Faster \(\mathbb{F}_p\)-Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves

  • Junfeng Fan
  • Frederik Vercauteren
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)

Abstract

This paper describes a new method to speed up \(\mathbb{F}_p\)-arithmetic for Barreto-Naehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that \(\mathbb{F}_p\) multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudo-Mersenne number. With this algorithm, the performance of pairings on BN curves can be significantly improved, resulting in a factor 5.4 speed-up compared with the state-of-the-art hardware implementations. Using this algorithm, we implemented a pairing processor in hardware, which runs at 204 MHz and finishes one ate and R-ate pairing computation over a 256-bit BN curve in 4.22 ms and 2.91 ms, respectively.

Keywords

Pairings BN curves Modular reduction 

References

  1. 1.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Barrett, P.: Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 311–323. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  3. 3.
    Beuchat, J., Detrey, J., Estibals, N., Okamoto, E., Rodríguez-Henríquez, F.: Hardware Accelerator for the Tate Pairing in Characteristic Three Based on Karatsuba-Ofman Multipliers. Cryptology ePrint Archive, Report 2009/122 (2009), http://eprint.iacr.org/
  4. 4.
    Chung, J., Hasan, M.A.: Low-Weight Polynomial Form Integers for Efficient Modular Multiplication. IEEE Trans. Comput. 56(1), 44–57 (2007)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Chung, J., Hasan, M.A.: Montgomery Reduction Algorithm for Modular Multiplication Using Low-Weight Polynomial Form Integers. In: ARITH 2007: Proceedings of the 18th IEEE Symposium on Computer Arithmetic, Washington, DC, USA, 2007, pp. 230–239. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  6. 6.
    Dahab, R., Devegili, A., Ó’hÉigeartaigh, C., Scott, M.: Multiplication and Squaring on Pairing-Friendly Fields. Cryptology ePrint Archive, Report 2006/ /471, http://eprint.iacr.org
  7. 7.
    Devegili, A.J., Scott, M., Dahab, R.: Implementing Cryptographic Pairings over Barreto-Naehrig Curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Dhem, J.-F.: Design of an efficient public-key cryptographic library for RISC-based smart cards. PhD thesis, Universite catholique de Louvain, Louvain-la-Neuve, Belgium (1998)Google Scholar
  9. 9.
    Grabher, P., Großschädl, J., Page, D.: On Software Parallel Implementation of Cryptographic Pairings. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 35–50. Springer, Heidelberg (2008)Google Scholar
  10. 10.
    Hankerson, D., Menezes, A., Scott, M.: Software implementation of Pairings. In: Joye, M., Neven, G. (eds.) Identity-Based Cryptography (2008)Google Scholar
  11. 11.
    Hess, F., Smart, N.P., Vercauteren, F.: The Eta Pairing Revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Kammler, D., Zhang, D., Schwabe, P., Scharwaechter, H., Langenberg, M., Auras, D., Ascheid, G., Leupers, R., Mathar, R., Meyr, H.: Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves. Cryptology ePrint Archive, Report 2009/056 (2009), http://eprint.iacr.org/
  13. 13.
    Lee, E., Lee, H.-S., Park, C.-M.: Efficient and Generalized Pairing Computation on Abelian Varieties. Cryptology ePrint Archive, Report 2009/040, http://eprint.iacr.org/
  14. 14.
    Miller, V.S.: Short Programs for Functions on Curves (unpublished manuscript) (1986), http://crypto.stanford.edu/miller/miller.pdf
  15. 15.
    Miller, V.S.: The Weil Pairing, and Its Efficient Calculation. Journal of Cryptology 17(4), 235–261 (2004)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Montgomery, P.: Modular Multiplication without Trial Division. Mathematics of Computation 44(170), 519–521 (1985)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Shu, C., Kwon, S., Gaj, K.: FPGA Accelerated Tate Pairing Based Cryptosystems over Binary Fields. In: Proceedings of IEEE International Conference on Field Programmable Technology (FPT), pp. 173–180 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Junfeng Fan
    • 1
  • Frederik Vercauteren
    • 1
  • Ingrid Verbauwhede
    • 1
  1. 1.ESAT/SCD-COSICKatholieke Universiteit Leuven and IBBTLeuven-HeverleeBelgium

Personalised recommendations