6 research outputs found
Arithmetic Operators for Pairing-Based Cryptography
Since their introduction in constructive cryptographic applications,
pairings over (hyper)elliptic curves are at the heart of an ever
increasing number of protocols. Software implementations being rather
slow, the study of hardware architectures became an active research
area. In this paper, we first study an accelerator for the
pairing over . Our architecture is
based on a unified arithmetic operator which performs addition,
multiplication, and cubing over . This design
methodology allows us to design a compact coprocessor ( slices
on a Virtex-II Pro~ FPGA) which compares favorably with other
solutions described in the open literature. We then describe ways to
extend our approach to any characteristic and any extension field
A Pipelined Karatsuba-Ofman Multiplier over GF() Amenable for Pairing Computation
We present a subquadratic ternary field multiplier based on the combination of several variants of the Karatsuba-Ofman scheme
recently published. Since one of the most relevant applications for this kind of multipliers is pairing computation,
where several field multiplications need to be computed at once, we decided to design a -stage pipeline
structure for , where each stage is composed of a 49-trit polynomial multiplier unit. That
architecture can compute an average of field multiplications every three clock cycles, which implies that our
four-stage pipeline design can perform more than one field multiplication per clock cycle. When implemented in
a Xilinx Virtex V XC5VLX330 FPGA device, this multiplier can compute one field multiplication over \gf()
in just ns
Breaking pairing-based cryptosystems using pairing over
There are many useful cryptographic schemes, such as ID-based encryption,
short signature, keyword searchable encryption, attribute-based encryption,
functional encryption, that use a bilinear pairing.
It is important to estimate the security of such pairing-based cryptosystems in cryptography.
The most essential number-theoretic problem in pairing-based cryptosystems is
the discrete logarithm problem (DLP)
because pairing-based cryptosystems are no longer secure once the underlining DLP is broken.
One efficient bilinear pairing is the pairing defined over a supersingular
elliptic curve on the finite field for a positive integer .
The embedding degree of the pairing is ;
thus, we can reduce the DLP over on to that over the finite field .
In this paper, for breaking the pairing over , we discuss
solving the DLP over by using the function field sieve (FFS),
which is the asymptotically fastest algorithm for solving a DLP
over finite fields of small characteristics.
We chose the extension degree because it has been intensively used in benchmarking
tests for the implementation of the pairing,
and the order (923-bit) of is substantially larger than
the previous world record (676-bit) of solving the DLP by using the FFS.
We implemented the FFS for the medium prime case (JL06-FFS),
and propose several improvements of the FFS,
for example, the lattice sieve for JL06-FFS and the filtering adjusted to the Galois action.
Finally, we succeeded in solving the DLP over .
The entire computational time of our improved FFS requires about 148.2 days using 252 CPU cores.
Our computational results contribute to the secure use of pairing-based cryptosystems with the pairing
Pairings in Cryptology: efficiency, security and applications
Abstract
The study of pairings can be considered in so many di�erent ways that it
may not be useless to state in a few words the plan which has been adopted,
and the chief objects at which it has aimed. This is not an attempt to write
the whole history of the pairings in cryptology, or to detail every discovery,
but rather a general presentation motivated by the two main requirements
in cryptology; e�ciency and security.
Starting from the basic underlying mathematics, pairing maps are con-
structed and a major security issue related to the question of the minimal
embedding �eld [12]1 is resolved. This is followed by an exposition on how
to compute e�ciently the �nal exponentiation occurring in the calculation
of a pairing [124]2 and a thorough survey on the security of the discrete log-
arithm problem from both theoretical and implementational perspectives.
These two crucial cryptologic requirements being ful�lled an identity based
encryption scheme taking advantage of pairings [24]3 is introduced. Then,
perceiving the need to hash identities to points on a pairing-friendly elliptic
curve in the more general context of identity based cryptography, a new
technique to efficiently solve this practical issue is exhibited.
Unveiling pairings in cryptology involves a good understanding of both
mathematical and cryptologic principles. Therefore, although �rst pre-
sented from an abstract mathematical viewpoint, pairings are then studied
from a more practical perspective, slowly drifting away toward cryptologic
applications
Arithmetic Operators for Pairing-Based Cryptography
Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we first study an accelerator for the ηT pairing over F3[x]/(x 97 + x 12 + 2). Our architecture is based on a unified arithmetic operator which performs addition, multiplication, and cubing over F 3 97. This design methodology allows us to design a compact coprocessor (1888 slices on a Virtex-II Pro 4 FPGA) which compares favorably with other solutions described in the open literature. We then describe ways to extend our approach to any characteristic and any extension field