We report on relative performance numbers for affine and projective pairings on a dual-core Cortex A9 ARM processor. Using a fast inversion in the base field and doing inversion in extension fields by using the norm map to reduce to inversions in smaller fields, we find a very low ratio of inversion-to-multiplication costs. In our implementation, this favors using affiffine coordinates, even for the current 128-bit minimum security level specified by NIST. We use Barreto-Naehrig (BN) curves and report on the performance of an optimal ate pairing for curves covering security levels between 128 and 192 bits.We compare with other reported performance numbers for pairing computation on ARM CPUs.

In  Pairing 2012

Publisher  Springer Verlag

Details

Previous Versions

Tolga Acar, Kristin Lauter, Michael Naehrig, and Daniel Shumow. Affine Pairings on ARM, International Association for Cryptologic Research, 16 May 2011.