Abstract
Pairings are cornerstones to several interesting cryptographic protocols including Non-interactive ARgument of Knowledge currently used in Zcash cryptocurrency. The Kim and Barbulescu Number Field Sieve attack has weakened pairing-friendly curves. Most impacted are the famous BN curves which now require an increase of the parameters to provide equivalent security. Recent cost estimations of pairings have recommended switching to other curves, but their selections are no longer clearly straightforward. This paper aims at providing the first hardware-based pairing implementations on the best curve candidates at both 128-bit and 192-bit security levels. The proposed architecture intends to fit both lightweight FPGA and ASIC purposes and the design is prototyped on a Kintex-7 FPGA device. It computes a pairing within 42.7 ms for 128-bit of security and 184.2 ms for 192-bit.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
At the time of submitting this article, the proposed formula was new in the literature. However, we later realized that it also appears in the RELIC project [1].
References
Aranha, D.F., Gouvêa, C.P.L., Markmann, T., Wahby, R.S., Liao, K.: RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic
Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster explicit formulas for computing pairings over ordinary curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_5
Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. (2018). https://hal.archives-ouvertes.fr/hal-01534101
Barbulescu, R., El Mrabet, N., Ghammam, L.: A taxonomy of pairings, their security, their complexity. IACR Cryptol. ePrint Arch. 2019, 485 (2019)
Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_19
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_22
Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: USENIX Security Symposium, pp. 781–796. USENIX Association (2014)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997). https://doi.org/10.1006/jsco.1996.0125
Cocks, C., Pinch, R.: Identity-based cryptosystems based on the Weil pairing. In: manuscript (2001)
Costello, C., Lange, T., Naehrig, M.: Faster pairing computations on curves with high-degree twists. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 224–242. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_14
Duan, P., Cui, S., Chan, C.: Special polynomial families for generating more suitable elliptic curves for pairing-based cryptosystems. IACR Cryptol. ePrint Arch. 2005, 342 (2005)
El Mrabet, N., Guillermin, N., Ionica, S.: A study of pairing computation for elliptic curves with embedding degree 15. IACR Cryptol. ePrint Arch. 2009, 370 (2009)
Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)
Ghammam, L., Fouotsa, E.: Improving the computation of the optimal Ate pairing for a high security level. J. Appl. Math. Comput. 59 (2018). https://doi.org/10.1007/s12190-018-1167-y
Granger, R., Scott, M.: Faster squaring in the cyclotomic subgroup of sixth degree extensions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 209–223. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_13
Guillevic, A., Masson, S., Thomé, E.: Cocks-Pinch curves of embedding degrees five to eight and optimal Ate pairing computation. Cryptology ePrint Archive, Report 2019/431 (2019). https://eprint.iacr.org/2019/431
Hess, F., Smart, N., Vercauteren, F.: The Eta pairing revisited. Cryptology ePrint Archive, Report 2006/110 (2006). https://eprint.iacr.org/2006/110
Hess, F.: Pairing lattices. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 18–38. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5_2
Huang, M., Gaj, K., El-Ghazawi, T.: New hardware architectures for Montgomery modular multiplication algorithm. IEEE Trans. Comput. 60(7), 923–936 (2011). https://doi.org/10.1109/TC.2010.247
John, T.: Duality theorems in Galois cohomology over number fields. In: International Congress of Mathematicians Stockholm 1962, Djursholm (1963)
Joux, A.: A one round protocol for tripartite diffie-hellman. In: ANTS-IV: Proceedings of the 4th International Symposium on Algorithmic Number Theory, London, UK, p. 385394 (2000)
Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing brezing-weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5_9
Karabina, K.: Squaring in cyclotomic subgroups. Cryptology ePrint Archive, Report 2010/542 (2010). https://eprint.iacr.org/2010/542
Khandaker, M.A.-A., Nanjo, Y., Ghammam, L., Duquesne, S., Nogami, Y., Kodera, Y.: Efficient optimal ate pairing at 128-bit security level. In: Patra, A., Smart, N.P. (eds.) INDOCRYPT 2017. LNCS, vol. 10698, pp. 186–205. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71667-1_10
Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_20
Knuth, D.E.: The Art of Computer Programming, Volume 1 (3rd Ed.): Fundamental Algorithms. Addison Wesley Longman Publishing Co., Inc., USA (1997)
Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005). https://doi.org/10.1007/11586821_2
Miller, V.S.: The weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004). https://doi.org/10.1007/s00145-004-0315-8
Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)
Salman, A., Diehl, W., Kaps, J.: A light-weight hardware/software co-design for pairing-based cryptography with low power and energy consumption. In: FPT, pp. 235–238. IEEE (2017)
Tenca, A., Koc, C.: A scalable architecture for Montgomery multiplication. In: Proceedings of First International Workshop Cryptographic Hardware and Embedded Systems (CHES 1999), pp. 94–108 (01 1999)
Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56(1), 455–461 (2010). https://doi.org/10.1109/TIT.2009.2034881
Wang, A.T., Guo, B.W., Wei, C.J.: Highly-parallel hardware implementation of optimal Ate pairing over Barreto-Naehrig curves. Integration 64, 13–21 (2019)
Xiong, X., Wong, D.S., Deng, X.: Tinypairing: a fast and lightweight pairing-based cryptographic library for wireless sensor networks. In: WCNC, pp. 1–6. IEEE (2010)
Yao, G.X., Fan, J., Cheung, R.C.C., Verbauwhede, I.: Faster pairing coprocessor architecture. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 160–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36334-4_10
Zhang, X., Lin, D.: Analysis of optimum pairing products at high security levels. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 412–430. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_24
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Lavice, A., Mrabet, N.E., Berzati, A., Rigaud, JB., Proy, J. (2022). Hardware Implementations of Pairings at Updated Security Levels. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. https://doi.org/10.1007/978-3-030-97348-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-97348-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97347-6
Online ISBN: 978-3-030-97348-3
eBook Packages: Computer ScienceComputer Science (R0)