Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves

With the ever increasing amount of digital communication and data transfers, the importance of data security is growing rapidly and with it the need for secure cryptographic protocols. Cryptographic pairings are primitives which can be used to implement various cryptographic protocols, such as identity-based encryption where the public key can be an arbitrary identifier (e.g. the telephone number or the email address) and short digital signatures which are for instance important whenever humans need to enter the signature manually.

Cryptographic pairings are based on elliptic curves over finite fields. The mathematically best suited curves fulfilling both security requirements and computational feasibility are Barreto-Naehrig curves (BN curves) [1], which are defined over a finite field of large prime order. Efficient arithmetic in these fields is crucial for fast computation of pairings. Moreover, computation of cryptographic pairings is much more complex than elliptic-curve cryptography in general.

Therefore, the goal of this project is to design an application-specific instruction-set processor (ASIP) accelerating various pairing algorithms and facilitate its programming by providing a C compiler. The whole development is based on the architecture description language LISA. In order to speed up field arithmetic, a RISC core is extended with additional functional units. The critical path delay of these units is adjusted to the base architecture in order to maintain the operating frequency. Independently from that adjustment, these units are scalable allowing for a trade-off between execution time and area consumption. Because the resulting speedup can be limited by the memory throughput, the memory architecture of the ASIP is investigated in depth in this project.

The project has been carried out within the scope of the UMIC research cluster in cooperation with the Institute for Theoretical Information Technology, RWTH Aachen University, and the Institute for the Protection of Systems and Information, Eindhoven University of Technology. Conceptual and architectural details of the Pairing ASIP can be found in the international publications at the end of this page.

[1] P. S. L. M. Barreto and M. Naehrig, "Pairing-friendly elliptic curves of prime order", in Selected Areas in Cryptography, ser. Lecture Notes in Computer Science, B. Preneel and S. Tavares, Eds. Springer Berlin/Heidelberg, 2006, vol. 3897, pp. 319–331.


David Kammler, Diandian Zhang, Hanno Scharwächter, Dominik Auras


Cooperation partner

  • Institute for Theoretical Information Technology, RWTH Aachen University
  • Institute for the Protection of Systems and Information, Eindhoven University of Technology


Kammler, D., Bauwens, B., Witte, E. M., Ascheid, G., Leupers, R., Meyr, H. and Chattopadhyay, A.: Automatic Generation of Memory Interfaces, in Proceedings of the International Symposium on System-on-Chip (SoC)(Tampere, Finland), pp. 77--82, Oct. 2009