Computing bilinear pairings on elliptic curves with automorphisms

Designs Codes and Cryptography (Impact Factor: 0.73). 01/2011; 58(1):35-44. DOI: 10.1007/s10623-010-9383-y
Source: DBLP

ABSTRACT In this paper, we present a novel method for constructing a super-optimal pairing with great efficiency, which we call the
omega pairing. The computation of the omega pairing requires the simple final exponentiation and short loop length in Miller’s
algorithm which leads to a significant improvement over the previously known techniques on certain pairing-friendly curves.
Experimental results show that the omega pairing is about 22% faster and 19% faster than the super-optimal pairing proposed
by Scott at security level of AES 80 bits on certain pairing-friendly curves in affine coordinate systems and projective coordinate
systems, respectively.

KeywordsElliptic curves–Automorphism–Pairing based cryptography–Weil pairing

Download full-text


Available from: Fangguo Zhang, Apr 01, 2014
1 Follower
  • Source
    • "For the implementation of our signature scheme we also need a point P with order n and an efficiently computable pairing e n such that e n (P, P ) is a primitive n-th root of 1. The Weil pairing does not fulfill this requirement and also, in many instances, the Tate pairing; the same happens for the eta, ate or omega pairings [1] [10] [22]. Let ǫ n be one of the previous pairings on E[n]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we propose a signature scheme based on two intractable problems, namely the integer factorization problem and the discrete logarithm problem for elliptic curves. It is suitable for applications requiring long-term security and provides a more efficient solution than the existing ones.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: 2 DGA sorina.ionica, Abstract. Scott uses an eciently computable isomorphism in order to optimize pairing computation on a particular class of curves with embed- ding degree 2. He points out that pairing implementation becomes thus faster on these curves than on their supersingular equivalent, originally recommended by Boneh and Franklin for Identity Based Encryption. We extend Scott's method to other classes of curves with small embedding degree and eciently computable endomorphism.
  • [Show abstract] [Hide abstract]
    ABSTRACT: In pairing-based cryptography, most researches are focused on elliptic curves of embedding degrees greater than six, but less on curves of small embedding degrees, although they are important for pairing-based cryptography over composite-order groups. This paper analyzes efficient pairings on ordinary elliptic curves of embedding degree 1 and 2 from the point of shortening Miller's loop. We first show that pairing lattices presented by Hess can be redefined on composite-order groups. Then we give a simpler variant of the Weil pairing lattice which can also be regarded as an Omega pairing lattice, and extend it to ordinary curves of embedding degree 1. In our analysis, the optimal Omega pairing, as the super-optimal pairing on elliptic curves of embedding degree 1 and 2, could be more efficient than Weil and Tate pairings. On the other hand, elliptic curves of embedding degree 2 are also very useful for pairings on elliptic curves over RSA rings proposed by Galbraith and McKee. So we analyze the construction of such curves over RSA rings, and redefine pairing lattices over RSA rings. Specially, modified Omega pairing lattices over RSA rings can be computed without knowing the RSA trapdoor. Furthermore, for keeping the trapdoor secret, we develop an original idea of evaluating pairings without leaking the group order.
    Cryptography and Coding - 13th IMA International Conference, IMACC 2011, Oxford, UK, December 12-15, 2011. Proceedings; 01/2011