Optimal Ate pairing 的硬體實作

Yun-An Chang; 張運安

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/62366

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	鄭振牟
dc.contributor.author	Yun-An Chang	en
dc.contributor.author	張運安	zh_TW
dc.date.accessioned	2021-06-16T13:43:55Z	-
dc.date.available	2013-07-18
dc.date.copyright	2013-07-18
dc.date.issued	2013
dc.date.submitted	2013-07-10
dc.identifier.citation	Bibliography [1] A. Menezes, T. Okamoto, and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field,” Information Theory, IEEE Transactions on, vol. 39, no. 5, pp. 1639–1646, 1993. [2] G. Frey and H.-G. R‥uck, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves,” Mathematics of Computation, vol. 62, pp. 865–874, 1994. [3] A. Joux, “A one round protocol for tripartite diffie–hellman,” in Algorithmic Number Theory, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2000, vol. 1838, pp. 385–393. [Online]. Available: http://dx.doi.org/10.1007/10722028 23 [4] D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Advances in Cryptology — CRYPTO 2001, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2139, pp. 213–229. [Online]. Available: http://dx.doi.org/10.1007/3-540-44647-8 13 [5] J. C. Cha and J. H. Cheon, “An identity-based signature from gap diffie-hellman groups,” in Public Key Cryptography — PKC 2003, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2002, vol. 2567, pp. 18–30. [Online]. Available: http://dx.doi.org/10.1007/3-540-36288-6 2 [6] D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the weil pairing,” Journal of Cryptology, vol. 17, no. 4, pp. 297–319, 2004. [Online]. Available: http://dx.doi.org/10.1007/s00145-004-0314-9 [7] D. Kammler, D. Zhang, P. Schwabe, H. Scharwaechter, M. Langenberg, D. Auras, G. Ascheid, and R. Mathar, “Designing an ASIP for cryptographic pairings over Barreto-Naehrig curves,” in Cryptographic Hardware and Embedded Systems - CHES 2009, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2009, vol. 5747, pp. 254–271. [Online]. Available: http: //dx.doi.org/10.1007/978-3-642-04138-9 19 21 [8] J. Fan, F. Vercauteren, and I. Verbauwhede, “Faster Fp-arithmetic for cryptographic pairings on Barreto-Naehrig curves,” in Cryptographic Hardware and Embedded Systems - CHES 2009, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2009, vol. 5747, pp. 240–253. [Online]. Available: http: //dx.doi.org/10.1007/978-3-642-04138-9 18 [9] S. Ghosh, D. Mukhopadhyay, and D. Roychowdhury, “High speed flexible pairing cryptoprocessor on FPGA platform,” in Pairing-Based Cryptography - Pairing 2010, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2010, vol. 6487, pp. 450–466. [Online]. Available: http://dx.doi.org/10.1007/ 978-3-642-17455-1 28 [10] R. Cheung, S. Duquesne, J. Fan, N. Guillermin, I. Verbauwhede, and G. Yao, “FPGA implementation of pairings using residue number system and lazy reduction,” in Cryptographic Hardware and Embedded Systems – CHES 2011, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2011, vol. 6917, pp. 421–441. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-23951-9 28 [11] S. Ghosh, D. Roychowdhury, and A. Das, “High speed cryptoprocessor for T pairing on 128-bit secure supersingular elliptic curves over characteristic two fields,” in Cryptographic Hardware and Embedded Systems – CHES 2011, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2011, vol. 6917, pp. 442–458. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-23951-9 29 [12] P. Barreto and M. Naehrig, “Pairing-friendly elliptic curves of prime order,” in Selected Areas in Cryptography, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2006, vol. 3897, pp. 319–331. [Online]. Available: http://dx.doi.org/10.1007/11693383 22 [13] F. Vercauteren, “Optimal pairings,” Information Theory, IEEE Transactions on, vol. 56, no. 1, pp. 455–461, 2010. [14] “Pairing computation on BN curves,” http://cryptojedi.org/crypto/#bnpairings. [15] V. S. Miller, “The weil pairing, and its efficient calculation,” Journal of Cryptology, vol. 17, no. 4, pp. 235–261, 2004. [Online]. Available: http://dx.doi.org/10.1007/s00145-004-0315-8 [16] A. Devegili, M. Scott, and R. Dahab, “Implementing cryptographic pairings over Barreto-Naehrig curves,” in Pairing-Based Cryptography – Pairing 2007, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2007, vol. 4575, pp. 197–207. [Online]. Available: http://dx.doi.org/10.1007/978-3-540-73489-5 10 [17] M. Rajagopalan and V. H. Allan, “Efficient scheduling of fine grain parallelism in loops,” in Microarchitecture, 1993., Proceedings of the 26th Annual International Symposium on. IEEE, 1993, pp. 2–11. [18] D. Cordes, P. Marwedel, and A. Mallik, “Automatic parallelization of embedded software