Advertisement

Parallelizing the Weil and Tate Pairings

  • Diego F. Aranha
  • Edward Knapp
  • Alfred Menezes
  • Francisco Rodríguez-Henríquez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7089)

Abstract

In the past year, the speed record for pairing implementations on desktop-class machines has been broken several times. The speed records for asymmetric pairings were set on a single processor. In this paper, we describe our parallel implementation of the optimal ate pairing over Barreto-Naehrig (BN) curves that is about 1.23 times faster using two cores of an Intel Core i5 or Core i7 machine, and 1.45 times faster using 4 cores of the Core i7 than the state-of-the-art implementation on a single core. We instantiate Hess’s general Weil pairing construction and introduce a new optimal Weil pairing tailored for parallel execution. Our experimental results suggest that the new Weil pairing is 1.25 times faster than the optimal ate pairing on 8-core extensions of the aforementioned machines. Finally, we combine previous techniques for parallelizing the eta pairing on a supersingular elliptic curve with embedding degree 4, and achieve an estimated 1.24-fold speedup on an 8-core extension of an Intel Core i7 over the previous best technique.

Keywords

Elliptic Curf Parallel Implementation Residue Number System Weil Pairing Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Akane, M., Nogami, Y., Morikawa, Y.: Fast ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. IEICE Trans. Fundam. Electron. Commun. Comput. Sci E92.A, 508–516 (2009)CrossRefGoogle Scholar
  2. 2.
    Akhter, S., Roberts, J.: Multi-Core Programming: Increasing Performance through Software Multi-threading. Intel Press (2006)Google Scholar
  3. 3.
    Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster Explicit Formulas for Computing Pairings over Ordinary Curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011), http://eprint.iacr.org/2010/526 CrossRefGoogle Scholar
  4. 4.
    Aranha, D.F., López, J., Hankerson, D.: High-Speed Parallel Software Implementation of the η T Pairing. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 89–105. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Aranha, D.F., López, J., Hankerson, D.: Efficient Software Implementation of Binary Field Arithmetic using Vector Instruction Sets. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 144–161. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Barreto, P., Galbraith, S., Eigeartaigh, C.Ó., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Designs, Codes and Cryptography 42, 239–271 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    Barreto, P., Lynn, B., Scott, M.: On the Selection of Pairing-friendly Group. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Beuchat, J.-L., Brisebarre, N., Detrey, J., Okamoto, E., Rodríguez-Henríquez, F.: A Comparison Between Hardware Accelerators for the Modified Tate Pairing over \({\mathbb F}_{2^m}\) and \({\mathbb F}_{3^m}\). In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 297–315. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-Speed Software Implementation of the Optimal ate Pairing over Barreto-Naehrig Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 21–39. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Beuchat, J.-L., López-Trejo, E., Martínez-Ramos, L., Mitsunari, S., Rodríguez-Henríquez, F.: Multi-core Implementation of the Tate Pairing over Supersingular Elliptic Curves. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 413–432. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Boyen, X.: Short Signatures without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Bos, J.W., Kleinjung, T., Niederhagen, R., Schwabe, P.: ECC2K-130 on Cell CPUs. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 225–242. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Costello, C., Lange, T., Naehrig, M.: Faster Pairing Computations on Curves with High-Degree Twists. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 224–242. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Duquesne, S., Guillermin, N.: A FPGA pairing implementation using the Residue Number System. Cryptology ePrint Archive, Report 176 (2011)Google Scholar
  17. 17.
    Estibals, N.: Compact Hardware for Computing the Tate Pairing over 128-Bit-Security Supersingular Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 397–416. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Fan, J., Vercauteren, F., Verbauwhede, I.: Faster \(\mathbb{F}_p\)-Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 240–253. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Galbraith, S., Paterson, K., Smart, N.: Pairings for cryptographers. Discrete Applied Mathematics 156, 3113–3121 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  20. 20.
