Abstract
This paper presents efficient formulas to compute Miller doubling and Miller addition utilizing degree-3 twists on curves with j-invariant 0 written in Hessian form. We give the formulas for both odd and even embedding degrees and for pairings on both \(\mathbb {G}_1 \times \mathbb {G}_2\) and \(\mathbb {G}_{2} \times \mathbb {G}_{1}\). We propose the use of embedding degrees 15 and 21 for 128-bit and 192-bit security respectively in light of the NFS attacks and their variants. We give a comprehensive comparison with other curve models; our formulas give the fastest known pairing computation for embedding degrees 15, 21, and 24.
Chitchanok Chuengsatiansup acknowledges the support of Bpifrance in the context of the national projet RISQ (P141580). Chloe Martindale was supported by the Commission of the European Communities through the Horizon 2020 program under CHIST-ERA USEIT (NWO project 651.002.004).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arene, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster computation of the Tate pairing. IACR Cryptology ePrint Archive, 2009:155 (2009). http://eprint.iacr.org/2009/155
Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Improving NFS for the discrete logarithm problem in non-prime finite fields. In: Eurocrypt 2015 [44], pp. 129–155 (2015)
Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Asiacrypt 2015 [28], pp. 31–55 (2015)
Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: SAC 2003 [42], pp. 17–25 (2003)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: SAC 2005 [45], pp. 319–331 (2006). http://cryptosith.org/papers/pfcpo.pdf
Bernstein, D.J., Chuengsatiansup, C., Kohel, D., Lange, T.: Twisted Hessian curves. In: LATINCRYPT 2015 [39], pp. 269–294 (2015). http://cr.yp.to/papers.html#hessian
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Asiacrypt 2007 [37], pp. 29–50 (2007). http://cr.yp.to/newelliptic/newelliptic-20070906.pdf
Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: CRYPTO 2001 [34], pp. 213–229 (2001). http://www.iacr.org/archive/crypto2001/21390212.pdf
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004). http://crypto.stanford.edu/~dabo/pubs/papers/weilsigs.ps
Bos, J.W., Costello, C., Naehrig, M.: Exponentiating in pairing groups. In: SAC 2013 [38] (2013). https://eprint.iacr.org/2013/458.pdf
Bosma, W. (ed.): ANTS 2000. LNCS, vol. 1838. Springer, Heidelberg (2000). https://doi.org/10.1007/10722028
Cao, Z., Zhang, F. (eds.): Pairing 2013. LNCS, vol. 8365. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04873-4
Koç, Ç.K., Naccache, D., Paar, C. (eds.): CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1
Chowdhury, D.R., Rijmen, V., Das, A. (eds.): INDOCRYPT 2008. LNCS, vol. 5365. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89754-5
Costello, C., Hisil, H., Boyd, C., González Nieto, J.M., Wong, K.K.-H.: Faster pairings on special Weierstrass curves. In: Pairing 2009 [48], pp. 89–101 (2009)
Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005). https://doi.org/10.1007/b136415
Edwards, H.M.: A normal form for elliptic curves. Bulletin Am. Mathe. Soc. 44, 393–422 (2007). http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.html
Fotiadis, G., Konstantinou, E.: TNFS resistant families of pairing-friendly elliptic curves. J. Theor. Comput. Sci. (2018, to appear)
Fouotsa, E., El Mrabet, N., Pecha, A.: Optimal ate pairing on elliptic curves with embedding degree 9, 15 and 27. IACR Cryptology ePrint Archive, 2016:1187 (2016). http://eprint.iacr.org/2016/1187
Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010). http://eprint.iacr.org/2006/372/
Galbraith, S.D., Paterson, K.G. (eds.): Pairing 2008. LNCS, vol. 5209. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Asiacrypt 2002 [52], pp. 548–566 (2002). http://www.cs.ucdavis.edu/~franklin/ecs228/pubs/extra_pubs/hibe.pdf
Gu, H., Gu, D., Xie, W.L.: Efficient pairing computation on elliptic curves in Hessian form. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 169–176. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_11
