Results 1  10
of
14
Highspeed software implementation of the optimal ate pairing over Barreto–Naehrig curves
 PAIRINGBASED CRYPTOGRAPHY–PAIRING 2010. LECTURE NOTES IN COMPUTER SCIENCE
, 2010
"... This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto–Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a 254bit prime field Fp, injust2.33 million of clock cycles on a single core of an Intel Core ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
(Show Context)
This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto–Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a 254bit prime field Fp, injust2.33 million of clock cycles on a single core of an Intel Core i7 2.8GHz processor, which implies that the pairing computation takes 0.832msec. We are able to achieve this performance by a careful implementation of the base field arithmetic through the usage of the customary Montgomery multiplier for prime fields. The prime field is constructed via the Barreto–Naehrig polynomial parametrization of the prime p given as, p =36t 4 +36t 3 +24t 2 +6t +1, with t =2 62 − 2 54 +2 44. This selection of t allows us to obtain important savings for both the Miller loop as well as the final exponentiation steps of the optimal ate pairing.
Multicore implementation of the Tate pairing over supersingular elliptic curves
 Cryptology and Network Security (CANS 2009), LNCS 5888 (2009
"... Abstract. This paper describes the design of a fast multicore library for the cryptographic Tate pairing over supersingular elliptic curves. For the computation of the reduced modified Tate pairing over F 3 509, we report calculation times of just 2.94 ms and 1.87 ms on the Intel Core2 and Intel Co ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes the design of a fast multicore library for the cryptographic Tate pairing over supersingular elliptic curves. For the computation of the reduced modified Tate pairing over F 3 509, we report calculation times of just 2.94 ms and 1.87 ms on the Intel Core2 and Intel Core i7 architectures, respectively. We also try to answer one important design question that arises: how many cores should be utilized for a given application?
Faster Fparithmetic for Cryptographic Pairings on BarretoNaehrig Curves ⋆
"... Abstract. This paper describes a new method to speed up Fparithmetic for BarretoNaehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction i ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes a new method to speed up Fparithmetic for BarretoNaehrig (BN) curves. We explore the characteristics of the modulus defined by BN curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudoMersenne number. With this algorithm, the performance of pairings on BN curves can be significantly improved, resulting in a factor 5.4 speedup compared with the stateoftheart hardware implementations. Using this algorithm, we implemented a pairing processor in hardware, which runs at 204 MHz and finishes one ate and Rate pairing computation over a 256bit BN curve in 4.22 ms and 2.91 ms, respectively.
Designing an ASIP for Cryptographic Pairings over BarretoNaehrig Curves
, 2009
"... This paper presents a designspace exploration of an applicationspecific instructionset processor (ASIP) for the computation of various cryptographic pairings over BarretoNaehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields—in the case of BN curves a ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
This paper presents a designspace exploration of an applicationspecific instructionset processor (ASIP) for the computation of various cryptographic pairings over BarretoNaehrig curves (BN curves). Cryptographic pairings are based on elliptic curves over finite fields—in the case of BN curves a field Fp of large prime order p. Efficient arithmetic in these fields is crucial for fast computation of pairings. Moreover, computation of cryptographic pairings is much more complex than ellipticcurve cryptography (ECC) in general. Therefore, we facilitate programming of the proposed ASIP by providing a C compiler. In order to speed up Fp arithmetic, a RISC core is extended with additional scalable functional units. Because the resulting speedup can be limited by the memory throughput, utilization of multiple datamemory banks is proposed. The presented design needs 15.8 ms for the computation of the OptimalAte pairing over a 256bit BN curve at 338 MHz implemented with a 130 nm standard cell library. The processor core consumes 97 kGates making it suitable for the use in embedded systems.
An Analysis of Affine Coordinates for Pairing Computation
"... Abstract. In this paper we analyze the use of affine coordinates for pairing computation. We observe that in many practical settings, for example when implementing optimal ate pairings in high security levels, affine coordinates are faster than using the best currently known formulas for projective ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we analyze the use of affine coordinates for pairing computation. We observe that in many practical settings, for example when implementing optimal ate pairings in high security levels, affine coordinates are faster than using the best currently known formulas for projective coordinates. This observation relies on two known techniques for speeding up field inversions which we analyze in the context of pairing computation. We give detailed performance numbers for a pairing implementation based on these ideas, including timings for base field and extension field arithmetic with relative ratios for inversiontomultiplication costs, timings for pairings in both affine and projective coordinates, and average timings for multiple pairings and products of pairings. Keywords: Pairing computation, Miller’s algorithm, affine coordinates, optimal ate pairing, finite field inversions, pairing cost, multiple pairings, pairing products.
