TY - JOUR
T1 - Algorithms and arithmetic operators for computing the ηT pairing in characteristic three
AU - Beuchat, Jean Luc
AU - Brisebarre, Nicolas
AU - Detrey, Jérémie
AU - Okamoto, Eiji
AU - Shirase, Masaaki
AU - Takagi, Tsuyoshi
N1 - Funding Information:
This work was supported by the New Energy and Industrial Technology Development Organization (NEDO), Japan. The authors would like to thank Guillaume Hanrot, Francisco Rodríguez-Henríquez, Guerric Meurice de Dormale, and the anonymous referees for their valuable comments.
PY - 2008
Y1 - 2008
N2 - Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we discuss several algorithms to compute the ηT pairing in characteristic three and suggest further improvements. These algorithms involve addition, multiplication, cubing, inversion, and sometimes cube root extraction over F3m. We propose a hardware accelerator based on a unified arithmetic operator able to perform the operations required by a given algorithm. We describe the implementation of a compact coprocessor for the field F397) given by F3[x]/(x97 + x12 + 2), which compares favorably with other solutions described in the open literature.
AB - Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we discuss several algorithms to compute the ηT pairing in characteristic three and suggest further improvements. These algorithms involve addition, multiplication, cubing, inversion, and sometimes cube root extraction over F3m. We propose a hardware accelerator based on a unified arithmetic operator able to perform the operations required by a given algorithm. We describe the implementation of a compact coprocessor for the field F397) given by F3[x]/(x97 + x12 + 2), which compares favorably with other solutions described in the open literature.
UR - http://www.scopus.com/inward/record.url?scp=54049118059&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=54049118059&partnerID=8YFLogxK
U2 - 10.1109/TC.2008.103
DO - 10.1109/TC.2008.103
M3 - Article
AN - SCOPUS:54049118059
SN - 0018-9340
VL - 57
SP - 1454
EP - 1468
JO - IEEE Transactions on Computers
JF - IEEE Transactions on Computers
IS - 11
ER -