Cryptology ePrint Archive: Report 2015/1100

Area-Efficient Hardware Implementation of the Optimal Ate Pairing over BN curves.

Anissa Sghaier and Loubna Ghammam and Medyen Zeghid and Sylvain Duquesne and Mohsen Machhout

Abstract: To have an efficient asymmetric key encryption scheme such as elliptic curves, hyperelliptic curves, pairing etc., we have to go through an arithmetic optimization then a hardware one. Taking into consideration restricted environments’ compromises, we should strike a balance between efficiency and memory resources. For this reason, we studied the mathematical aspect of pairing computation and gave new development of the methods that compute the hard part of the final exponentiation in [2]. They prove that these new methods save an important number of temporary variables, and they are certainly faster than the existing one. In this paper, we will also present a new way of computing Miller loop, more precisely in the doubling algorithm. So we will use this result and the arithmetic optimization presented in [2]. Then, we will apply hardware optimization to find a satisfactory design which give the best compromise between area occupation and execution time. Our hardware implementation on a Virtex-6 FPGA(XC6VHX250T) used only 5976 Slices, 30 DSP, which is less resources used compared with state-ofthe-art hardware implementations, so we can say that our approach cope with the limited resources of restricted environment

Category / Keywords: : BN curves, Optimal Ate Pairing, Arithmetic optimization, memory resources, hardware implementations

Date: received 12 Nov 2015, last revised 25 Jan 2016

Contact author: ghammam loubna at yahoo fr

Available format(s): PDF | BibTeX Citation

Version: 20160125:125701 (All versions of this report)

Short URL: ia.cr/2015/1100

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]