Abstract
We show that supersingular Abelian varieties can be used to obtain higher MOV security per bit, in all characteristics, than supersingular elliptic curves. We give a point compression/decompression algorithm for primitive subgroups associated with elliptic curves that gives shorter signatures, ciphertexts, or keys for the same security while using the arithmetic on supersingular elliptic curves. We determine precisely which embedding degrees are possible for simple supersingular Abelian varieties over finite fields and define some invariants that are better measures of cryptographic security than the embedding degree. We construct examples of good supersingular Abelian varieties to use in pairing-based cryptography.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
R. Balasubramanian, N. Koblitz, The improbability that an elliptic curve has subexponential discrete log problem under the Menezes–Okamoto–Vanstone algorithm. J. Cryptol. 11, 141–145 (1998)
P.S.L.M. Barreto, Pairing-based crypto lounge, http://planeta.terra.com.br/informatica/paulobarreto/pblounge.html
P.S.L.M. Barreto, S.D. Galbraith, C.Ó. hÉigeartaigh, M. Scott, Efficient pairing computation on supersingular Abelian varieties. Des. Codes Cryptogr. 42, 239–271 (2007)
D. Boneh, M. Franklin, Identity based encryption from the Weil pairing, in Advances in Cryptology—Crypto 2001. Lect. Notes in Comp. Sci., vol. 2139 (Springer, Berlin, 2001), pp. 213–229. Journal version in SIAM J. Comput. 32 (2003), 586–615
D. Boneh, B. Waters, Conjunctive, subset, and range queries on encrypted data, in Theory of Cryptography, Proceedings of the 4th Theory of Cryptography Conference, TCC 2007. Lect. Notes in Comp. Sci., vol. 4392 (Springer, Berlin, 2007), pp. 535–554
D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in Advances in Cryptology—Asiacrypt 2001. Lect. Notes in Comp. Sci., vol. 2248 (Springer, Berlin, 2001), pp. 514–532
D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17, 297–319 (2004)
D. Boneh, E.-J. Goh, K. Nissim, Evaluating 2-DNF formulas on ciphertexts, in Proceedings of TCC 2005. Lect. Notes in Comp. Sci., vol. 3378 (Springer, Berlin, 2005), pp. 325–341
D. Boneh, A. Sahai, B. Waters, Fully collusion resistant traitor tracing with short ciphertexts and private keys, in Advances in Cryptology—Eurocrypt 2006. Lect. Notes in Comp. Sci., vol. 2442 (Springer, Berlin, 2006), pp. 573–592
X. Boyen, B. Waters, Compact group signatures without random oracles, in Advances in Cryptology—Eurocrypt 2006. Lect. Notes in Comp. Sci., vol. 2442 (Springer, Berlin, 2006), pp. 427–444
R. Coleman, W. McCallum, Stable reduction of Fermat curves and Jacobi sum Hecke characters. J. Reine Angew. Math. 385, 41–101 (1988)
C. Diem, A study on theoretical and practical aspects of Weil-restrictions of varieties. Dissertation, 2001, http://www.math.uni-leipzig.de/~diem/dissertation_diem.dvi
C. Diem, N. Naumann, On the structure of Weil restrictions of Abelian varieties. J. Ramanujan Math. Soc. 18, 153–174 (2003)
C. Diem, J. Scholten, An attack on a trace-zero cryptosystem, preprint
I. Duursma, Class numbers for some hyperelliptic curves, in Arithmetic, Geometry and Coding Theory, Luminy, 1993 (de Gruyter, Berlin, 1996), pp. 45–52
I. Duursma, K. Sakurai, Efficient algorithms for the Jacobian variety of hyperelliptic curves y 2=x p−x+1 over a finite field of odd characteristic p, in Coding Theory, Cryptography and Related Areas, Guanajuato, 1998 (Springer, Berlin, 2000), pp. 73–89
G. Frey, How to disguise an elliptic curve (Weil descent), Lecture at ECC ’98, http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/frey.ps
G. Frey, Applications of arithmetical geometry to cryptographic constructions, in Finite Fields and Applications, Augsburg, 1999 (Springer, Berlin, 2001), pp. 128–161.
G. Frey, H.-G. Rück, A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)
S. Galbraith, Supersingular curves in cryptography, in Advances in Cryptology—Asiacrypt 2001. Lect. Notes in Comp. Sci., vol. 2248 (Springer, Berlin, 2001), pp. 495–513
P. Gaudry, Index calculus for Abelian varieties and the elliptic curve discrete logarithm problem, to appear in J. Symbolic Comput.
