Computing bilinear pairings on elliptic curves with automorphisms

Designs Codes and Cryptography (Impact Factor: 0.78). 01/2011; 58(1):35-44. DOI: 10.1007/s10623-010-9383-y
Source: DBLP

ABSTRACT In this paper, we present a novel method for constructing a super-optimal pairing with great efficiency, which we call the
omega pairing. The computation of the omega pairing requires the simple final exponentiation and short loop length in Miller’s
algorithm which leads to a significant improvement over the previously known techniques on certain pairing-friendly curves.
Experimental results show that the omega pairing is about 22% faster and 19% faster than the super-optimal pairing proposed
by Scott at security level of AES 80 bits on certain pairing-friendly curves in affine coordinate systems and projective coordinate
systems, respectively.

KeywordsElliptic curves–Automorphism–Pairing based cryptography–Weil pairing

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: 2 DGA sorina.ionica, Abstract. Scott uses an eciently computable isomorphism in order to optimize pairing computation on a particular class of curves with embed- ding degree 2. He points out that pairing implementation becomes thus faster on these curves than on their supersingular equivalent, originally recommended by Boneh and Franklin for Identity Based Encryption. We extend Scott's method to other classes of curves with small embedding degree and eciently computable endomorphism.
    IACR Cryptology ePrint Archive. 01/2010; 2010:379.
  • [Show abstract] [Hide abstract]
    ABSTRACT: In pairing-based cryptography, most researches are focused on elliptic curves of embedding degrees greater than six, but less on curves of small embedding degrees, although they are important for pairing-based cryptography over composite-order groups. This paper analyzes efficient pairings on ordinary elliptic curves of embedding degree 1 and 2 from the point of shortening Miller's loop. We first show that pairing lattices presented by Hess can be redefined on composite-order groups. Then we give a simpler variant of the Weil pairing lattice which can also be regarded as an Omega pairing lattice, and extend it to ordinary curves of embedding degree 1. In our analysis, the optimal Omega pairing, as the super-optimal pairing on elliptic curves of embedding degree 1 and 2, could be more efficient than Weil and Tate pairings. On the other hand, elliptic curves of embedding degree 2 are also very useful for pairings on elliptic curves over RSA rings proposed by Galbraith and McKee. So we analyze the construction of such curves over RSA rings, and redefine pairing lattices over RSA rings. Specially, modified Omega pairing lattices over RSA rings can be computed without knowing the RSA trapdoor. Furthermore, for keeping the trapdoor secret, we develop an original idea of evaluating pairings without leaking the group order.
    Cryptography and Coding - 13th IMA International Conference, IMACC 2011, Oxford, UK, December 12-15, 2011. Proceedings; 01/2011

Full-text (2 Sources)

Available from
May 16, 2014