Implementing Cryptographic Pairings on Smartcards

  • Michael Scott
  • Neil Costigan
  • Wesam Abdulwahab
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4249)


Pairings on elliptic curves are fast coming of age as cryptographic primitives for deployment in new security applications, particularly in the context of implementations of Identity-Based Encryption (IBE). In this paper we describe the implementation of various pairings on a contemporary 32-bit smart-card, the Philips HiPerSmartTM, an instantiation of the MIPS-32 based SmartMIPSTM architecture. Three types of pairing are considered, first the standard Tate pairing on a nonsupersingular curve \(E(\mathbb{F}_p)\), second the Ate pairing, also on a nonsupersingular curve \(E(\mathbb{F}_p)\), and finally the η T pairing on a supersingular curve \(E(\mathbb{F}_{2^m})\). We demonstrate that pairings can be calculated as efficiently as classic cryptographic primitives on this architecture, with a calculation time of as little as 0.15 seconds.


Elliptic curves pairing-based cryptosystems fast implementations 


  1. 1.
  2. 2.
    Barreto, P.S.L.M.: The pairing-based crypto lounge,
  3. 3.
    Barreto, P.S.L.M., Galbraith, S., O’hEigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varietie. Cryptology ePrint Archive, Report 2004/375 (2004),
  4. 4.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. Cryptology ePrint Archive, Report 2005/133 (2005),
  8. 8.
    Bertoni, G.M., Chen, L., Fragneto, P., Harrison, K.A., Pelosi, G.: Computing tate pairing on smartcards (2005),
  9. 9.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography, vol. 2. Cambridge University Press, Cambridge (2005)MATHGoogle Scholar
  10. 10.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM Journal of Computing 32(3), 586–615 (2003)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Chen, L., Cheng, Z.: Security proof of Sakai-Kasahara’s identity-based encryption scheme (2005),
  13. 13.
    Chevallier-Mames, B., Coron, J.-S., McCullagh, N., Naccache, D., Scott, M.: Secure delegation of elliptic-curve pairing (2005),
  14. 14.
    Coppersmith, D.: Fast evaluation of logarithms in fields of characteristics two. IEEE Transactions on Information Theory 30, 587–594 (1984)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Duursma, I., Lee, H.-S.: Tate pairing implementation for hyperelliptic curves y 2 = x p − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Frey, G., Müller, M., Rück, H.: The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Transactions on Information Theory 45(5), 1717–1719 (1999)MATHCrossRefGoogle Scholar
  17. 17.
    Gemplus. ID based Cryptography and Smartcards (2005),
  18. 18.
    Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three. Cryptology ePrint Archive, Report2004/157 (2004),
  19. 19.
    Großschädl, J., Savas, E.: Instruction set extensions for fast arithmetic in finite fields GF(p) and GF(2\(^{\mbox{m}}\)). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 133–147. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Hennessy, J., Patterson, D.: Computer Architecture - a Qualitative Approach, 3rd edn. Morgan Kaufmann, San Francisco (2003)Google Scholar
  21. 21.
    Hess, F., Smart, N., Vercauteren, F.: The eta pairing revisited. Cryptology ePrint Archive, Report2006/110 (2006),
  22. 22.
    IEEE Standard Specifications for Public-Key Cryptography – IEEE Std 1363:2000. IEEE Computer Society, New York (2000)Google Scholar
  23. 23.
    Joux, A.: A one-round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Lenstra, A.K.: Unbelievable security. Matching AES security using public key systems. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 67–86. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Lercier, R.: Discrete logarithms in GF(p). Posting to NMBRTHRY List (2001)Google Scholar
  26. 26.
    McCullagh, N., Barreto, P.S.L.M.: Efficient and forward-secure identity-based signcryption. Cryptology ePrint Archive, Report2004/117 (2004),
  27. 27.
    Menezes, A.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)MATHGoogle Scholar
  28. 28.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1996), URL: CrossRefGoogle Scholar
  29. 29.
    Miller, V.: Short programs for functions on curves (unpublished, manuscript) (1986),
  30. 30.
    Nogami, Y., Morikawa, Y.: A fast implementation of elliptic curve cryptosystem with prime order defined over \(f_{p^8}\) (1998),
  31. 31.
    Page, D., Smart, N.P., Vercauteren, F.: A comparison of MNT curves and supersingular curves. Cryptology ePrint Archive (2004),
  32. 32.
    Sakai, R., Kasahara, M.: ID based cryptosystems with pairing on elliptic curve. Cryptography ePrint Archive, Report 2003/054 (2003),
  33. 33.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan (2000)Google Scholar
  34. 34.
    Scott, M.: Computing the Tate pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  35. 35.
  36. 36.
    Scott, M., Barreto, P.: Compressed pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004), Also available from: Google Scholar
  37. 37.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  38. 38.
    Thomé, E.: Computation of discrete logarithms in \(\mathbb{F}_{2^{607}}\). In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 107–124. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Michael Scott
    • 1
  • Neil Costigan
    • 1
  • Wesam Abdulwahab
    • 1
  1. 1.School of Computer ApplicationsDublin City UniversityBallymun, Dublin 9Ireland

Personalised recommendations