Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography

* Final gross prices may vary according to local VAT.

Get Access

Abstract

A cryptographic pairing evaluates as an element of a finite extension field, and the evaluation itself involves a considerable amount of extension field arithmetic. It is recognised that organising the extension field as a “tower” of subfield extensions has many advantages. Here we consider criteria that apply when choosing the best towering construction, and the associated choice of irreducible polynomials for the implementation of pairing-based cryptosystems. We introduce a method for automatically constructing efficient towers for more classes of finite fields than previous methods, some of which allow faster arithmetic.
We also show that for some families of pairing-friendly elliptic curves defined over \(\mathbb{F}_{p}\) there are a large number of instances for which an efficient tower extension \(\mathbb{F}_{p^k}\) is given immediately if the parameter defining the prime characteristic of the field satisfies a few easily checked equivalences.
Research supported by the Claude Shannon Institute, Science Foundation Ireland Grant 06/MI/006.