Hess, F., Smart, N.P., Vercauteren, F.: The Eta pairing revisited. IEEE Trans. Inf. Theor. 52(10), 4595–4602 (2006). http://eprint.iacr.org/2006/110
Hışıl, H.: Elliptic curves, group law, and efficient computation. Ph.D. thesis, Queensland University of Technology (2010)
Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Eurocrypt 2002 [36], pp. 466–481 (2002). http://theory.stanford.edu/~horwitz/pubs/hibe.pdf
Ionica, S., Joux, A.: Another approach to pairing computation in Edwards coordinates. In: INDOCRYPT 2008 [14], pp. 400–413 (2008)
Iwata, T., Cheon, J.H. (eds.): ASIACRYPT 2015. LNCS, vol. 9452. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6
Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: ANTS-IV [11], pp. 385–393 (2000). http://cgi.di.uoa.gr/~aggelos/crypto/page4/assets/joux-tripartite.pdf
Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)
Joux, A., Pierrot, C.: The special number field sieve in \(\mathbb{F}_{p^n}\), application to pairing-friendly constructions. In: Pairing 2013 [12], pp. 45–61 (2013)
Joye, M., Quisquater, J.-J.: Hessian elliptic curves and side-channel attacks. In: CHES 2001 [13], pp. 402–410 (2001). http://joye.site88.net/
Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Pairing 2008 [21], pp. 126–135 (2008)
Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8
Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: CRYPTO 2016 [46], pp. 543–571 (2016)
Knudsen, L.R. (ed.): EUROCRYPT 2002. LNCS, vol. 2332. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7
Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2
Lange, T., Lauter, K., Lisoněk, P. (eds.): SAC 2013. LNCS, vol. 8282. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7
Lauter, K., Rodríguez-Henríquez, F. (eds.): LATINCRYPT 2015. LNCS, vol. 9230. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22174-8
Li, L., Wu, H., Zhang, F.: Pairing computation on Edwards curves with high-degree twists. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 185–200. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12087-4_12
Lin, X., Zhao, C., Zhang, F., Wang, Y.: Computing the ate pairing on elliptic curves with embedding degree k = 9. IEICE Trans. 91–A(9), 2387–2393 (2008)
Matsui, M., Zuccherato, R.J. (eds.): SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004). https://doi.org/10.1007/b96837
El Mrabet, N., Guillermin, N., Ionica, S.: A study of pairing computation for elliptic curves with embedding degree 15. IACR Cryptology ePrint Archive, 2009:370 (2009). http://eprint.iacr.org/2009/370
Oswald, E., Fischlin, M. (eds.): EUROCRYPT 2015. LNCS, vol. 9056. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5
Preneel, B., Tavares, S. (eds.): SAC 2005. LNCS, vol. 3897. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383
Robshaw, M., Katz, J. (eds.): CRYPTO 2016. LNCS, vol. 9814. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Eurocrypt 2005 [16], pp. 457–473 (2005). http://eprint.iacr.org/2004/086/
Shacham, H., Waters, B. (eds.): Pairing 2009. LNCS, vol. 5671. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03298-1
Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009). https://doi.org/10.1007/978-0-387-09494-6
Smart, N.P.: The Hessian form of an Hessian curve. In: CHES 2001 [13], pp. 118–125 (2001)
Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theor. 56(1), 455–461 (2010)
Zheng, Y. (ed.): ASIACRYPT 2002. LNCS, vol. 2501. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chuengsatiansup, C., Martindale, C. (2018). Pairing-Friendly Twisted Hessian Curves. In: Chakraborty, D., Iwata, T. (eds) Progress in Cryptology – INDOCRYPT 2018. INDOCRYPT 2018. Lecture Notes in Computer Science(), vol 11356. Springer, Cham. https://doi.org/10.1007/978-3-030-05378-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-05378-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05377-2
Online ISBN: 978-3-030-05378-9
eBook Packages: Computer ScienceComputer Science (R0)