Arithmetic of Finite Fields

Volume 6087 of the series Lecture Notes in Computer Science pp 180-195

Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography

  • Naomi BengerAffiliated withSchool of Computing, Dublin City University
  • , Michael ScottAffiliated withSchool of Computing, Dublin City University

* Final gross prices may vary according to local VAT.

Get Access


A cryptographic pairing evaluates as an element of a finite extension field, and the evaluation itself involves a considerable amount of extension field arithmetic. It is recognised that organising the extension field as a “tower” of subfield extensions has many advantages. Here we consider criteria that apply when choosing the best towering construction, and the associated choice of irreducible polynomials for the implementation of pairing-based cryptosystems. We introduce a method for automatically constructing efficient towers for more classes of finite fields than previous methods, some of which allow faster arithmetic.

We also show that for some families of pairing-friendly elliptic curves defined over \(\mathbb{F}_{p}\) there are a large number of instances for which an efficient tower extension \(\mathbb{F}_{p^k}\) is given immediately if the parameter defining the prime characteristic of the field satisfies a few easily checked equivalences.


Extension Fields Pairing implementation pairing-based cryptosystems Euler’s Conjectures