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23(1), 37–71 (2010), http://people.csail.mit.edu/tromer/papers/cache-joc-official.pdf
Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1) (2010), http://www.cosic.esat.kuleuven.be/publications/article-1039.pdf
Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack (2013), http://eprint.iacr.org/2013/448/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Chuengsatiansup, C., Naehrig, M., Ribarski, P., Schwabe, P. (2014). PandA: Pairings and Arithmetic. In: Cao, Z., Zhang, F. (eds) Pairing-Based Cryptography – Pairing 2013. Pairing 2013. Lecture Notes in Computer Science, vol 8365. Springer, Cham. https://doi.org/10.1007/978-3-319-04873-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-04873-4_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04872-7
Online ISBN: 978-3-319-04873-4
eBook Packages: Computer ScienceComputer Science (R0)