An optimal Tate pairing computation using Jacobi quartic elliptic curves

Abstract

This research paper proposes new explicit formulas to compute the Tate pairing on Jacobi quartic elliptic curves. We state the first geometric interpretation of the group law on Jacobi quartic curves by presenting the functions which arise in the addition and doubling. We draw together the best possible optimization that can be used to efficiently evaluate the Tate pairing using Jacobi quartic curves. They are competitive with all published formulas for Tate pairing computation using Short Weierstrass or Twisted Edwards curves. Finally we present several examples of pairing-friendly Jacobi quartic elliptic curves which provide optimal Tate pairing.

Appendix

This appendix presents pairing-friendly Jacobi quartic curves. We give the script for converting a curve from the Weierstrass form to the birationally equivalent Jacobi quartic form. We also give the code for generating Kachisa-Schaefer-Scott (KSS) pairing-friendly curves with \(k=8\).

This appendix presents pairin-friendly Jacobi quartic curves. They were constructed for applications in the Tate pairing so that the curve has even order. The rho-values are stated with the curves. Notation is as before, where the number of \(\mathbb F_{p}\)-rational points on the curve is 2cr.

\(k = 8, \rho = 1.50\) following Example 6.10 in Miyaji et al. (2001):

$$\begin{aligned} D= & {} 1, \lceil \log (r)\rceil \ = 267, \lceil \log (c)\rceil \ = 133, \lceil \log (p)\rceil \ = 401\\ p= & {} 326816000195375683981422692840809505556419603605344210467517909\\&5037921817537848577548206867473587369969429214840474559317,\\ r= & {} 133392486801388615111969646482668382660908529878176013 \\&752617390075068036872364881,\\ c= & {} 57730839564540529681. 15845840683775553774,\\ d= & {} 21231274260040885144072600443326732516240853487054958870\\&180053157253925322999187491701381125724984507626273646524438. \end{aligned}$$

\(k = 10, \rho = 1.49\) following Construction 6.5 in Miyaji et al. (2001):

$$\begin{aligned} D= & {} 1, \lceil \log (n)\rceil \ = 328, \lceil \log (c)\rceil \ = 160, \lceil \log (p)\rceil \ = 490\\ p= & {} 319667071934078971315677746964738362812713703914060344412320604\\&868708613896665173 3275252543330209754427990875101879841425427\\&646115157594515629491249,\\ r= & {} 54681270443865219017604847363836277968842306179449975631192\\&5945545462152449512232744941959488864241,\\ c= & {} 2^4. 70199^4 .7831391^4,\\ d= & {} -1. \end{aligned}$$

\(k = 22, \rho = 1.39\) following Construction 6.6 in Miyaji et al. (2001):

$$\begin{aligned} D= & {} 3, \lceil \log (r)\rceil \ = 519, \lceil \log (c)\rceil \ = 204, \lceil \log (p)\rceil \ = 724\\ p= & {} 79324390783653822510191966358195377091376558066284959420357\\&4636874518836858270555160144920983827280386815433912190214824\\&7413729605337155986911218807161824591404393677677719266617711\\&3943586415044911851669785290654695123,\\ r= & {} 962131187808560377898569195262572710988984869464755002509459666\\&1780692626283672821912529731051013737049538186606705506586597\\&90389637917606342501732923486369,\\ c= & {} 3^5.7 .13^2.19^2.37^2.6421^2 .7291.3498559^2.22526869^2.78478074679,\\ d= & {} 2644146275479397808108398267273953832599874449813525607535828\\&77086320074680650633 7805719203736155180325092008523328642164\\&13041328949865016666759728218019456097204687710831048176560920\\&16879614901160245443945786256399518. \end{aligned}$$

The following is a Maple script to convert the elliptic curve in Weierstrass form to the birationally equivalent Jacobi quartic (Huseyin et al. 2009).

$$\begin{aligned} a1:= & {} 0: a3:=0: a6:=0: a:=-a2/4: d:=\left( a2^2-4*a4\right) /16:\\ W:= & {} (u,v)->v^2+a1*u*v+a3*v-\left( u^3+a2*u^2+a4*u+a6\right) :\\ C:= & {} (x,y)->y^2-\left( d*x^4+2*a*x^2+1\right) :\\ CtoW:= & {} (x,y)->\left( 2*(a+(y+1)/x^2),4*(a+(y+1)/x^2)/x\right) :\\ WtoC:= & {} (u,v)->\left( 2*u/v,2*(u-2*a)*u^2/v^2-1\right) : \end{aligned}$$

The following is a code in magma that can be used to find the primes p, and r for the Kachisa-Schaefer-Scott curves (KSS curves) with \(k=8\) and \(D=-3\). The cofactor c is also calculated. The KSS curves would be converted to the birationally equivalent Jacobi quartic curves.

The following code in \( {magma}\) returns a KSS curve (with \(k=8\) and \(D=-3\)), a finite field of size p, the b parameter in the elliptic curve formula, and a point G of order r. The equation of the curve is of the form of \(y^2=x^3+a\) where \(a \ne 0\).