using hierarchical task graphs and integer linear programming,” in Hardware/Software Codesign and System Synthesis (CODES+ISSS), 2010 IEEE/ACM/IFIP International Conference on, 2010, pp. 267–276. [19] V. Sarkar, “Automatic partitioning of a program dependence graph into parallel tasks,” IBM Journal of Research and Development, vol. 35, no. 5.6, pp. 779–804, 1991. [20] A. Darte, Y. P. Robert, F. Vivien, and F. Vivien, Scheduling and automatic Parallelization. Springer, 2000. [21] J. G. Steffan and T. C. Mowry, “The potential for using thread-level data speculation to facilitate automatic parallelization,” in High-Performance Computer Architecture, 1998. Proceedings., 1998 Fourth International Symposium on. IEEE, 1998, pp. 2– 13. [22] R. Nikhil, “Bluespec system verilog: efficient, correct RTL from high level specifications,” in Formal Methods and Models for Co-Design, 2004. MEMOCODE ’04. Proceedings. Second ACM and IEEE International Conference on, 2004, pp. 69–70. [23] J.-R. Shih, “An efficient ASIC implementation of lattice-based and multivariate postquantum cryptography,” Master’s thesis, National Taiwan University, 2012. [24] P. L. Montgomery, “Modular multiplication without trial division,” Mathematics of Computation, vol. 44, pp. 519–521, 1985. [25] J. Fan, F. Vercauteren, and I. Verbauwhede, “Efficient hardware implementation of Fp-arithmetic for pairing-friendly curves,” Computers, IEEE Transactions on, vol. 61, no. 5, pp. 676–685, 2012.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/62366	-
dc.description.abstract	Bilinear pairings on elliptic curves have many applications in both constructive cryptography and cryptanalysis. Pairing computation is much more complicated compared to that of other popular public-key cryptosystems. Efficient implementation of cryptographic pairing has thus received increasing interest, both from software and hardware approaches, pursuing higher speed or, in the cases of hardware implementation, smaller time-area product. In this paper, we will present the design and implementation of a programmable cryptographic coprocessor that supports various pairings at 128-bit security level. Unlike the general architecture, our design is optimized for carrying out pairing computation over fields of large characteristics. As a result, our design stays competitive even compared with specialized implementations in terms of time-area product. For example, we will show that by using heterogeneous arithmetic units, we can achieve a significant speed-up for pairing computation over Barreto-Naehrig curves, resulting in an implementation that achieves a latency of 3.58 ms with a gate count of around 156K. To the best of our knowledge, this is the smallest time-area product achieved among all implementations of optimal ate pairing using application-specific integrated circuits.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T13:43:55Z (GMT). No. of bitstreams: 1 ntu-102-R00921032-1.pdf: 2137367 bytes, checksum: ff41a4ca6a9aa70dffae55fab082ccaf (MD5) Previous issue date: 2013	en
dc.description.tableofcontents	Contents 致謝i 中文摘要iii Abstract v 1 Introduction 1 2 Background 3 2.1 Bilinear Pairings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Barreto-Naehrig Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3 Computing Optimal Ate Pairing . . . . . . . . . . . . . . . . . . . . . . 4 3 Going Heterogeneous 7 4 The Design 9 4.1 Bluespec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4.2 Full Arithmetic Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3 Add-only Arithmetic Unit . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4.4 Processor Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5 Performance Evaluation 15 5.1 Tuning the Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.2 Performance Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . 16 6 Conclusion 19 Bibliography 21
dc.language.iso	en
dc.subject	特定應用積體電路實作	zh_TW
dc.subject	Optimal Ate pairing	zh_TW
dc.subject	Barreto-Naehrig 曲線	zh_TW
dc.subject	Optimal Ate pairing	en
dc.subject	Barreto-Naehrig Curve	en
dc.subject	ASIC implementation	en
dc.title	Optimal Ate pairing 的硬體實作	zh_TW
dc.title	A hardware implementation of the optimal Ate pairing on a 256-bit Barreto-Naehrig curve	en
dc.type	Thesis
dc.date.schoolyear	101-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	楊柏因,陳君明
dc.subject.keyword	Optimal Ate pairing,Barreto-Naehrig 曲線,特定應用積體電路實作,	zh_TW
dc.subject.keyword	Optimal Ate pairing,Barreto-Naehrig Curve,ASIC implementation,	en
dc.relation.page	23
dc.rights.note	有償授權
dc.date.accepted	2013-07-10
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-102-1.pdf 未授權公開取用	2.09 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。