P. Gaudry, F. Hess, N.P. Smart, Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15, 19–46 (2002)
S.W. Golomb, Cyclotomic polynomials and factorization theorems. Am. Math. Monthly 85, 734–737 (1978)
J. Groth, R. Ostrovsky, A. Sahai, Perfect non-interactive zero knowledge for NP, in Advances in Cryptology—Eurocrypt 2006. Lect. Notes in Comp. Sci., vol. 2442 (Springer, Berlin, 2006), pp. 339–358
L. Hitt, On the minimal embedding field, in Pairing-Based Cryptography—Pairing 2007. Lect. Notes in Comp. Sci., vol. 4575 (Springer, Berlin, 2007), pp. 294–301
T. Honda, Isogeny classes of Abelian varieties over finite fields. J. Math. Soc. Jpn. 20, 83–95 (1968)
A. Joux, A one round protocol for tripartite Diffie–Hellman, in Algorithmic Number Theory (ANTS-IV), Lect. Notes in Comp. Sci., vol. 1838 (Springer, Berlin, 2000), pp. 385–394
A. Joux, R. Lercier, The function field sieve in the medium prime case, in Advances in Cryptology—Eurocrypt 2006. Lect. Notes in Comp. Sci., vol. 4004 (Springer, Berlin, 2006), pp. 254–270
T. Lange, Trace zero subvarieties of genus 2 curves for cryptosystems. J. Ramanujan Math. Soc. 19, 15–33 (2004)
A.K. Lenstra, E.R. Verheul, The XTR public key system, in Advances in Cryptology—CRYPTO 2000. Lect. Notes in Comp. Sci., vol. 1880 (Springer, Berlin, 2000), pp. 1–19
B. Mazur, K. Rubin, A. Silverberg, Twisting commutative algebraic groups. J. Algebra 314, 419–438 (2007)
A.J. Menezes, T. Okamoto, S.A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)
A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam. E84-A 5, 1234–1243 (2001)
W.B. Müller, W. Nöbauer, Some remarks on public-key cryptosystems. Stud. Sci. Math. Hungar. 16, 71–76 (1981)
D. Mumford, Abelian Varieties. Tata Institute of Fundamental Research Studies in Mathematics, vol. 5 (Oxford University Press, London, 1970)
N. Naumann, Weil-Restriktion Abelscher Varietäten (Diplomarbeit, Universität Essen, 1999), unpublished
K. Rubin, A. Silverberg, Supersingular Abelian varieties in cryptology, in Advances in Cryptology—CRYPTO 2002. Lect. Notes in Comp. Sci., vol. 2442 (Springer, Berlin, 2002), pp. 336–353
K. Rubin, A. Silverberg, Torus-based cryptography, in Advances in Cryptology—CRYPTO 2003. Lect. Notes in Comp. Sci., vol. 2729 (Springer, Berlin, 2003), pp. 349–365
K. Rubin, A. Silverberg, Using primitive subgroups to do more with fewer bits, in Proceedings of ANTS-VI. Lect. Notes in Comp. Sci., vol. 3076 (Springer, Berlin, 2004), pp. 18–41
K. Rubin, A. Silverberg, Compression in finite fields and torus-based cryptography. SIAM J. Comput. 37, 1401–1428 (2008)
R. Sakai, K. Ohgishi, M. Kasahara, Cryptosystems based on pairing, SCIS2000 (The 2000 Symposium on Cryptography and Information Security), Okinawa, Japan, January 26–28, 2000, p. C20
E.F. Schaefer, A new proof for the non-degeneracy of the Frey-Rück pairing and a connection to isogenies over the base field, in Computational Aspects of Algebra Curves. Lecture Notes Ser. Comput., vol. 13 (World Sci. Publ., Hackensack, 2005), pp. 1–12, http://math.scu.edu/~eschaefe/0317.pdf
G. Shimura, Introduction to the Arithmetic Theory of Automorphic Functions, Reprint of the 1971 Original. Publications of the Mathematical Society of Japan, vol. 11 (Princeton University Press, Princeton, 1994)
G. Shimura, Abelian Varieties with Complex Multiplication and Modular Functions (Princeton Univ. Press, Princeton, 1998)
A. Silverberg, Compression for trace zero subgroups of elliptic curves, in the Proceedings of the Daewoo Workshop on Cryptography, in Trends in Mathematics, vol. 8 (2005), pp. 93–100
P.J. Smith, M.J.J. Lennon, LUC: a new public key system, in Proceedings of the IFIP TC11 Ninth International Conference on Information Security IFIP/Sec ’93 (North-Holland, Amsterdam, 1993), pp. 103–117.
P. Smith, C. Skinner, A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms, in Advances in Cryptology—Asiacrypt 1994. Lect. Notes in Comp. Sci., vol. 917 (Springer, Berlin, 1995), pp. 357–364
J. Tate, Endomorphisms of Abelian varieties over finite fields. Invent. Math. 2, 134–144 (1966)
J. Tate, Classes d’isogénie des variétés abéliennes sur un corps fini (d’après T. Honda), in Séminaire Bourbaki, 1968/69 (Soc. Math. France, Paris, 1968), pp. 95–110
W.C. Waterhouse, Abelian varieties over finite fields. Ann. Sci. École Norm. Sup. 2(4), 521–560 (1969)
A. Weil, Adeles and Algebraic Groups. Progress in Math., vol. 23 (Birkhäuser, Boston, 1982)
A. Weimerskirch, The application of the Mordell–Weil group to cryptographic systems, MS thesis, Worcester Polytechnic Institute (2001), http://weimerskirch.org/papers/Weimerskirch_MordellWeilMSThesis.pdf
H.J. Zhu, Group structures of elementary supersingular Abelian varieties over finite fields. J. Number Theory 81, 292–309 (2000)
H.J. Zhu, Supersingular Abelian varieties over finite fields. J. Number Theory 86, 61–77 (2001)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rubin, K., Silverberg, A. Using Abelian Varieties to Improve Pairing-Based Cryptography. J Cryptol 22, 330–364 (2009). https://doi.org/10.1007/s00145-008-9022-1
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-008-9022-1