# On Software Parallel Implementation of Cryptographic Pairings

@inproceedings{Grabher2008OnSP, title={On Software Parallel Implementation of Cryptographic Pairings}, author={Philipp Grabher and Johann Gro{\ss}sch{\"a}dl and Dan Page}, booktitle={IACR Cryptol. ePrint Arch.}, year={2008} }

A significant amount of research has focused on methods to improve the efficiency of cryptographic pairings; in part this work is motivated by the wide range of applications for such primitives. Although numerous hardware accelerators for pairing evaluation have used parallelism within extension field arithmetic to improve efficiency, thus far less emphasis has been placed on software exploitation of similar. In this paper we focus on parallelism within one pairing evaluation (intra-pairing…

## 45 Citations

FPGA Implementation of Pairings Using Residue Number System and Lazy Reduction

- Computer Science, MathematicsCHES
- 2011

This paper presents two FPGA-based high speed pairing designs using the Residue Number System and lazy reduction, and shows that by combining RNS, which is naturally suitable for parallel architectures, and lazy Reduction, the speed of pairing computation in hardware can be largely increased.

High-Speed Parallel Software Implementation of the ηT Pairing

- Computer ScienceCT-RSA
- 2010

A new parallelization of Miller's Algorithm to compute pairings is devised, providing an algorithm for pairing computation without increasing storage costs significantly and establishing a new state-of-the-art implementation of this pairing instantiation in this platform.

Use of SIMD Features to Speed up Eta Pairing

- Computer Science, MathematicsICETE
- 2012

This paper reports several of the implementations of eta pairing over finite fields of characteristics two and three, and exploits SIMD features available in Intel processors to speed up eta-pairing computations.

New Software Speed Records for Cryptographic Pairings

- Computer Science, MathematicsLATINCRYPT
- 2010

An implementation which computes the optimal ate pairing on a 257- bit Barreto-Naehrig curve in only 4,470,408 cycles on one core of an Intel Core 2 Quad Q6600 processor is presented.

Software implementation of binary elliptic curves: impact of the carry-less multiplier on scalar multiplication

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

Experimental results improving the state-of-the-art performance of halving and doubling-based scalar multiplication on NIST curves at the 112- and 192-bit security levels, and a new speed record for side-channel resistant scalarmultiplication in a random curve at the 128- bit security level are illustrated.

Efficient Hardware Implementation of Fp-Arithmetic for Pairing-Friendly Curves

- Computer Science, MathematicsIEEE Transactions on Computers
- 2012

A new method to speed up IFp-arithmetic in hardware for pairing-friendly curves, such as the well-known Barreto-Naehrig (BN) curves, using Montgomery reduction in a polynomial ring combined with a coefficient reduction phase using a pseudo-Mersenne number is described.

Highly-parallel hardware implementation of optimal ate pairing over Barreto-Naehrig curves

- Computer Science, MathematicsIntegr.
- 2019

Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves

- Computer Science, MathematicsCHES
- 2009

This paper presents a design-space exploration of an application-specific instruction-set processor (ASIP) for the computation of various cryptographic pairings over Barreto-Naehrig curves (BN curves), and facilitates programming of the proposed ASIP by providing a C compiler.

High-Throughput Elliptic Curve Cryptography Using AVX2 Vector Instructions

- Computer Science, MathematicsSAC
- 2020

It is argued in this paper that many real-world applications, such as server-side SSL/TLS handshake processing, would benefit more from throughput-optimized implementations than latencyoptimized ones.

Faster Pairing Coprocessor Architecture

- Computer Science, MathematicsPairing
- 2012

A high-speed pairing coprocessor using Residue Number System (RNS) which is intrinsically suitable for parallel computation and which outperforms all reported hardware and software designs.

## References

SHOWING 1-10 OF 41 REFERENCES

Parallel cryptographic arithmetic using a redundant Montgomery representation

- Computer Science, MathematicsIEEE Transactions on Computers
- 2004

It is shown that an SIMD parallel implementation of RSA can be around twice as fast as traditional sequential code, especially useful given the larger 2,048 bit RSA keys which are now being proposed for standard security levels.

Fast Elliptic Curve Multiplications with SIMD Operations

- Computer ScienceIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2004

This paper proposes efficient algorithms for assembling an elliptic curve addition (ECADD), doubling (ECDBL), and k-iterated ECDBL (k-ECDBL) with SIMD operations and proposes two fast parallelized scalar multiplication algorithms withSIMD resistant against side channel attacks.

Efficient Hardware for the Tate Pairing Calculation in Characteristic Three

- Computer ScienceCHES
- 2005

An architecture for the hardware implementation of the Tate pairing calculation based on a modified Duursma-Lee algorithm is proposed, leading to a similar calculation time in hardware as for operations over the base field GF(3m).

Elliptic curve cryptography on embedded multicore systems

- Computer ScienceDes. Autom. Embed. Syst.
- 2008

This paper implements Elliptic Curve Cryptography (ECC) on an embedded multicore system, and proposes an instruction scheduling method that utilizes all the cores to perform one modular operation in parallel and a scheduling method combining these two types of parallelism.

On Computing Products of Pairings

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2006

Evaluated methods for the Weil, Tate and Ate pairing algorithms for ordinary elliptic curves at various security levels allow implementors to make optimal algorithm choices for given scenarios, in which the number of pairings in the product, the security level, and the embedding degree are factors under consideration.

Performance Analysis and Parallel Implementation of Dedicated Hash Functions

- Computer Science, MathematicsEUROCRYPT
- 2002

To the best knowledge, this paper gives the first detailed measured performance analysis of SHA-256, SHA-512 and Whirlpool, which fully cover currently used and future promising hashing algorithms.

Vector microprocessors for cryptography

- Computer Science
- 2007

This thesis is the first attempt to implement embedded cryptography using vector processing techniques, and indicates that for vector versions of AES, RSA and ECC the performance improves in O(log(r).

High Security Pairing-Based Cryptography Revisited

- Computer Science, MathematicsANTS
- 2006

The Tate pairing is more efficient than the Weil pairing for all such security levels by using efficient exponentiation techniques in the cyclotomic subgroup backed by efficient squaring routines within the same subgroup.

Implementing Cryptographic Pairings over Barreto-Naehrig Curves

- Mathematics, Computer SciencePairing
- 2007

In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard PC and on a 32-bit smartcard. First we introduce a…

Efficient galois field arithmetic on SIMD architectures

- Computer Science, MathematicsSPAA '03
- 2003

SIMD architectures, such as the AltiVec extension to PowerPC[4], are employed to obtain high speed implementations in a variety of areas where data parallelism is encountered, such as audio and video…