Affine Pairings on ARM

Paper 2011/243

Affine Pairings on ARM

Tolga Acar, Kristin Lauter, Michael Naehrig, and Daniel Shumow

Abstract

Pairings on elliptic curves are being used in an increasing number of cryptographic applications on many different devices and platforms, but few performance numbers for cryptographic pairings have been reported on embedded and mobile devices. In this paper we give performance numbers for affine and projective pairings on a dual-core Cortex A9 ARM processor and compare performance of the same implementation across three platforms: x86, x86-64 and ARM. Using a fast inversion in the base field and doing inversion in extension fields by using the norm map to reduce to inversions in smaller fields, we find a very low ratio of inversion-to-multiplication costs. In our implementation, this favors using affine coordinates on all three platforms, even for the current 128-bit minimum security level specified by NIST. We use Barreto-Naehrig (BN) curves and report on the performance of an optimal ate pairing for curves covering security levels roughly between 128 and 192 bits. We compare with other reported performance numbers for pairing computation on ARM processors.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Pairing computationaffine coordinatesoptimal ate pairingpairing costARM architecture.
Contact author(s)
michael @ cryptojedi org
History
2011-07-26: revised
2011-05-18: received
See all versions
Short URL
https://ia.cr/2011/243
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/243,
      author = {Tolga Acar and Kristin Lauter and Michael Naehrig and Daniel Shumow},
      title = {Affine Pairings on {ARM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/243},
      year = {2011},
      url = {https://eprint.iacr.org/2011/243}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.