Journal of Cryptology

, Volume 23, Issue 2, pp 224–280

A Taxonomy of Pairing-Friendly Elliptic Curves

Open AccessArticle

DOI: 10.1007/s00145-009-9048-z

Cite this article as:
Freeman, D., Scott, M. & Teske, E. J Cryptol (2010) 23: 224. doi:10.1007/s00145-009-9048-z

Abstract

Elliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairing-based cryptographic systems. Such “pairing-friendly” curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature. We also include new constructions of pairing-friendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairing-friendly curves to choose to best satisfy a variety of performance and security requirements.

Keywords

Elliptic curvesPairing-based cryptosystemsEmbedding degreeEfficient implementation
Download to read the full article text

Copyright information

© The Author(s) 2009

Authors and Affiliations

  1. 1.CWI and Universiteit LeidenAmsterdamThe Netherlands
  2. 2.School of Computer ApplicationsDublin City UniversityDublin 9Ireland
  3. 3.Dept. of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada