Highly-parallel hardware implementation of optimal ate pairing over Barreto-Naehrig curves

Bilinear pairing over elliptic curves is the key technology to construct identity based encryption schemes. An appropriate hardware design can significantly speed up pairing computation. In this paper, we present a highly-parallel hardware design for optimal ate pairing over Barreto-Naehrig curves. The proposed design exploits parallelism at different levels of the pairing algorithm, including Fp and Fp2 operations as well as the operations based on Fp2. Especially the proposed architecture of dual Fp2 units at the top level makes the pairing computation more efficient. Finally, we implement a system on chip (SoC) that contains Microblaze CPU, AXI-Lite bus and the pairing computation unit. The design is verified on a Virtex-7 FPGA device with the parameters of pairing chosen according to the Identity-Based Cryptographic Algorithms SM9 enacted by China. The results show that our design computes the optimal ate pairing of 128-bit security within 394,806 cycles, which is about 3.4 ms under the working frequency of 115 MHz, and consumes about 28 k Slices and 128 DSPs.