Software implementation of binary elliptic curves: impact of the carryless multiplier on scalar multiplication
"... Abstract. The availability of a new carryless multiplication instruction in the latest Intel desktop processors significantly accelerates multiplication in binary fields and hence presents the opportunity for reevaluating algorithms for binary field arithmetic and scalar multiplication over ellipti ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The availability of a new carryless multiplication instruction in the latest Intel desktop processors significantly accelerates multiplication in binary fields and hence presents the opportunity for reevaluating algorithms for binary field arithmetic and scalar multiplication over elliptic curves. We describe how to best employ this instruction in field multiplication and the effect on performance of doubling and halving operations. Alternate strategies for implementing inversion and halftrace are examined that restore most of their competitiveness relative to the new multiplier. These improvements in field arithmetic are complemented by a study on serial and parallel approaches for Koblitz and random curves, where parallelization strategies are implemented and compared. The contributions are illustrated with experimental results improving the stateoftheart performance of halving and doublingbased scalar multiplication on NIST curves at the 112 and 192bit security levels, and a new speed record for sidechannel resistant scalar multiplication in a random curve at the 128bit security level. Key words: Elliptic curve cryptography, finite field arithmetic, parallel algorithm.
Montgomery Multiplication Using Vector Instructions
, 2013
"... Abstract. In this paper we present a parallel approach to compute interleaved Montgomery multiplication. This approach is particularly suitable to be computed on 2way single instruction, multiple data platforms as can be found on most modern computer architectures in the form of vector instruction ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we present a parallel approach to compute interleaved Montgomery multiplication. This approach is particularly suitable to be computed on 2way single instruction, multiple data platforms as can be found on most modern computer architectures in the form of vector instruction set extensions. We have implemented this approach for tablet devices which run the x86 architecture (Intel Atom Z2760) using SSE2 instructions as well as devices which run on the ARM platform (Qualcomm MSM8960, NVIDIA Tegra 3 and 4) using NEON instructions. When instantiating modular exponentiation with this parallel version of Montgomery multiplication we observed a performance increase of more than a factor of 1.5 compared to the sequential implementation in OpenSSL for the classical arithmetic logic unit on the Atom platform for 2048bit moduli. Key words: Montgomery multiplication, SIMD, software implementation, vector instructions 1
A high speed pairing coprocessor using RNS and lazy reduction. Cryptology ePrint Archive, Available from http://eprint.iacr.org
, 2011
"... Abstract. In this paper, we present a high speed pairing coprocessor using Residue Number System (RNS) and lazy reduction. We show that combining RNS, which are naturally suitable for parallel architectures, and lazy reduction, which performs one reduction for more than one multiplication, the compu ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we present a high speed pairing coprocessor using Residue Number System (RNS) and lazy reduction. We show that combining RNS, which are naturally suitable for parallel architectures, and lazy reduction, which performs one reduction for more than one multiplication, the computational complexity of pairings can be largely reduced. The design is prototyped on a Xilinx Virtex6 FPGA, which utilizes 7023 slices and 32 DSPs, and finishes one 254bit optimal ate pairing computation in 0.664 ms.
TRANSACTION ON COMPUTERS 1 Efficient Hardware Implementation of Fparithmetic for PairingFriendly Curves
"... Abstract—This paper describes a new method to speed up Fparithmetic in hardware for pairingfriendly curves, such as the well known BarretoNaehrig (BN) curves. We explore the characteristics of the modulus defined by these curves and choose curve parameters such that Fp multiplication becomes more ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—This paper describes a new method to speed up Fparithmetic in hardware for pairingfriendly curves, such as the well known BarretoNaehrig (BN) curves. We explore the characteristics of the modulus defined by these curves and choose curve parameters such that Fp multiplication becomes more efficient. The proposed algorithm uses Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudoMersenne number. As an application we show that the performance of pairings on BN curves in hardware can be significantly improved, resulting in a factor 2.5 speedup compared with stateoftheart hardware implementations.