Paper 2010/371

Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves

Nicolas Estibals

Abstract

This paper presents a novel method for designing compact yet efficient hardware implementations of the Tate pairing over supersingular curves in small characteristic. Since such curves are usually restricted to lower levels of security because of their bounded embedding degree, aiming for the recommended security of 128 bits implies considering them over very large finite fields. We however manage to mitigate this effect by considering curves over field extensions of moderately-composite degree, hence taking advantage of a much easier tower field arithmetic. This technique of course lowers the security on the curves, which are then vulnerable to Weil descent attacks, but a careful analysis allows us to maintain their security above the 128-bit threshold. As a proof of concept of the proposed method, we detail an FPGA accelerator for computing the Tate pairing on a supersingular curve over GF(3^(5*97)), which satisfies the 128-bit security target. On a mid-range Xilinx Virtex-4 FPGA, this accelerator computes the pairing in 2.2 ms while requiring no more than 4755 slices.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Tate pairingsupersingular elliptic curvesFPGA implementation.
Contact author(s)
Nicolas Estibals @ loria fr
History
2010-09-13: revised
2010-06-28: received
See all versions
Short URL
https://ia.cr/2010/371
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/371,
      author = {Nicolas Estibals},
      title = {Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves},
      howpublished = {Cryptology ePrint Archive, Paper 2010/371},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/371}},
      url = {https://eprint.iacr.org/2010/371}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.