Subgroup Security in Pairing-Based Cryptography

  • Paulo S. L. M. Barreto
  • Craig Costello
  • Rafael Misoczki
  • Michael Naehrig
  • Geovandro C. C. F. Pereira
  • Gustavo Zanon
Conference paper

DOI: 10.1007/978-3-319-22174-8_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)
Cite this paper as:
Barreto P.S.L.M., Costello C., Misoczki R., Naehrig M., Pereira G.C.C.F., Zanon G. (2015) Subgroup Security in Pairing-Based Cryptography. In: Lauter K., Rodríguez-Henríquez F. (eds) Progress in Cryptology -- LATINCRYPT 2015. LATINCRYPT 2015. Lecture Notes in Computer Science, vol 9230. Springer, Cham

Abstract

Pairings are typically implemented using ordinary pairing-friendly elliptic curves. The two input groups of the pairing function are groups of elliptic curve points, while the target group lies in the multiplicative group of a large finite field. At moderate levels of security, at least two of the three pairing groups are necessarily proper subgroups of a much larger composite-order group, which makes pairing implementations potentially susceptible to small-subgroup attacks.

To minimize the chances of such attacks, or the effort required to thwart them, we put forward a property for ordinary pairing-friendly curves called subgroup security. We point out that existing curves in the literature and in publicly available pairing libraries fail to achieve this notion, and propose a list of replacement curves that do offer subgroup security. These curves were chosen to drop into existing libraries with minimal code change, and to sustain state-of-the-art performance numbers. In fact, there are scenarios in which the replacement curves could facilitate faster implementations of protocols because they can remove the need for expensive group exponentiations that test subgroup membership.

Keywords

Pairing-based cryptography Elliptic-curve cryptography Pairing-friendly curves Subgroup membership Small-subgroup attacks 

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Paulo S. L. M. Barreto
    • 1
  • Craig Costello
    • 2
  • Rafael Misoczki
    • 1
  • Michael Naehrig
    • 2
  • Geovandro C. C. F. Pereira
    • 1
  • Gustavo Zanon
    • 1
  1. 1.Escola PolitécnicaUniversity of São PauloSão PauloBrazil
  2. 2.Microsoft ResearchRedmondUSA

Personalised recommendations