Tate Bilinear Pairing Core Specification. Author: Homer Hsing

Similar documents
Elliptic Curve Group Core Specification. Author: Homer Hsing

EECS150 - Digital Design Lecture 21 - Design Blocks

Arithmetic Operators for Pairing-Based Cryptography

ECEN 651: Microprogrammed Control of Digital Systems Department of Electrical and Computer Engineering Texas A&M University

Laboratory Exercise #11 A Simple Digital Combination Lock

EECS150 - Digital Design Lecture 23 - FFs revisited, FIFOs, ECCs, LSFRs. Cross-coupled NOR gates

Hardware Acceleration of the Tate Pairing in Characteristic Three

Laboratory Exercise #8 Introduction to Sequential Logic

EECS150 - Digital Design Lecture 23 - FSMs & Counters

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields

Implementation Of Digital Fir Filter Using Improved Table Look Up Scheme For Residue Number System

EECS150 - Digital Design Lecture 17 - Sequential Circuits 3 (Counters)

Example: vending machine

Hardware Acceleration of the Tate Pairing in Characteristic Three

Arithmetic operators for pairing-based cryptography

EECS150 - Digital Design Lecture 11 - Shifters & Counters. Register Summary

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields

Introduction to the Xilinx Spartan-3E

A Novel Efficient Hardware Implementation of Elliptic Curve Cryptography Scalar Multiplication using Vedic Multiplier

Some Efficient Algorithms for the Final Exponentiation of η T Pairing

EECS 579: Logic and Fault Simulation. Simulation

Parity Checker Example. EECS150 - Digital Design Lecture 9 - Finite State Machines 1. Formal Design Process. Formal Design Process

Pipelined Viterbi Decoder Using FPGA

Arithmetic Operators for Pairing-Based Cryptography

EECS150 - Digital Design Lecture 18 - Counters

EECS150 - Digital Design Lecture 18 - Counters

Linear Feedback Shift Registers (LFSRs) 4-bit LFSR

ABHELSINKI UNIVERSITY OF TECHNOLOGY

EECS150 - Digital Design Lecture 25 Shifters and Counters. Recap

6 Synchronous State Machine Design

Appendix B. Review of Digital Logic. Baback Izadi Division of Engineering Programs

A Pipelined Karatsuba-Ofman Multiplier over GF(3 97 ) Amenable for Pairing Computation

Mappings of elliptic curves

EECS Components and Design Techniques for Digital Systems. Lec 26 CRCs, LFSRs (and a little power)

FPGA accelerated multipliers over binary composite fields constructed via low hamming weight irreducible polynomials

Digital Control of Electric Drives

FPGA Resource Utilization Estimates for NI crio LabVIEW FPGA Version: 8.6 NI-RIO Version: 3.0 Date: 8/5/2008

Reduced-Area Constant-Coefficient and Multiple-Constant Multipliers for Xilinx FPGAs with 6-Input LUTs

An Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation

or 0101 Machine

Arithmetic Operators for Pairing-Based Cryptography

EGR224 F 18 Assignment #4

FPGA Resource Utilization Estimates for NI PXI-7854R. LabVIEW FPGA Version: 8.6 NI-RIO Version: 3.0 Date: 8/5/2008

Digital Logic Design - Chapter 4

COVER SHEET: Problem#: Points

Radiation Induced Multi bit Upsets in Xilinx SRAM Based FPGAs

Lessons Learned from High-Speed Implementa6on and Benchmarking of Two Post-Quantum Public-Key Cryptosystems

Chapter 7 Sequential Logic

Hardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols

EECS150 - Digital Design Lecture 22 - Arithmetic Blocks, Part 1

Design and FPGA Implementation of Radix-10 Algorithm for Division with Limited Precision Primitives

Theoretical Modeling of the Itoh-Tsujii Inversion Algorithm for Enhanced Performance on k-lut based FPGAs

Solving the Discrete Logarithm of a 113-bit Koblitz Curve with an FPGA Cluster

Side Channel Analysis and Protection for McEliece Implementations

Formulas for cube roots in F 3 m

FPGA-Based Elliptic Curve Cryptography for RFID Tag Using Verilog

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Department of Electrical Engineering and Computer Sciences

Lab #10: Design of Finite State Machines

2. Accelerated Computations

Outline. EECS Components and Design Techniques for Digital Systems. Lec 18 Error Coding. In the real world. Our beautiful digital world.

