Abstract
Bilinear pairings on elliptic curves have many applications in cryptography and cryptanalysis. Pairing computation is more complicated compared to that of other popular public-key cryptosystems. Efficient implementation of cryptographic pairing, both software- and hardware-based approaches, has thus received increasing interest. In this paper, we focus on hardware implementation and present the design of Hydra, an energy-efficient programmable cryptographic coprocessor that supports various pairings over fields of large characteristics. We also present several implementations of Hydra, among which the smallest only uses 116 K gates when synthesized in TSMC 90 nm standard cell library. Despite the extra programmability, our design is competitive compared even with specialized implementations in terms of time-area-cycle product, a common figure of merit that provides a good measure of energy efficiency. For example, it only takes 3.04 ms to compute an optimal ate pairing over Barreto-Naehrig curves when the chip operates at 200 MHz. This is certainly a very small time-area-cycle product among all hardware implementations of cryptographic pairing in the current literature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004)
Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003)
Cheung, R.C.C., Duquesne, S., Fan, J., Guillermin, N., Verbauwhede, I., Yao, G.X.: FPGA implementation of pairings using residue number system and lazy reduction. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 421–441. Springer, Heidelberg (2011)
Cordes, D., Marwedel, P., Mallik, A.: Automatic parallelization of embedded software using hierarchical task graphs and integer linear programming. In: CODES+ISSS, Montreal, QC, Canada, pp. 267–276 (2010)
Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)
J. Fan, F. Vercauteren, and I. Verbauwhede. Faster \(\mathbb{F}\_p\)-arithmetic for cryptographic pairings on Barreto-Naehrig curves. In CHES 2009, pages 240–253. Lausanne, Switzerland, 2009.
Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation 62, 865–874 (1994)
Ghosh, S., Mukhopadhyay, D., Roychowdhury, D.: High speed flexible pairing cryptoprocessor on FPGA platform. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 450–466. Springer, Heidelberg (2010)
Ghosh, S., Roychowdhury, D., Das, A.: High speed cryptoprocessor for η T pairing on 128-bit secure supersingular elliptic curves over characteristic two fields. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 442–458. Springer, Heidelberg (2011)
Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS-IV. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)
Kammler, D., Zhang, D., Schwabe, P., Scharwaechter, H., Langenberg, M., Auras, D., Ascheid, G., Mathar, R.: Designing an ASIP for cryptographic pairings over Barreto-Naehrig curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 254–271. Springer, Heidelberg (2009)
Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)
Miller, V.S.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17(4), 235–261 (2004)
Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44, 519–521 (1985)
Nikhil, R.: Bluespec System Verilog: efficient, correct RTL from high level specifications. In: MEMOCODE 2004, San Diego, CA, USA, pp. 69–70 (2004)
Schwabe, P.: Pairing computation on BN curves, http://cryptojedi.org/crypto/#bnpairings
Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Chang, YA., Hong, WC., Hsiao, MC., Yang, BY., Wu, AY., Cheng, CM. (2014). Hydra: An Energy-Efficient Programmable Cryptographic Coprocessor Supporting Elliptic-Curve Pairings over Fields of Large Characteristics. In: Yoshida, M., Mouri, K. (eds) Advances in Information and Computer Security. IWSEC 2014. Lecture Notes in Computer Science, vol 8639. Springer, Cham. https://doi.org/10.1007/978-3-319-09843-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-09843-2_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09842-5
Online ISBN: 978-3-319-09843-2
eBook Packages: Computer ScienceComputer Science (R0)