Hydra: An energy-efficient programmable cryptographic coprocessor supporting elliptic-curve pairings over fields of large characteristics

Bilinear pairings on elliptic curves have many applications in cryptography and cryptanalysis. Pairing computation is more complicated compared to that of other popular public-key cryptosystems. Efficient implementation of cryptographic pairing, both software- and hardware-based approaches, has thus received increasing interest. In this paper, we focus on hardware implementation and present the design of Hydra, an energy-efficient programmable cryptographic coprocessor that supports various pairings over fields of large characteristics. We also present several implementations of Hydra, among which the smallest only uses 116 K gates when synthesized in TSMC 90 nm standard cell library. Despite the extra programmability, our design is competitive compared even with specialized implementations in terms of time-area-cycle product, a common figure of merit that provides a good measure of energy efficiency. For example, it only takes 3.04 ms to compute an optimal ate pairing over Barreto-Naehrig curves when the chip operates at 200 MHz. This is certainly a very small time-area-cycle product among all hardware implementations of cryptographic pairing in the current literature.