Fundamentals of Computer Systems

A Comparison between Hardware Accelerators for the Modified Tate Pairing over F 2

Hardware Architectures of Elliptic Curve Based Cryptosystems over Binary Fields

FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes

Fast FPGA Placement Based on Quantum Model

Design and Implementation of High Speed CRC Generators

CSC 322: Computer Organization Lab

Efficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography

SFI Channel SDR Interface with Bus Alignment Author: Greg Burton

Laboratory Exercise #10 An Introduction to High-Speed Addition

EECS150 - Digital Design Lecture 16 Counters. Announcements

Chapter 6. Synchronous Sequential Circuits

International Journal of Advanced Computer Technology (IJACT)

CSE 140 Midterm 2 Tajana Simunic Rosing. Spring 2008

MAHALAKSHMI ENGINEERING COLLEGE TIRUCHIRAPALLI

Représentation RNS des nombres et calcul de couplages

FSM Examples. Young Won Lim 11/6/15

UNIVERSITY OF BOLTON SCHOOL OF ENGINEERING BENG (HONS) ELECTRICAL & ELECTRONICS ENGINEERING EXAMINATION SEMESTER /2017

EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs)

EECS Components and Design Techniques for Digital Systems. FSMs 9/11/2007

Design and Study of Enhanced Parallel FIR Filter Using Various Adders for 16 Bit Length

EECS150 - Digital Design Lecture 15 SIFT2 + FSM. Recap and Outline

Hardware testing and design for testability. EE 3610 Digital Systems

King Fahd University of Petroleum and Minerals College of Computer Science and Engineering Computer Engineering Department

Efficient Hardware Calculation of Inverses in GF (2 8 )

Pin Details of Digital Logic Gates:

COE 202: Digital Logic Design Sequential Circuits Part 4. Dr. Ahmad Almulhem ahmadsm AT kfupm Phone: Office:

10/12/2016. An FSM with No Inputs Moves from State to State. ECE 120: Introduction to Computing. Eventually, the States Form a Loop

An FPGA-based Accelerator for Tate Pairing on Edwards Curves over Prime Fields

Using Global Clock Networks

ENGG 1203 Tutorial _03 Laboratory 3 Build a ball counter. Lab 3. Lab 3 Gate Timing. Lab 3 Steps in designing a State Machine. Timing diagram of a DFF

University of Toronto Faculty of Applied Science and Engineering Edward S. Rogers Sr. Department of Electrical and Computer Engineering

HIGH RESOLUTIO TIME-I TERVAL MEASUREME T SYSTEMS APPLIED TO FLOW MEASUREME T. Sławomir Grzelak, Marcin Kowalski, Jarosław Czoków and Marek Zieliński

University of Toronto Faculty of Applied Science and Engineering Edward S. Rogers Sr. Department of Electrical and Computer Engineering

CMSC 313 Lecture 25 Registers Memory Organization DRAM

Vidyalankar S.E. Sem. III [EXTC] Digital Electronics Prelim Question Paper Solution ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD = B

Programmable Logic Devices II

FPGA-based Key Generator for the Niederreiter Cryptosystem using Binary Goppa Codes

Exploiting Partial Dynamic Reconfiguration for On-Line On-Demand Detection of Permanent Faults in SRAM-based FPGAs

Sequential Circuit Analysis

Transcription:

Tate Bilinear Pairing Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 March 4, 2012

This page has been intentionally left blank. www.opencores.org Rev 0.1 ii

Revision History Rev. Date Author Description 0.1 01/31/2012 Homer Hsing First Draft 02/02/2012 02/10/2012 03/04/2012 Homer Hsing Homer Hsing Homer Hsing Detailed input data capture time in the section Input timing pattern Detailed description for the ModelSim macro file and the main test bench file New email and new English name of the author www.opencores.org Rev 0.1 iii

Contents INTRODUCTION...1 ARCHITECTURE...3 INTERFACE...4 TIMING DIAGRAMS...5 FPGA IMPLEMENTATION...7 TEST BENCH...8 REFERENCES...9 www.opencores.org Rev 0.1 iv

1 Introduction The Tate Bilinear Pairing core is for calculating Tate bilinear pairing especially on supersingular elliptic curve in affine coordinates defined over a Galois field ( ), whose irreducible polynomial is. (For improving security, an irreducible polynomial with higher degree might be used in the future.) The above elliptic curve contains a large cyclic subgroup of prime order. Also divides and not any, and does not divide. Now ( ( )) contains an -torsion group [ ]( ( )) and ( ( )) also contains an -torsion group [ ]( ( )). The Tate bilinear pairing (of order ) is a bilinear map between [ ]( ( )) and [ ]( ( )) to an element of the multiplicative group ( ), i.e. [ ]( ( )) [ ]( ( )) ( ) (1) It is necessary to raise the value on the right hand side to the power ( ) to obtain a unique value in ( ). Consider ( ) ( ) [ ]( ( )) i.e. ( ) and define a distortion map as ( ) ( ) ( ) (2), where ( ) satisfying and. Then the Tate pairing is defined on points [ ]( ( )) as ( ) ( ( )) ( ) (3) Generally speaking, the Tate pairing is a transformation that takes in two elements in the elliptic curve point group and outputs a nonzero element in the extension field ( ). The Tate pairing performs in two stages: Stage 1: calculation of ( ) [ ]( ( )) in the rational function on ( ( )) such that ( ) [ ] [ ], i.e. ( ( )) ( ( )) ( ). This is by Algorithm 1 (Modified Duursma-Lee algorithm) below. Stage 2: raising to the power www.opencores.org Rev 0.1 1 of 9