    von zur Gathen, J.: Efficient and optimal exponentiation in finite fields. Computational Complexity 1, 360–394 (1991)CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Grabher, P., Großschädl, J., Page, D.: On Software Parallel Implementation of Cryptographic Pairings. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 35–50. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Granger, R., Hess, F., Oyono, R., Thériault, N., Vercauteren, F.: Ate Pairing on Hyperelliptic Curves. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 430–447. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Granger, R., Scott, M.: Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 209–223. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Gueron, S., Kounavis, M.: Carry-less multiplication and its usage for computing the GCM mode, Intel white paper (2010)Google Scholar
  25. 25.
    Güneysu, T.: Utilizing hard cores for modern FPGA devices for high-performance cryptography. Journal of Cryptographic Engineering 1, 37–55 (2011)CrossRefGoogle Scholar
  26. 26.
    Hankerson, D., Menezes, A., Scott, M.: Software implementation of pairings. In: Joye, M., Neven, G. (eds.) Identity-Based Cryptography. IOS Press (2008)Google Scholar
  27. 27.
    Hess, F.: Pairing Lattices. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 18–38. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Hess, F., Smart, N., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theory 52, 4595–4602 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  29. 29.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases. Information and Computation 78, 171–177 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  30. 30.
    Kammler, D., et al.: Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 254–271. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Karabina, K.: Squaring in cyclotomic subgroups. Cryptology ePrint Archive, Report 542 (2010)Google Scholar
  32. 32.
    Koblitz, N., Menezes, A.: Pairing-Based Cryptography at High Security Levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Lee, E.: The problem with threads. Computer 39, 33–42 (2006)CrossRefGoogle Scholar
  34. 34.
    Lee, E., Lee, H., Park, C.: Efficient and generalized pairing computation on abelian varieties. IEEE Trans. Inf. Theory 55, 1793–1803 (2009)CrossRefMathSciNetGoogle Scholar
  35. 35.
    Lim, C.H., Lee, P.J.: More Flexible Exponentiation with Precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar
  36. 36.
    Miller, V.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17, 235–261 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  37. 37.
    Montgomery, P.: Five, six, and seven-term Karatsuba-like formulae. IEEE Trans. Comput. 54, 362–369 (2005)CrossRefzbMATHGoogle Scholar
  38. 38.
    Naehrig, M., Niederhagen, R., Schwabe, P.: New Software Speed Records for Cryptographic Pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  39. 39.
    Nogami, Y., Akane, M., Sakemi, Y., Kato, H., Morikawa, Y.: Integer Variable χ-Based ate Pairing. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 178–191. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  40. 40.
  41. 41.
    Pereira, G., Simplício Jr., M., Naehrig, M., Barreto, P.: A family of implementation-friendly BN elliptic curves. Journal of Systems and Software 84, 1319–1326 (2011)CrossRefGoogle Scholar
  42. 42.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: Proc. 2000 Symp. on Cryptography and Information Security, Okinawa (2000)Google Scholar
  43. 43.
    Scott, M.: Authenticated ID-based key exchange and remote log-in with simple token and PIN number. Cryptology ePrint Archive, Report 164 (2002)Google Scholar
  44. 44.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  45. 45.
    Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56, 455–461 (2010)CrossRefMathSciNetGoogle Scholar
  46. 46.
    Yao, G., Fan, J., Cheung, R., Verbauwhede, I.: A high speed pairing coprocessor using RNS and lazy reduction. Cryptology ePrint Archive, Report 258 (2011)Google Scholar
  47. 47.
    Zhao, C., Zhang, F., Xie, D.: Reducing the complexity of the Weil pairing computation. Cryptology ePrint Archive, Report 212 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Diego F. Aranha
    • 1
  • Edward Knapp
    • 2
  • Alfred Menezes
    • 2
  • Francisco Rodríguez-Henríquez
    • 3
  1. 1.Institute of ComputingUniversity of CampinasBrazil
  2. 2.Department of Combinatorics & OptimizationUniversity of WaterlooCanada
  3. 3.Computer Science DepartmentCINVESTAV-IPNMexico

Personalised recommendations