Efficient Hardware for the Tate Pairing Calculation in Characteristic Three

  • T. Kerins
  • W. P. Marnane
  • E. M. Popovici
  • P. S. L. M. Barreto
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)


In this paper the benefits of implementation of the Tate pairing computation on dedicated hardware are discussed. The main observation lies in the fact that arithmetic architectures in the extension field GF(36m ) are good candidates for parallelization, leading to a similar calculation time in hardware as for operations over the base field GF(3 m ). Using this approach, an architecture for the hardware implementation of the Tate pairing calculation based on a modified Duursma-Lee algorithm is proposed.


Tate pairing hardware accelerator characteristic three tower fields 


  1. 1.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient implementation of pairing based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Barreto, P.S.L.M.: The well-tempered pairing. In: 8th Workshop on Elliptic Curve Cryptography - ECC 2004, Bochum, Germany (2004) (Invited talk)Google Scholar
  3. 3.
    Barreto, P.S.L.M., Galbraith, S., hEigeartaigh, C.O., Scott, M.: Efficient Pairing Computation on Supersingular Abelian Varieties. Cryptology ePrint Archive, Report 375/2004 (2004), http://eprint.iacr.org/2004/375
  4. 4.
    Barreto, P.S.L.M.: A note on efficient computation of cube roots in characteristic 3. Cryptology ePrint Archive, Report 035/2004 (2004), http://eprint.iacr.org/2004/305
  5. 5.
    Bertoni, G., Guajardo, J., Kumar, S., Orlando, G., Paar, C., Wollinger, T.: Efficient GF(p m) Arithmetic Architectures for Cryptographic Applications. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 158–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. London Mathemtatical Lecture Note Series, vol. 265. Cambridge University Press, Cambridge (1999)MATHGoogle Scholar
  7. 7.
    DeWin, E., Bosselaers, A., Vandenberghe, S., De Gersem, P., Vandewalle, J.: A fast software implementation for arithemtic operations in GF(2n). In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 65–76. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  8. 8.
    Dutta, R., Barua, R., Sarkar, P.: Pairing-based cryptography: A survey. Cryptology ePrint Archive, Report 2004/064 (2004), http://eprint.iacr.org/2004/64
  9. 9.
    Duursma, I., Lee, H.-S.: Tate pairing implementation for hyperelliptic curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Frey, G., Rück, H.: A remark considering m-divisibility in the divisor class group of curves. Mathematics of Computation 62, 865–874 (1994)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Granger, R., Page, D., Stam, M.: On Small Characteristic Algebraic Tori in Pairing-Based Cryptography. Cryptology ePrint Archive, Report 2004/132 (2004), http://eprint.iacr.org/2004/132
  13. 13.
    Granger, R., Page, D., Stam, M.: Hardware and Software Normal Basis Arithemtic for Paring Based Cryptography in Characteristic Three. Cryptology ePrint Archive, Report 157/2004 (2004), http://eprint.iacr.org/2004/157
  14. 14.
    Guajardo, J., Paar, C.: Efficient Algorithms for Elliptic Curve Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 342–355. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Karatsuba, A., Ofman, Y.: Multiplication of Multidigit numbers on Automata. Sov. Phys. Dokl (english translation) 7(7), 595–596 (1963)Google Scholar
  16. 16.
    Kerins, T., Popovici, E.M., Marnane, W.P.: Algorithms and Architectures for use in FPGA implementations of Identity Based Encryption Schemes. In: Becker, J., Platzner, M., Vernalde, S. (eds.) FPL 2004. LNCS, vol. 3203, pp. 74–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Kerins, T., Popovici, E.M., Marnane, W.P.: An FPGA Implementation of a Flexible Secure Elliptic Curve Crpytography Processor. In: Applied Reconfigurable Computing - ARC 2005, pp. 22–30. IADIS press (2005)Google Scholar
  18. 18.
    Kerins, T., Marnane, W.P., Popovici, E.M.: Hardware Architectures for Arithemtic in GF(pm) for use in Public Key Cryptography (2004) (preprint)Google Scholar
  19. 19.
    Kerins, T., Marnane, W.P., Popovici, E.M., Barreto, P.S.L.M.: A Hardware Accelerator for Pairing Based Cryptosystems (2005) (preprint)Google Scholar
  20. 20.
    Kwon, S.: Efficient Tate pairing computation for supersingular elliptic curves over binary fields. Cryptology ePrint Archive, Report 2004/303 (2004), http://eprint.iacr.org/2004/303
  21. 21.
    Miller, V.S.: Short Programs for functions on curves (1986) (unpublished manuscript), http://crypto.stanford.edu/miller/miller.pdf
  22. 22.
    Paar, C., Soria-Rodriguez, P.: Fast Arithemtic Architecturs for Public Key Algorithms over Galois Fields GF((2n)m). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 363–378. Springer, Heidelberg (1997)Google Scholar
  23. 23.
    Page, D., Smart, N.P.: Hardware implementation of Finite Fields of Characteristic Three. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 529–539. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Schneier, B.: Appplied Cryptography, 2nd edn. John Wiley & Sons, Chichester (1996)Google Scholar
  25. 25.
    Scott, M., Barreto, P.S.L.M.: Compressed Pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004); Updated version: Cryptology ePrint Archive, Report 2004/032, http://eprint.iacr.org/2004/303
  26. 26.
    Silverman, J.H.: The Arithemtic of Elliptic Curves. Graduate Studies in Mathematics, vol. 106. Springer, Berlin (1986)Google Scholar
  27. 27.
    Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Xilinx Inc. Virtex-2 Platform FPGAs: Complete Data Sheet. Ds031 (2004), http://www.xilinx.com/bvdocs/publications/ds031.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • T. Kerins
    • 1
  • W. P. Marnane
    • 1
  • E. M. Popovici
    • 2
  • P. S. L. M. Barreto
    • 3
  1. 1.Dept. of Electrical and Electronic EngineeringUniversity College CorkCork CityIreland
  2. 2.Dept. of Microelectronic EngineeringUniversity College CorkCork CityIreland
  3. 3.Dept. Computing and Digital Systems Engineering, Escola PolitécnicaUniversidade de São PauloSão PauloBrazil

Personalised recommendations