Cryptology ePrint Archive: Report 2010/354

High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves

Jean-Luc Beuchat and Jorge Enrique González Díaz and Shigeo Mitsunari and Eiji Okamoto and Francisco Rodríguez-Henríquez and Tadanori Teruya

Abstract: This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto--Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a $254$-bit prime field $\mathbb{F}_{p}$, in just $2.63$ million of clock cycles on a single core of an Intel Core i7 $2.8$GHz processor, which implies that the pairing computation takes $0.942$msec. We are able to achieve this performance by a careful implementation of the base field arithmetic through the usage of the customary Montgomery multiplier for prime fields. The prime field is constructed via the Barreto--Naehrig polynomial parametrization of the prime $p$ given as, $p = 36t^4 +36t^3 +24t^2 +6t+1$, with $t = 2^{62} - 2^{54} + 2^{44}$. This selection of $t$ allows us to obtain important savings for both the Miller loop as well as the final exponentiation steps of the optimal ate pairing.

Category / Keywords: implementation /

Date: received 17 Jun 2010, last revised 13 Sep 2010

Contact author: francisco at cs cinvestav mx

Available format(s): PDF | BibTeX Citation

Note: fix typo

Version: 20100913:173515 (All versions of this report)

Short URL: ia.cr/2010/354

Discussion forum: Show discussion | Start new discussion