Algorithm 1 (Modified Duursma-Lee algorithm) Input: ( ) ( ) [ ]( ( )) Output: ( ( )) ( ) 1: ( ) ( ) 2: 3: 4: 5: next 6: return For more information about the Tate pairing please refer to [1], [2]. www.opencores.org Rev 0.1 2 of 9

2 Architecture The Tate Bilinear Pairing core consists of two fundamental modules, where the first module running Duursma-Lee algorithm, and the second module calculating the power. Tate Bilinear Pairing core Duursma-Lee algorithm module The module computing the power www.opencores.org Rev 0.1 3 of 9

3 Interface The Tate Bilinear Pairing core implements the signals shown in the table below. Input signals are synchronous and sampled at the rising edge of the clock. Output signals are driven by flip-flops, and not directly connected to input signals by combinational logic. For signals wider than 1 bit, the range is most significant bit down to least significant bit. Signal name Width In/Out Description clk 1 In clock Table 1: Interface signals reset 1 In active high synchronous reset x1 194 In one of input data y1 194 In one of input data x2 194 In one of input data y2 194 In one of input data done 1 Out The termination signal. It is inactive low after the reset signal asserted, and is active high only if the Tate pairing computation is done. out 1164 Out Output data. Its value is valid when the done signal is asserted. www.opencores.org Rev 0.1 4 of 9

4 Timing diagrams Input timing pattern When the reset signal is asserted, valid input data should be on the input signals and keep valid until the computation termination. The input data is captured at the moment when the rising edge of the clk signal meets the high value of the reset signal as shown by the blue arrow in Figure 1. clk ese x y x y XXXXXX XXXXXX XXXXXX XXXXXX Valid input data Valid input data Valid input data Valid input data Figure 1: Input timing pattern Output timing pattern clk ne u XXXXXX Valid output data www.opencores.org Rev 0.1 5 of 9

Figure 2: Output timing pattern www.opencores.org Rev 0.1 6 of 9

5 FPGA Implementation The core has only been verified on a Xilinx Virtex 4 XC4VLX200 FPGA. For this setup related configuration files is in the directory synthesis/xilinx. The code is vendor independent in Verilog 2001. Synthesis results on Xilinx Virtex 4 XC4VLX200-11FF1513, synthesized with Xilinx ISE 13.3: - Number of occupied slices: 30,149 - Number of 4 input LUTs: 47,083 - Number of flip-flops: 31,383 - Minimal period: 7.632 ns - Max achievable frequency: 131 MHz The number of clock cycles for one Tate pairing is 75,839. It means the core computes one Tate pairing in 0.76 milliseconds if with a 100MHz clock. www.opencores.org Rev 0.1 7 of 9

6 Test bench The file testbench/simulation.do is a batch file for ModelSim to compile the HDL files, setup the wave file, and begin function simulation. In order to make it work properly, the working directory of ModelSim must be the directory of testbench. The file testbench/test_tate_pairing.v is the main test bench for the Tate Bilinear Pairing core. The test bench is self-checked. It feeds input data to the core and compares the correct result with the output of the core. If the output is wrong, the test bench will display an error message. If the function of the core is wrong, some other self-checking test benches in the testbench directory may help. The object of each test bench is listed in the table below. File name Table 2: the object being tested by each test bench the object being tested test_f3_*.v arithmetic modules in ( ), i.e. addition, negation, multiplication test_f3m_*.v arithmetic modules in ( ), i.e. cubic, multiplication, inversion test_f32m_*.v multiplication module in ( ) test_f33m_*.v multiplication and inversion module in ( ) test_f36m*.v multiplication and cubic module in ( ) test_duursma_lee_algo.v module running Modified Duursma Lee algorithm test_second_part.v test_tate_pairing.v module raising to the power the outermost core www.opencores.org Rev 0.1 8 of 9

7 References [1] I. Duursma, H.S. Lee. Tate pairing implementation for hyper-elliptic curves. [2] T. Kerins, W. P. Marnane, E. M. Popovici, and P.S.L.M. Barreto. Efficient hardware for the Tate pairing calculation in characteristic three. www.opencores.org Rev 0.1 9 of 9

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback