Paper 2007/045

A Coprocessor for the Final Exponentiation of the ${\eta }_T$ Pairing in Characteristic Three

Jean-Luc Beuchat, Nicolas Brisebarre, Masaaki Shirase, Tsuyoshi Takagi, and Eiji Okamoto

Abstract

Since the introduction of pairings over (hyper)elliptic curves in constructive cryptographic applications, an ever increasing number of protocols based on pairings have appeared in the literature. Software implementations being rather slow, the study of hardware architectures became an active research area. Beuchat et al. proposed for instance a coprocessor which computes the characteristic three $$ pairing, from which the Tate pairing can easily be derived, in $$\,$$s on a Cyclone II FPGA. However, a final exponentiation is required to ensure a unique output value and the authors proposed to supplement their $$ pairing accelerator with a coprocessor for exponentiation. Thus, the challenge consists in designing the smallest possible piece of hardware able to perform this task in less than $$\,$$s on a Cyclone~II device. In this paper, we propose a novel arithmetic operator implementing addition, cubing, and multiplication over $$ and show that a coprocessor based on a single such operator meets this timing constraint.