High-Speed Software Implementation Of The Optimal Ate Pairing Over Barreto-Naehrig Curves

This paper describes the design of a fast software library for the computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve. Our library is able to compute the optimal ate pairing over a 254-bit prime field F-p, in just 2.33 million of clock cycles on a single core of an Intel Core i7 2.8GHz processor, which implies that the pairing computation takes 0.832msec. We are able to achieve this performance by a careful implementation of the base field arithmetic through the usage of the customary Montgomery multiplier for prime fields. The prime field is constructed via the Barreto-Naehrig polynomial parametrization of the prime p given as, p = 36t(4) + 36t(3) + 24t(2) + 6t + 1, with t = 2(62) - 2(54) + 2(44). This selection of t allows us to obtain important savings for both the Miller loop as well as the final exponentiation steps of the optimal ate pairing.