In this paper we give performance numbers for affine and projective pairings on a dual-core Cortex A9 ARM processor and compare performance of the same implementation across three platforms: x86, x86-64 and ARM. Using a fast inversion in the base field and doing inversion in extension fields by using the norm map to reduce to inversions in smaller fields, we find a very low ratio of inversion-to-multiplication costs. In our implementation, this favors using affine coordinates on all three platforms, even for the current 128-bit minimum security level specified by NIST. We use Barreto-Naehrig (BN) curves and report on the performance of an optimal ate pairing for curves covering security levels roughly between 128 and 192 bits. We compare with other reported performance numbers for pairing computation on ARM processors.
Category / Keywords: implementation / Pairing computation, affine coordinates, optimal ate pairing, pairing cost, ARM architecture. Date: received 16 May 2011, last revised 26 Jul 2011 Contact author: michael at cryptojedi org Available formats: PDF | BibTeX Citation Version: 20110726:150810 (All versions of this report) Discussion forum: Show discussion | Start new discussion