Hardware Acceleration of the Tate Pairing in Characteristic Three

  • P. Grabher
  • D. Page
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)


Although identity based cryptography offers many functional advantages over conventional public key alternatives, the computational costs are significantly greater. The core computational task is evaluation of a bilinear map, or pairing, over elliptic curves. In this paper we prototype and evaluate polynomial and normal basis field arithmetic on an FPGA device and use it to construct a hardware accelerator for pairings over fields of characteristic three. The performance of our prototype improves roughly ten-fold on previous known hardware implementations and orders of magnitude on the fastest known software implementation. As a result we reason that even on constrained devices one can usefully evaluate the pairing, a fact that gives credence to the idea that identity based cryptography is an ideal partner for identity aware smart-cards.


Identity Based Encryption Pairing Elliptic Curve FPGA 


  1. 1.
    Barreto, P.S.L.M.: A Note On Efficient Computation Of Cube Roots In Characteristic 3. In: Cryptology ePrint Archive, Report 2004/305 (2004)Google Scholar
  2. 2.
    Barreto, P.S.L.M., Galbraith, S., O’hEigeartaigh, C., Scott, M.: Efficient Pairing Computation on Supersingular Abelian Varieties. In: Cryptology ePrint Archive, Report 2004/375 (2004)Google Scholar
  3. 3.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing Elliptic Curves with Prescribed Embedding Degree. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Kim, H., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Cryptology ePrint Archive, Report 2005/133 (2005)Google Scholar
  6. 6.
    Bertoni, G., Guajardo, J., Kumar, S., Orlando, G., Paar, C., Wollinger, T.: Efficient GF(p m) Arithmetic Architectures for Cryptographic Applications. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 158–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2004)Google Scholar
  8. 8.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. SIAM Journal on Computing 32(3), 586–615 (2003)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Clark, W., Liang, J.: On Arithmetic Weight for a General Radix Representation of Integers. IEEE Transactions on Information Theory 19, 823–826 (1973)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Duursma, I., Lee, H.: Tate Pairing Implementation for Hyperelliptic Curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Dutta, R., Barua, R., Sarkar, P.: Pairing-Based Cryptographic Protocols: A Survey. In: Cryptology ePrint Archive, Report 2004/064 (2004)Google Scholar
  12. 12.
    Galbraith, S.: Supersingular Curves in Cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Granger, R., Page, D., Stam, M.: Hardware and Software Normal Basis Arithmetic for Pairing Based Cryptography in Characteristic Three. In: Cryptology ePrint Archive, Report 2004/157 (2004)Google Scholar
  14. 14.
    Granger, R., Page, D., Stam, M.: On Small Characteristic Algebraic Tori in Pairing-Based Cryptography. In: Cryptology ePrint Archive, Report 2004/132 (2004)Google Scholar
  15. 15.
    Harrison, K., Page, D., Smart, N.P.: Software Implementation of Finite Fields of Characteristic Three, for use in Pairing Based Cryptosystems. LMS Journal of Computation and Mathematics 5(1), 181–193 (2002)MATHMathSciNetGoogle Scholar
  16. 16.
    Itoh, T., Tsujii, S.: A Fast Algorithm for Computing Multiplicative Inverses in GF(2n) Using Normal Bases. Information and Computation 78, 171–177 (1988)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Kerins, T., Popovici, E., Marnane, W.P.: Algorithms and Architectures for Use in FPGA Implementations of Identity Based Encryption Schemes. In: Becker, J., Platzner, M., Vernalde, S. (eds.) FPL 2004. LNCS, vol. 3203, pp. 74–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Kwon, S.: Efficient Tate Pairing Computation for Supersingular Elliptic Curves over Binary Fields. In: Cryptology ePrint Archive, Report 2004/303 (2004)Google Scholar
  19. 19.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)Google Scholar
  20. 20.
    Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. IEEE Transactions on Information Theory 39, 1639–1646 (1993)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Nöcker, M.: Data Structures for Parallel Exponentiation in Finite Fields. PhD Thesis, Universität Paderborn (2001)Google Scholar
  22. 22.
    Page, D., Smart, N.P.: Hardware Implementation of Finite Fields of Characteristic Three. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 529–539. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairings. In: Symposium on Cryptography and Information Security (SCIS) (2000)Google Scholar
  24. 24.
    Silverman, J.: The Arithmetic of Elliptic Curves. Springer, Heidelberg (1986)MATHGoogle Scholar
  25. 25.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  26. 26.
    Takagi, T., Yen, S.-M., Wu, B.-C.: Radix-r Non-Adjacent Form. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 99–110. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  27. 27.
    Voltage Security, Press Release. Gemplus Develops the World’s First Identity-Based Encryption for Smart Cards, Available from,

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • P. Grabher
    • 1
  • D. Page
    • 2
  1. 1.Institute for Applied, Information Processing and CommunicationsGraz University of TechnologyGrazAustria
  2. 2.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations