Towards Faster and Greener Cryptoprocessor for Eta Pairing on Supersingular Elliptic Curve over \(\mathbb{F}_{2^{1223}}\)

  • Jithra Adikari
  • M. Anwar Hasan
  • Christophe Negre
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7707)


At the CHES workshop last year, Ghosh et al. presented an FPGA based cryptoprocessor, which for the first time ever makes it possible to compute an eta pairing at the 128-bit security level in less than one milli-second. The high performance of their cryptoprocessor comes largely from the use of the Karatsuba method for field multiplication. In this article, for the same type of pairing we propose hybrid sequential/parallel multipliers based on the Toeplitz matrix-vector products and present some optimizations for the final exponentiation, resulting in high performance cryptoprocessors. On the same kind of FPGA devices, our cryptoprocessor performs pairing faster than that of [12] while requiring less hardware resources. We also present ASIC implementations and report that the three-way split multiplier based cryptoprocessor consumes less energy than the two-way.


Clock Cycle Implementation Result Residue Number System FPGA Device Supersingular Elliptic Curf 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aranha, D.F., Beuchat, J.-L., Detrey, J., Estibals, N.: Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 98–115. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Beuchat, J.-L., Detrey, J., Estibals, N., Okamoto, E., Rodríguez-Henríquez, F.: Fast Architectures for the η T Pairing over Small-Characteristic Supersingular Elliptic Curves. IEEE Transactions on Computers 60(2), 266–281 (2011)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Franklin, M.K.: Identity-Based Encryption from the Weil Pairing. SIAM Journal on Computing 32(3), 586–615 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. Journal of Cryptology 17(4), 297–319 (2004)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Canright, D.: A very compact Rijndael S-box. Technical Report NPS-MA-04-001, Naval Postgraduate School (2004)Google Scholar
  6. 6.
    Cheung, R.C.C., Duquesne, S., Fan, J., Guillermin, N., Verbauwhede, I., Yao, G.X.: FPGA Implementation of Pairings Using Residue Number System and Lazy Reduction. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 421–441. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Estibals, N.: Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 397–416. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Fan, H., Hasan, M.A.: A New Approach to Sub-quadratic Space Complexity Parallel Multipliers for Extended Binary Fields. IEEE Transactions on Computers 56(2), 224–233 (2007)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Fan, H., Sun, J., Gu, M., Lam, K.-Y.: Overlap-free Karatsuba-Ofman polynomial multiplication algorithms. Information Security, IET 4, 8–14 (2010)CrossRefGoogle Scholar
  10. 10.
    Fan, J., Vercauteren, F., Verbauwhede, I.: Faster \(\mathbb{F}_p\)-Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 240–253. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Fan, J., Vercauteren, F., Verbauwhede, I.: Efficient Hardware Implementation of \(\mathbb{F}_p\)-Arithmetic for Pairing-Friendly Curves. IEEE Transactions on Computers 61(5), 676–685 (2012)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Ghosh, S., Roychowdhury, D., Das, A.: High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 442–458. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Ghosh, S., Mukhopadhyay, D., Roychowdhury, D.: High Speed Flexible Pairing Cryptoprocessor on FPGA Platform. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 450–466. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Itoh, T., Tsujii, S.: A Fast Algorithm for Computing Multiplicative Inverses in GF(2m) Using Normal Bases. Inf. Comput. 78(3), 171–177 (1988)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Kammler, D., Zhang, D., Schwabe, P., Scharwaechter, H., Langenberg, M., Auras, D., Ascheid, G., Mathar, R.: Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 254–271. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Mastrovito, E.D.: VLSI Architectures for Computation in Galois Fields. PhD thesis, Linkoping University, Department of Electrical Engineering, Linkoping, Sweden (1991)Google Scholar
  17. 17.
    Barreto, P.S.L.M., Galbraith, S.D., O’Eigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular Abelian varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Sunar, B.: A Generalized Method for Constructing Subquadratic Complexity GF(2k) Multipliers. IEEE Transactions on Computers 53, 1097–1105 (2004)zbMATHCrossRefGoogle Scholar
  19. 19.
    Winograd, S.: Arithmetic Complexity of Computations. Society For Industrial & Applied Mathematics, U.S. (1980)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jithra Adikari
    • 1
  • M. Anwar Hasan
    • 2
  • Christophe Negre
    • 3
    • 4
    • 5
  1. 1.Elliptic Technologies Inc.OttawaCanada
  2. 2.Department of Electrical and Computer EngineeringUniversity of WaterlooCanada
  3. 3.Team DALIUniversité de PerpignanFrance
  4. 4.LIRMM, UMR 5506Université Montpellier 2France
  5. 5.LIRMM, UMR 5506CNRSFrance

Personalised recommendations