Faster Fp-arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves
نویسندگان
چکیده
This paper describes a new method to speed up Fp-arithmetic for Barreto-Naehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudo-Mersenne number. With this algorithm, the performance of pairings on BN curves can be significantly improved, resulting in a factor 5.4 speed-up compared with the state-of-the-art hardware implementations. Using this algorithm, we implemented a pairing processor in hardware, which runs at 204 MHz and finishes one ate and R-ate pairing computation over a 256-bit BN curve in 4.22 ms and 2.91 ms, respectively.
منابع مشابه
Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves
This paper presents a design-space exploration of an applicationspecific instruction-set processor (ASIP) for the computation of various cryptographic pairings over Barreto-Naehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields—in the case of BN curves a field Fp of large prime order p. Efficient arithmetic in these fields is crucial for fast computat...
متن کاملFaster -Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves
This paper describes a new method to speed up Fp-arithmetic for Barreto-Naehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudo-Mersenne number. With this a...
متن کاملImplementing Cryptographic Pairings over Barreto-Naehrig Curves
In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard PC and on a 32-bit smartcard. First we introduce a subfamily of such curves with a particularly simple representation. Next we consider the issues that arise in the efficient implemention of field arithmetic in Fp12 , which is crucial to good perfo...
متن کاملOn Compressible Pairings and Their Computation
In this paper we provide explicit formulæ to compute bilinear pairings in compressed form, and indicate families of curves where particularly generalised versions of the Eta and Ate pairings due to Zhao et al. are especially efficient. With the new formulæ it is possible to entirely avoid F pk arithmetic during pairing computation on elliptic curves over Fp with even embedding degree k. Using o...
متن کاملFaster Explicit Formulas for Computing Pairings over Ordinary Curves
We describe e cient formulas for computing pairings on ordinary elliptic curves over prime elds. First, we generalize lazy reduction techniques, previously considered only for arithmetic in quadratic extensions, to the whole pairing computation, including towering and curve arithmetic. Second, we introduce a new compressed squaring formula for cyclotomic subgroups and a new technique to avoid p...
متن کامل