An Efficient hardware implementation of the tate pairing in characteristic three

DL systems with bilinear structure recently became an important base for cryptographic protocols such as identity-based encryption (IBE). Since the main computational task is the evaluation of the bilinear pairings over elliptic curves, known to be prohibitively expensive, efficient implementations are required to render them applicable in real life scenarios. We present an efficient accelerator for computing the Tate Pairing in characteristic 3, using the Modified Duursma-Lee algorithm. Our accelerator shows that it is possible to improve the area-time product by 12 times on FPGA, compared to estimated values from one of the best known hardware architecture [6] implemented on the same type of FPGA. Also the computation time is improved upto 16 times compared to software applications reported in [17]. In addition, we present the result of an ASIC implementation of the algorithm, which is the first hitherto

A versatile Montgomery multiplier architecture with characteristic three support

We present a novel unified core design which is extended to realize Montgomery multiplication in the fields GF(2n), GF(3m), and GF(p). Our unified design supports RSA and elliptic curve schemes, as well as the identity-based encryption which requires a pairing computation on an elliptic curve. The architecture is pipelined and is highly scalable. The unified core utilizes the redundant signed digit representation to reduce the critical path delay. While the carry-save representation used in classical unified architectures is only good for addition and multiplication operations, the redundant signed digit representation also facilitates efficient computation of comparison and subtraction operations besides addition and multiplication. Thus, there is no need for a transformation between the redundant and the non-redundant representations of field elements, which would be required in the classical unified architectures to realize the subtraction and comparison operations. We also quantify the benefits of the unified architectures in terms of area and critical path delay. We provide detailed implementation results. The metric shows that the new unified architecture provides an improvement over a hypothetical non-unified architecture of at least 24.88%, while the improvement over a classical unified architecture is at least 32.07%

Parallel hardware architectures for the cryptographic Tate pairing

Identity-based cryptography uses pairing functions, which are sophisticated bilinear maps defined on elliptic curves. Computing pairings efficiently in software is presently a relevant research topic. Since such functions are very complex and slow in software, dedicated hard- ware (HW) implementations are worthy of being stud- ied, but presently only very preliminary research is avail- able. This work affords the problem of designing paral- lel dedicated HW architectures, i.e.,co-processors, for the Tate pairing, in the case of the Duursma-Lee algorithm in characteristic 3. Formal scheduling methodologies are applied to carry out an extensive exploration of the archi- tectural solution space, evaluating the obtained structures by means of different figures of merit such as computation time, circuit area and combinations thereof.Comparisons with the (few) existing proposals are carried out, show- ing that a large space exists for the efficient parallelHW computation of pairings

Cryptographic key distribution in wireless sensor networks: a hardware perspective

In this work the suitability of different methods of symmetric key distribution for application in wireless sensor networks are discussed. Each method is considered in terms of its security implications for the network. It is concluded that an asymmetric scheme is the optimum choice for key distribution. In particular, Identity-Based Cryptography (IBC) is proposed as the most suitable of the various asymmetric approaches. A protocol for key distribution using identity based Non-Interactive Key Distribution Scheme (NIKDS) and Identity-Based Signature (IBS) scheme is presented. The protocol is analysed on the ARM920T processor and measurements were taken for the run time and energy of its components parts. It was found that the Tate pairing component of the NIKDS consumes significants amounts of energy, and so it should be ported to hardware. An accelerator was implemented in 65nm Complementary Metal Oxide Silicon (CMOS) technology and area, timing and energy figures have been obtained for the design. Initial results indicate that a hardware implementation of IBC would meet the strict energy constraint of a wireless sensor network node

Pairing computation on hyperelliptic curves of genus 2

Bilinear pairings have been recently used to construct cryptographic schemes with new and novel properties, the most celebrated example being the Identity Based Encryption scheme of Boneh and Franklin. As pairing computation is generally the most computationally intensive part of any painng-based cryptosystem, it is essential to investigate new ways in which to compute pairings efficiently. The vast majority of the literature on pairing computation focuscs solely on using elliptic curves. In this thesis we investigate pairing computation on supersingular hyperelliptic curves of genus 2 Our aim is to provide a practical alternative to using elliptic curves for pairing based cryptography. Specifically, we illustrate how to implement pairings efficiently using genus 2 curves, and how to attain performance comparable to using elliptic curves. We show that pairing computation on genus 2 curves over F2m can outperform elliptic curves by using a new variant of the Tate pairing, called the r¡j pairing, to compute the fastest pairing implementation in the literature to date We also show for the first time how the final exponentiation required to compute the Tate pairing can be avoided for certain hyperelliptic curves. We investigate pairing computation using genus 2 curves over large prime fields, and detail various techniques that lead to an efficient implementation, thus showing that these curves are a viable candidate for practical use

Achieving Identity-based cryptography in a personal digital assistant

Continuous technological advances have allowed that mobile devices, such as Personal Digital Assistants (PDAs), can execute sophisticated applications that more often than not must be equipped with a layer of security that should include the confidentiality and the authentication services within its repertory. Nevertheless, when compared against front-end computing devices, most PDAs are still seen as constrained devices with limited processing and storage capabilities. In order to achieve Identity-Based Cryptography (IBC), which was an open problem proposed by Adi Shamir in 1984, Boneh and Franklin presented in Crypto 2001, a solution that uses bilinear pairings as its main building block. Since then, IBC has become an active area of investigation where many efficient IBC security protocols are proposed year after year. In this paper, we present a cryptographic application that allows the secure exchange of documents from a Personal Digital Assistant (PDA) that is wirelessly connected to other nodes. The architecture of our application is inspired by the traditional PGP (Pretty Good Privacy) email security protocol. Our application achieves identity-based authentication and confidentiality functionalities at the 80-bit security level through the usage of a cryptographic library that was coded in C++. Our library can perform basic primitives such as bilinear pairings defined over the binary field and the ternary field , as well as other required primitives known as map-to-point hash functions. We report the timings achieved by our application and we show that they compare well against other similar works published in the open literature

Identity based cryptography from bilinear pairings

This report contains an overview of two related areas of research in cryptography which have been prolific in significant advances in recent years. The first of these areas is pairing based cryptography. Bilinear pairings over elliptic curves were initially used as formal mathematical tools and later as cryptanalysis tools that rendered supersingular curves insecure. In recent years, bilinear pairings have been used to construct many cryptographic schemes. The second area covered by this report is identity based cryptography. Digital certificates are a fundamental part of public key cryptography, as one needs a secure way of associating an agent’s identity with a random (meaningless) public key. In identity based cryptography, public keys can be arbitrary bit strings, including readable representations of one’s identity.Fundação para a Ci~Encia e Tecnologia - SFRH/BPD/20528/2004