Faster explicit formulas for computing pairings over ordinary curves

Authors:
Diego F. Aranha;Koray Karabina;Patrick Longa;Catherine H. Gebotys;Julio López
Affiliations:
University of Campinas;Certicom Research;University of Waterloo;University of Waterloo;University of Campinas
Venue:
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Year:
2011

Citing 25
Cited 17

Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Identity-Based Encryption from the Weil Pairing

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient Algorithms for Pairing-Based Cryptosystems

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Solution of McCurley's Discrete Log Challenge

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Fast Implementation of Elliptic Curve Arithmetic in GF(pn)

PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A One Round Protocol for Tripartite Diffie–Hellman

Journal of Cryptology
The Weil Pairing, and Its Efficient Calculation

Journal of Cryptology
Asymmetric Squaring Formulae

ARITH '07 Proceedings of the 18th IEEE Symposium on Computer Arithmetic
Integer Variable Χ---Based Ate Pairing

Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves

Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
Faster $\mathbb{F}_p$-Arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Efficient and generalized pairing computation on Abelian varieties

IEEE Transactions on Information Theory
A Taxonomy of Pairing-Friendly Elliptic Curves

Journal of Cryptology
Efficient non-interactive proof systems for bilinear groups

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Optimal pairings

IEEE Transactions on Information Theory
New software speed records for cryptographic pairings

LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Constructing tower extensions of finite fields for implementation of pairing-based cryptography

WAIFI'10 Proceedings of the Third international conference on Arithmetic of finite fields
High-speed software implementation of the optimal ate pairing over Barreto-Naehrig curves

Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
A family of implementation-friendly BN elliptic curves

Journal of Systems and Software
Faster squaring in the cyclotomic subgroup of sixth degree extensions

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Faster pairing computations on curves with high-degree twists

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Pairing-Friendly elliptic curves of prime order

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
The Eta Pairing Revisited

IEEE Transactions on Information Theory
Implementing cryptographic pairings

Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Implementing cryptographic pairings over barreto-naehrig curves

Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography

A family of implementation-friendly BN elliptic curves

Journal of Systems and Software
FPGA implementation of pairings using residue number system and lazy reduction

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Faster hashing to G2

SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Optimal eta pairing on supersingular genus-2 binary hyperelliptic curves

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Parallelizing the weil and tate pairings

IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
On the efficient implementation of pairing-based protocols

IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Attractive subfamilies of BLS curves for implementing high-security pairings

INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks

Ad Hoc Networks
Core based architecture to speed up optimal ate pairing on FPGA platform

Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Faster pairing coprocessor architecture

Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Implementing pairings at the 192-bit security level

Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Affine pairings on ARM

Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Speeding up ate pairing computation in affine coordinates

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
NEON implementation of an attribute-based encryption scheme

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Comparing the pairing efficiency over composite-order and prime-order elliptic curves

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
High-Performance scalar multiplication using 8-dimensional GLV/GLS decomposition

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Inverting the final exponentiation of tate pairings on ordinary elliptic curves using faults

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe efficient formulas for computing pairings on ordinary elliptic curves over prime fields. First, we generalize lazy reduction techniques, previously considered only for arithmetic in quadratic extensions, to the whole pairing computation, including towering and curve arithmetic. Second, we introduce a new compressed squaring formula for cyclotomic subgroups and a new technique to avoid performing an inversion in the final exponentiation when the curve is parameterized by a negative integer. The techniques are illustrated in the context of pairing computation over Barreto-Naehrig curves, where they have a particularly efficient realization, and are also combined with other important developments in the recent literature. The resulting formulas reduce the number of required operations and, consequently, execution time, improving on the state-of-the-art performance of cryptographic pairings by 28%-34% on several popular 64-bit computing platforms. In particular, our techniques allow to compute a pairing under 2 million cycles for the first time on such architectures.