Pairing-Friendly Elliptic Curves of Prime Order

  • Paulo S. L. M. Barreto
  • Michael Naehrig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3897)

Abstract

Previously known techniques to construct pairing-friendly curves of prime or near-prime order are restricted to embedding degree \(k \leqslant 6 \). More general methods produce curves over \({\mathbb F}_{p}\) where the bit length of p is often twice as large as that of the order r of the subgroup with embedding degree k; the best published results achieve ρ ≡ log(p)/log(r) ~ 5/4. In this paper we make the first step towards surpassing these limitations by describing a method to construct elliptic curves of prime order and embedding degree k = 12. The new curves lead to very efficient implementation: non-pairing operations need no more than \({\mathbb F}_{p^4}\) arithmetic, and pairing values can be compressed to one third of their length in a way compatible with point reduction techniques. We also discuss the role of large CM discriminants D to minimize ρ; in particular, for embedding degree k = 2q where q is prime we show that the ability to handle log(D)/log(r) ~ (q–3)/(q–1) enables building curves with ρ ~ q/(q–1).

Keywords

elliptic curves pairing-based cryptosystems 

References

  1. 1.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Efficient implementation of pairing based cryptosystems. Journal of Cryptology 17(4), 321–334 (2004)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Blake, I., Seroussi, G., Smart, N.: Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press, Cambridge (2005)CrossRefMATHGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM Journal of Computing 32(3), 586–615 (2003)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Brezing, F., Weng, A.: Elliptic curves suitable for pairing based cryptography. Cryptology ePrint Archive, Report 2003/143 (2003), Available from: http://eprint.iacr.org/2003/143
  9. 9.
    Dupont, R., Enge, A., Morain, F.: Building curves with arbitrary small MOV degree over finite prime fields. Journal of Cryptology 18(2), 79–89 (2005)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Galbraith, S., McKee, J., Valença, P.: Ordinary abelian varieties having small embedding degree. Cryptology ePrint Archive, Report 2004/365 (2004), Available from: http://eprint.iacr.org/2004/365
  11. 11.
    Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. Cryptology ePrint Archive, Report 2004/132, Available from: http://eprint.iacr.org/2004/132
  12. 12.
    IEEE Computer Society, New York, USA. IEEE Standard Specifications for Public- Key Cryptography – IEEE Std 1363-2000 (2000)Google Scholar
  13. 13.
    Lay, G.-J., Zimmer, H.G.: Constructing elliptic curves with given group order over large finite fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 250–263. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  14. 14.
    Lenstra, A.K., Verheul, E.R.: The XTR Public Key System. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 1–19. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)Google Scholar
  16. 16.
    Morain, F.: Building cyclic elliptic curves modulo large primes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 328–336. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  17. 17.
    Rubin, K., Silverberg, A.: Supersingular abelian varieties in cryptology. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 336–353. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Scott, M., Barreto, P.S.L.M.: Compressed pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Scott, M., Barreto, P.S.L.M.: Generating more MNT elliptic curves. Designs, Codes and Cryptography (2005) (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Paulo S. L. M. Barreto
    • 1
  • Michael Naehrig
    • 2
  1. 1.Escola PolitécnicaUniversidade de São PauloSão Paulo (SP)Brazil
  2. 2.Lehrstuhl für Theoretische Informationstechnik, Rheinisch-Westfälische Technische Hochschule AachenAachenGermany

Personalised recommendations