Designs, Codes and Cryptography

, Volume 42, Issue 3, pp 239–271 | Cite as

Efficient pairing computation on supersingular Abelian varieties

  • Paulo S. L. M. Barreto
  • Steven D. Galbraith
  • Colm Ó’ hÉigeartaigh
  • Michael Scott
Article

Abstract

We present a general technique for the efficient computation of pairings on Jacobians of supersingular curves. This formulation, which we call the eta pairing, generalizes results of Duursma and Lee for computing the Tate pairing on supersingular elliptic curves in characteristic 3. We then show how our general technique leads to a new algorithm which is about twice as fast as the Duursma–Lee method. These ideas are applied to elliptic and hyperelliptic curves in characteristic 2 with very efficient results. In particular, the hyperelliptic case is faster than all previously known pairing algorithms.

Keywords

Tate pairing Supersingular curves Pairing-based cryptosystems Efficient algorithms 

AMS Classification

14G50 14Q05 11G20 94A60 11T71 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barreto PSLM (2004) A note on efficient computation of cube roots in characteristic 3. Cryptology ePrint Archive, Report 2004/305, 2004. Available from http:// eprint.iacr.org/2004/305Google Scholar
  2. 2.
    Barreto PSLM, Kim HY, Lynn B, Scott M (2002) Efficient algorithms for pairing-based cryptosystems. In: Yung M (ed) Advances in cryptology—crypto’2002. Lecture notes in computer science, vol 2442. Springer, Berlin Heidelberg, New York, pp 354–368Google Scholar
  3. 3.
    Barreto PSLM, Lynn B, Scott M (2004) Efficient implementation of pairing-based cryptosystems. J Cryptol 17(4):321–334Google Scholar
  4. 4.
    Barreto PSLM, Naehrig M (2005) Pairing-friendly elliptic curves of prime order. In: Preneel B, Tavares SE (eds) Selected areas in cryptography – SAC’2005. Lecture notes in computer science, vol 3897. Springer, Berlin Heidelberg NewYork, pp 319–331Google Scholar
  5. 5.
    Blake IF, Seroussi G, Smart NP (2005) Advances in elliptic curve cryptography. Cambridge University Press, CambridgeMATHGoogle Scholar
  6. 6.
    Boneh D, Franklin M (2003) Identity-based encryption from the Weil pairing. SIAM J Comput 32(3):586–615MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Cantor DG (1987) Computing in the Jacobian of a hyperelliptic curve. Math Comput 48(177): 95–101MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Duursma I, Lee H-S (2003) Tate pairing implementation for hyperelliptic curves y 2x pxd. In: Laih CS (ed) Advances in cryptology—asiacrypt’2003. Lecture notes in computer science, vol 2894. Springer, Berlin Heidelberg New York, pp 111–123Google Scholar
  9. 9.
    Duursma I, Sakurai K (2000) Efficient algorithms for the Jacobian variety of hyperelliptic curves y 2 = x px + 1 over a finite field of odd characteristic p. In: Buchmann J, Hoholdt T, Stichtenoth H, Tapia-Recillas H (eds) Coding theory, cryptography and related areas (Guanajuato, 1998). Springer, Berlin Heidelberg New York, pp 73–89Google Scholar
  10. 10.
    Fong K, Hankerson D, López J, Menezes A (2004) Field inversion and point halving revisited. IEEE Trans Comput 53(8):1047–1059CrossRefGoogle Scholar
  11. 11.
    Frey G, Lange T (2006) Fast bilinear maps from the Tate–Lichtenbaum pairing on hyperelliptic curves. In: Hess F et al (eds) ANTS VII. Lecture notes in computer science, vol 4076. Springer, Berlin Heidelberg New York, pp 466–479Google Scholar
  12. 12.
    Frey G, Rück H-G (1994) A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves. Math Comput 52:865–874Google Scholar
  13. 13.
