This version is forked from the original pairings_in_c project, modified to support Cortex-m33 (optimized 64-bit multiplication) and to be implemented on nRF9160 development kit, but easily modified for other boards. The project contains the necessary linker scripts and makefiles for bare-metal implementation for nRF9160. Requires ARM CMSIS_5 (Cortex Microcontroller Software Interface Standard) and nRF SDK (see links below) as accompaniment when building (see links below). Requires also the nRF Commandline tools for flashing and ARM GNU toolchain. The project has been built and tested in Unix, with nRF5 SDK v 17.0.2, and ARM GNU toolchain 9-2020-q2.
By default, the current setup runs the cycle/cache miss benchmarks for the optimal ate pairing and different subfunctions (curve point, field extension arithmetic, etc). Cache profiling is on by default, the flags locate in framework/src/arch/nrf9160/board_init.c and /framework/include/util.h.
Building: use the bash script nrf9160-app-init-build. Modify SDK, CMSIS and GCC ARM toolchain versions and paths on the script.
Flashing: nrfjprog --program build/bench.hex -f NRF91 --sectorerase
Traces can be read from any terminal, the used baud rate is 115200 and serial line is UART.
CMSIS_5: https://github.com/ARM-software/CMSIS_5
nRF5 SDK: https://www.nordicsemi.com/Software-and-tools/Software/nRF5-SDK/Download#infotabs
GNU ARM toolchain: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads
android_demo: A demo application for pairing-based group signatures.doc: Documentation for the pairing library and the demo application.framework: The source files for the pairing library.benchmark: Contains an application for benchmarking the library.cmake: CMake configuration files.demo: Applications showing the versatility of the pairing library.include: Header files of the pairing library.linker: Linker scripts.src: Source files of the pairing library.test: Applications containing test vectors for each arithmetic layer of the library.
- cmake
- a C compiler for the targeted platform
Optional:
- doxygen (for the code documentation)
- lcov & genhtml (for coverage testing)
The library in the subdirectory framework can be built like any other cmake project with the following commands:
$ mkdir <build-directory>
$ cd <build-directory>
$ cmake [cmake-options] <source-directory>
$ cmake --build . [--target <target-name>]
The cmake-options are of the form -D<option>=<value> and are optional.
Selection of cmake-options:
ARCHITECTURE: The target architecture. (default:ARCH_X86)BENCHMARK_SRC: The time source for benchmarks. (BM_CYCLE,BM_CLOCK)CMAKE_BUILD_TYPE: The desired build type. (Debug,Release,MinSizeRel, ...; default:MinSizeRel)CMAKE_TOOLCHAIN_FILE: Path to the toolchain file for cross compilation. (examples can be found undercmake/toolchain)CMAKE_INSTALL_PREFIX: Path to the desired installation root.TEST_COVERAGE: Build library with profiling information to enable test coverage generation. (ON,OFF)INSTALL_DOXYGEN: Include the doxygen documentation when installing/packaging. (ON,OFF)
If no target name is specified for make, the default target, the library itself, is built.
Selection of target-names:
suite: Build the test applications.test_X: Build testXto verify output.coverage: Run the all tests and generate a coverage report. (requiresTEST_COVERAGE=ON)doxygen: Generate the doxygen documentation into the build directory.package: Build the library and package the result including headers for distribution.package_source: Package the source tree for distribution.
The library comes with a comprehensive test set created in advance. Each arithmetic layer involved in the pairing computations, i.e., multi-precision integer, prime field, elliptic curves, and pairing arithmetic itself, is tested in a separate test program consisting of test vectors invoked on the library interface. The target suite can be used to built these test applications. The tests are then executed via the respective the test programs that print the test result on the console, e.g.:
$ <build-directory>/bin/test_fp
The subdirectory demo of the library provides a set of simple console demo applications:
gss_hwang_demo: Group signature scheme by Hwang et al. [3].ibe_demo: Key encapsulation variant of the identity-based encryption scheme by Boneh et al. [1].pairing_demo: Simple demonstration of the bilinearity property.sdh_zk_demo: Group signature scheme by Boneh et al. [2].
These demo applications can be built and invoked as follows:
$ cd <build-directory>
$ make <demo-application>
$ out/bin/demo-application
The Android demo implements the group signature scheme by Boneh et al [2]. It uses the android-ndk to delegate the group signature operations to native C code built upon our library and to transfer the data involved in the group signature operations via the Java Native Interface (JNI). The native code provides both the sign and verify operations and is supplied with the secret group credentials from the Java code.
The application can be started in either signer or verifier mode. The signer obtains a signature for a specific message from our library using JNI and transmits the resulting signature to the verifier using Near Field Communication (NFC). The generated signatures are transferred via NFC to a device running the application as a verifier. The verifier receiving the anonymous group signature then checks its validity. However, for demonstration purposes it also implements the opening feature that usually is only available to the group manager, allowing to reveal the signer's identity.
Using the library is straight forward given the header files and the static library (libpairings_in_c.a). It has however to be considered that the user code is compiled with the same ARCHITECTURE preprocessor definition as during compilation of the library.
The library supports both a 160-bit and a 254-bit elliptic curve and bilinear pairings suitable for these curves. Relevant configurations like the elliptic curve and optimizations to be used can be done in the file framework/include/config.h.
The subdirectory benchmark contains a simple application that allows to benchmark the operations at each arithmetic layer. Depending on the target platform, either the number of consumed clock cycles or the required amount of time is obtained. This already has to be considered during build configuration and thus the BENCHMARK_SRC has to be passed to cmake appropriately.
- Thomas Unterluggauer ([email protected])
- Erich Wenger ([email protected])
- Raphael Spreitzer ([email protected])
- Mario Werner ([email protected])
- René Hölbling ([email protected])
Custom Commercial License or GPLv3 License.
[1] Boneh, Dan, and Xavier Boyen. "Secure identity based encryption without random oracles." Advances in Cryptology–Crypto 2004. Springer Berlin Heidelberg, 2004.
[2] Boneh, Dan, Xavier Boyen, and Hovav Shacham. "Short group signatures." Advances in Cryptology–CRYPTO 2004. Springer Berlin Heidelberg, 2004.
[3] Hwang, Jung Yeon, et al. "Short group signatures with controllable linkability." Lightweight Security & Privacy: Devices, Protocols and Applications (LightSec), 2011 Workshop on. IEEE, 2011.
[4] Unterluggauer, Thomas, and Erich Wenger. "Efficient pairings and ECC for embedded systems." Cryptographic Hardware and Embedded Systems–CHES 2014. Springer Berlin Heidelberg, 2014. 298-315.