## Details

Name: pairing

Created: Jan 17, 2012

Updated: Apr 18, 2012

SVN Updated: Mar 4, 2012

## Other project properties

Category:
Arithmetic core

Language:
Verilog

Development status:
Stable

Additional info:
Design done
,
FPGA proven
,
Specification done

WishBone Compliant: No

License: LGPL

## Description

The Tate Bilinear Pairing core is specially designed for running Tate bilinear pairing algorithm for hyperelliptic curve $y^2=x^3-x+1$ defined over $GF(3^m)$, where $m=97$ and $GF(3^m)$ is defined by $x^97+x^12+2$.

Generally speaking, The Tate bilinear pairing algorithm is a transformation that takes two points on an elliptic curve and outputs a nonzero element in the extension field $GF(3^{6m})$. Details of the algorithm is in the document.

The core is written in Verilog 2001, and it is carefully optimized for FPGA. For example, input signals are synchronous and sampled at the rising edge of the clock. Output signals are driven by flip-flops, and not directly connected to input signals by combinational logic. There is no latch, and only one clock domain in entire core.

The core runs at 131MHz on the Xilinx Virtex-4 XC4VLX200-11FF1513 FPGA board. It computes one Tate bilinear pairing within 75,839 clock cycles, which is 0.76 milliseconds @ 100MHz clock.

The core uses 49205(27%) LUTs, 35381(39%) slices, 31425(17%) flip-flops of the XC4VLX200-11FF1513 FPGA board.

The core is an open source Tate Bilinear Pairing core, under the license of LGPL version 3.

## Technical specification

Specification rev 0.1

## Features

- Tate bilinear pairing for hyper-elliptic curve $y^2=x^3-x+1$

- The irreducible polynomial is $x^97+x^12+2$

- Input length is 4*194 bits and output length is 1164 bits

- Fully synchronous design

- Fully synthesize-able

- ONLY ONE clock domain in entire core

- NO latch

- All output signals are buffered

- Vendor independent code

## Status

- The core is ready and available in Verilog from OpenCores svn

## TODO

- Increase the degree of the irreducible polynomial for improving the security level

- Use a better algorithm for the final exponentiation in $GF(3^{6m})$

## Donation

If this project has helped you, please
**
consider donating an FPGA to Homer Hsing
**
(Xilinx FPGA is preferred). To donate him will help him develop more valuable project, and is to help you.