    Galbraith SD, Harrison K, Soldera D (2002) Implementing the Tate pairing. In: Goos G, Hartmanis J, van Leeuwen J (eds) Algorithmic number theory—ANTS V. Lecture notes in computer science, vol 2369. Springer, Berlin Heidelberg New York, pp 324–337Google Scholar
  14. 14.
    Galbraith SD (2001) Supersingular curves in cryptography. In: Boyd C (ed) ASIACRYPT 2001. Lecture notes in computer science, vol 2248. Springer, Berlin Heidelberg New York, pp 495–513Google Scholar
  15. 15.
    Granger R, Page D, Stam M (2006) On small characteristic algebraic tori in pairing-based cryptography. LMS J Comput Math 9:64–85MathSciNetGoogle Scholar
  16. 16.
    Katagi M, Akishita T, Kitamura I, Takagi T (2005). Some improved algorithms for hyperelliptic curve cryptosystems using degenerate divisors. In: Park C, Chee S (eds) ICISC 2004, vol 3506. Springer, Berlin Heidelberg New York, pp 296–312Google Scholar
  17. 17.
    Katagi M, Kitamura I, Akishita T, Takagi T (2005) Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors. In: Lim CH, Yung M (eds) Information security applications—WISA’2004. Lecture notes in computer science, vol 3325. Springer, Berlin Heidelberg New York, pp 345–359Google Scholar
  18. 18.
    Koblitz N (1989) Hyperelliptic cryptosystems. J Cryptol 1(3):139–150MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Kwon S (2005) Efficient Tate pairing computation for supersingular elliptic curves over binary fields. In: Boyd C, Nieto JMG (eds) ACISP 2005. Lecture notes in computer science, vol 3574. Springer, Berlin Heidelberg, New York. pp 134–145Google Scholar
  20. 20.
    Lange T (2004) Formulae for arithmetic on genus 2 hyperelliptic curves. In: Applicable algebra in engineering, communication and computing, Online publication. Springer, Berlin Heidelberg New York. http://www.springerlink.com/openurl.asp?genre=article&id=doi:10.1007/s0 0200-004-0154-8Google Scholar
  21. 21.
    Lange T, Stevens M (2004) Efficient doubling on genus two curves over binary fields. In: Handschuh H, Anwar Hasan M (eds) Selected areas in cryptography—SAC’2004. Lecture notes in computer science, vol 3357. Springer, Berlin Heidelberg New York, pp 170–181Google Scholar
  22. 22.
    Rubin K, Silverberg A (2002) Supersingular abelian varieties in cryptology. In: Yung M (ed) Advances in cryptology—crypto’2002. Lecture notes in computer science, vol 2442. Springer, Berlin Heidelberg New York, pp 336–353Google Scholar
  23. 23.
    Rubin K, Silverberg A (2004) Using primitive subgroups to do more with fewer bits. In: Buell D (ed) Algorithmic number theory—ANTS VI. Lecture notes in computer science, vol 3076. Springer, Berlin Heidelberg New York, pp 18–41Google Scholar
  24. 24.
    Scott M (2004) Faster identity based encryption. Electron Lett 40(14):861CrossRefGoogle Scholar
  25. 25.
    Scott M, Barreto P (2004) Compressed pairings. In: Franklin M (ed) Advances in cryptology—crypto’2004. Lecture notes in computer science, vol 3152. Springer, Berlin Heidelberg New York, pp~140–156. Also available from http://eprint.iacr.org/2004/032/Google Scholar
  26. 26.
    Silverberg A (2005) Compression for trace zero subgroups of elliptic curves. Trends Math 8:93–100Google Scholar
  27. 27.
    Silverman JH (1986) The arithmetic of elliptic curves. Graduate texts in mathematics 106. Springer, Berlin Heidelberg New YorkGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  • Paulo S. L. M. Barreto
    • 1
  • Steven D. Galbraith
    • 2
  • Colm Ó’ hÉigeartaigh
    • 3
  • Michael Scott
    • 3
  1. 1.Department of Computing and Digital Systems Engineering, Escola PolitécnicaUniversidade de São PauloSão Paulo (SP)Brazil
  2. 2.Mathematics DepartmentRoyal Holloway University of LondonEgham, SurreyUK
  3. 3.School of ComputingDublin City UniversityDublin 9Ireland

Personalised recommendations