Chapter

Advances in Cryptology – EUROCRYPT 2011

Volume 6632 of the series Lecture Notes in Computer Science pp 48-68

Faster Explicit Formulas for Computing Pairings over Ordinary Curves

  • Diego F. AranhaAffiliated withUniversity of Campinas
  • , Koray KarabinaAffiliated withCerticom Research
  • , Patrick LongaAffiliated withUniversity of Waterloo
  • , Catherine H. GebotysAffiliated withUniversity of Waterloo
  • , Julio LópezAffiliated withUniversity of Campinas

Abstract

We describe efficient formulas for computing pairings on ordinary elliptic curves over prime fields. First, we generalize lazy reduction techniques, previously considered only for arithmetic in quadratic extensions, to the whole pairing computation, including towering and curve arithmetic. Second, we introduce a new compressed squaring formula for cyclotomic subgroups and a new technique to avoid performing an inversion in the final exponentiation when the curve is parameterized by a negative integer. The techniques are illustrated in the context of pairing computation over Barreto-Naehrig curves, where they have a particularly efficient realization, and are also combined with other important developments in the recent literature. The resulting formulas reduce the number of required operations and, consequently, execution time, improving on the state-of-the-art performance of cryptographic pairings by 28%-34% on several popular 64-bit computing platforms. In particular, our techniques allow to compute a pairing under 2 million cycles for the first time on such architectures.

Keywords

Efficient software implementation explicit formulas bilinear pairings