Abstract
We describe, in detail sufficient for easy implementation, a fast method for calculation of the Tate pairing, as required for pairing-based cryptographic protocols. We point out various optimisations and tricks, and compare timings of a pairing-based Identity Based Encryption scheme with an optimised RSA implementation.
Keywords
Research supported by Enterprise Ireland grant IF/2002/0312/N.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barreto, P.S.L.M.: The pairing-based crypto lounge (2004), http://planeta.terra.com.br/informatica/paulobarreto/pblounge.html
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 263–273. Springer, Heidelberg (2003)
Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)
Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography, vol. 2. Cambridge University Press, Cambridge (2005)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM Journal of Computing 32(3), 586–615 (2003)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)
Brezing, F., Weng, A.: Elliptic curves suitable for pairing based cryptography. Cryptology ePrint Archive, Report 2003/143 (2003), Available from http://eprint.iacr.org/2003/143
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation: Algorithms and lower bounds. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)
Dupont, R., Enge, A., Morain, F.: Building curves with arbitrary small MOV degree over finite prime fields. Cryptology ePrint Archive, Report 2002/094 (2002), http://eprint.iacr.org/2002/094
Dutta, R., Barua, R., Sarkar, P.: Pairing-based cryptography: A survey. Cryptology ePrint Archive, Report 2004/064 (2004), http://eprint.iacr.org/2004/064
Duursma, I., Lee, H.-S.: Tate-pairing implementations for tripartite key agreement. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)
Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)
IEEE Std 1363-2000. Standard specifications for public-key cryptography. IEEE P1363 Working Group (2000)
Izu, T., Takagi, T.: Efficient computations of the Tate pairing for the large MOV degrees. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 283–297. Springer, Heidelberg (2003)
Joye, M., Yen, S.: The Montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Kocher, P., Jaffe, J., Jun, B.: Introduction to differential power analysis and related attacks (1998), http://www.cryptography.com/dpa/technical
Mao, W., Harrison, K.: Divisors, bilinear pairings, and pairing enabled cryptographic applications (2003), http://hplbwww.hpl.hp.com/people/wm/research/pairing.pdf
McCullagh, N.: Personal Communication (2004)
Menezes, A.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)
Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)
Sakai, R., Kasahara, M.: ID based cryptosystems with pairing on elliptic curve. Cryptography ePrint Archive, Report 2003/054 (2003), http://eprint.iacr.org/2003/054
Scott, M.: (2002), http://ftp.compapp.dcu.ie/pub/crypto/cm.exe
Scott, M.: (2002), http://www.computing.dcu.ie/~mike/tate.html
Scott, M., Barreto, P.: Compressed pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004), Also available from http://eprint.iacr.org/2004/032/
Scott, M., Barreto, P.: Generating more MNT elliptic curves. Cryptology ePrint Archive, Report 2004/058 (2004), Available from http://eprint.iacr.org/2004/058/
Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves. Cryptography ePrint Archive, Report 2004/031 (2003), http://eprint.iacr.org/2004/031/
Smart, N.P.: An identity based authenticated key agreement protocol based on the Weil pairing. Electronics Letters 38, 630–632 (2002)
Solinas, J.: ID-based digital signature algorithms (2003), http://www.cacr.math.uwaterloo.ca/conferences/2003/ecc2003/solinas.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Scott, M. (2005). Computing the Tate Pairing. In: Menezes, A. (eds) Topics in Cryptology – CT-RSA 2005. CT-RSA 2005. Lecture Notes in Computer Science, vol 3376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30574-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-30574-3_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24399-1
Online ISBN: 978-3-540-30574-3
eBook Packages: Computer ScienceComputer Science (R0)