A Coprocessor for the Final Exponentiation of the eta T Pairing in Characteristic Three

Since the introduction of pairings over (hyper)elliptic curves in constructive cryptographic applications, an ever increasing number of protocols based on pairings have appeared in the literature. Software implementations being rather slow, the study of hardware architectures became an active research area. Beuchat et al. proposed for instance a coprocessor which computes the characteristic three ηT pairing, from which the Tate pairing can easily be derived, in 33μs on a Cyclone II FPGA. However, a final exponentiation is required to ensure a unique output value and the authors proposed to supplement their ηT pairing accelerator with a coprocessor for exponentiation. Thus, the challenge consists in designing the smallest possible piece of hardware able to perform this task in less than 33μs on a Cyclone II device. In this paper, we propose a novel arithmetic operator implementing addition, cubing, and multiplication over F397 and show that a coprocessor based on a single such operator meets this timing constraint.