Article

Journal of Cryptology

, Volume 23, Issue 2, pp 224-280

First online:

Open Access This content is freely available online to anyone, anywhere at any time.

A Taxonomy of Pairing-Friendly Elliptic Curves

  • David FreemanAffiliated withCWI and Universiteit Leiden Email author 
  • , Michael ScottAffiliated withSchool of Computer Applications, Dublin City University
  • , Edlyn TeskeAffiliated withDept. of Combinatorics and Optimization, University of Waterloo

Abstract

Elliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairing-based cryptographic systems. Such “pairing-friendly” curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature. We also include new constructions of pairing-friendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairing-friendly curves to choose to best satisfy a variety of performance and security requirements.

Keywords

Elliptic curves Pairing-based cryptosystems Embedding degree Efficient implementation