A coprocessor for the final exponentiation of the ητ pairing in characteristic three

Since the introduction of pairings over (hyper)elliptic curves in constructive cryptographic applications, an ever increasing number of protocols based on pairings have appeared in the literature. Software implementations being rather slow, the study of hardware architectures became an active research area. Beuchat et al. proposed for instance a coprocessor which computes the characteristic three eta(T) pairing, from which the Tate pairing can easily be derived, in 33 mu s on a Cyclone II FPGA. However, a final exponentiation is required to ensure a unique output value and the authors proposed to supplement their eta(T) pairing accelerator with a coprocessor for exponentiation. Thus, the challenge consists in designing the smallest possible piece of hardware able to perform this task in less than 33 mu s on a Cyclone II device. In this paper, we propose a novel arithmetic operator implementing addition, cubing, and multiplication over F-397 and show that a coprocessor based on a single such operator meets this timing constraint.