Computing Cryptographic Pairings at the 128-Bit Security Level


Séminaire Modèles et Algorithmes Déterministes: CASYS

4/01/2012 - 10:15 Mr Jean-Luc Beuchat (University of Tsukuba) Salle 1 - Tour IRMA

Originally introduced in cryptography by Menezes, Okamoto & Vanstone (1993) then Frey & Rück (1994) to attack the discrete logarithm problem over a particular class of elliptic curves, pairings have
since then been put to a constructive use in various useful cryptographic protocols such as short digital signature or identity-based encryption. However, evaluating these pairings relies heavily on finite field arithmetic, and their computation is still expensive. Developing optimized software libraries and hardware
accelerators is therefore crucial.

In this talk, we will present hardware and software architectures designed to accelerate the computation of the Tate pairing on supersingular (hyper)elliptic curves. Our implementations satisfy the recommended security level of 128 bits.