Advertisement

A New Family of Pairing-Friendly Elliptic Curves

  • Michael ScottEmail author
  • Aurore Guillevic
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11321)

Abstract

There have been recent advances in solving the finite extension field discrete logarithm problem as it arises in the context of pairing-friendly elliptic curves. This has lead to the abandonment of approaches based on supersingular curves of small characteristic, and to the reconsideration of the field sizes required for implementation based on non-supersingular curves of large characteristic. This has resulted in a revision of recommendations for suitable curves, particularly at a higher level of security. Indeed for a security level of 256 bits, the BLS48 curves have been suggested, and demonstrated to be superior to other candidates. These curves have an embedding degree of 48. The well known taxonomy of Freeman, Scott and Teske only considered curves with embedding degrees up to 50. Given some uncertainty around the constants that apply to the best discrete logarithm algorithm, it would seem to be prudent to push a little beyond 50. In this note we announce the discovery of a new family of pairing friendly elliptic curves which includes a new construction for a curve with an embedding degree of 54.

Keywords

Elliptic curves Pairing-based cryptography Aurifeuillean factorization 

References

  1. 1.
    Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. (2018).  https://doi.org/10.1007/s00145-018-9280-5. http://eprint.iacr.org/2017/334
  2. 2.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36413-7_19CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006).  https://doi.org/10.1007/11693383_22CrossRefGoogle Scholar
  4. 4.
    Benger, N., Scott, M.: Constructing tower extensions of finite fields for implementation of pairing-based cryptography. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 180–195. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13797-6_13CrossRefzbMATHGoogle Scholar
  5. 5.
    Brent, R.P.: On computing factors of cyclotomic polynomials. Math. Comp. 61(203), 131–149 (1993).  https://doi.org/10.2307/2152941MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Brezing, F., Weng, A.: Elliptic curves suitable for pairing based cryptography. Des. Codes Cryptogr. 37(1), 133–141 (2005). https://eprint.iacr.org/2003/143MathSciNetCrossRefGoogle Scholar
  7. 7.
    Brillhart, J., Lehmer, D.H., Selfridge, J.L., Tuckerman, B., Wagstaff Jr., S.S.: Factorizations of \(b^n \pm 1\), \(b=2,3,5,6,7,10,11,12\) up to High Powers. Contemporary Mathematics, 2nd edn, vol. 22. American Mathematical Society, Providence (1988). https://homes.cerias.purdue.edu/ssw/cun/
  8. 8.
    Estibals, N.: Compact hardware for computing the tate pairing over 128-bit-security supersingular curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 397–416. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17455-1_25CrossRefzbMATHGoogle Scholar
  9. 9.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010). http://eprint.iacr.org/2006/372MathSciNetCrossRefGoogle Scholar
  10. 10.
    Galbraith, S.D., McKee, J.F., Valença, P.C.: Ordinary Abelian varieties having small embedding degree. Finite Fields Appl. 13(4), 800–814 (2007). https://eprint.iacr.org/2004/365MathSciNetCrossRefGoogle Scholar
  11. 11.
    Granville, A., Pleasants, P.: Aurifeuillian factorization. Math. Comp. 75(253), 497–508 (2006).  https://doi.org/10.1090/S0025-5718-05-01766-7MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Joux, A., Pierrot, C.: The special number field sieve in \(\mathbb{F}_{p^{n}}\) - application to pairing-friendly constructions. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 45–61. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-04873-4_3CrossRefzbMATHGoogle Scholar
  13. 13.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing brezing-weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85538-5_9CrossRefzbMATHGoogle Scholar
  14. 14.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_20CrossRefGoogle Scholar
  15. 15.
    Kiyomura, Y., Inoue, A., Kawahara, Y., Yasuda, M., Takagi, T., Kobayashi, T.: Secure and efficient pairing at 256-bit security level. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 59–79. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61204-1_4CrossRefGoogle Scholar
  16. 16.
    Menezes, A., Sarkar, P., Singh, S.: Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 83–108. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61273-7_5CrossRefGoogle Scholar
  17. 17.
    El Mrabet, N., Joye, M. (eds.): Guide to Pairing-Based Cryptography. Chapman and Hall/CRC, Boca Raton (2016). https://www.crcpress.com/Guide-to-Pairing-Based-Cryptography/El-Mrabet-Joye/p/book/9781498729505
  18. 18.
    Schinzel, A.: On primitive prime factors of \(a^n-b^n\). Proc. Cambridge Philos. Soc. 58(4), 555–562 (1962).  https://doi.org/10.1017/S0305004100040561MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Schirokauer, O.: The number field sieve for integers of low weight. Math. Comput. 79(269), 583–602 (2010).  https://doi.org/10.1090/S0025-5718-09-02198-X. http://eprint.iacr.org/2006/107MathSciNetCrossRefGoogle Scholar
  20. 20.
    Scott, M.: On the efficient implementation of pairing-based protocols. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 296–308. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25516-8_18CrossRefGoogle Scholar
  21. 21.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03298-1_6CrossRefzbMATHGoogle Scholar
  22. 22.
    Stevenhagen, P.: On Aurifeuillian factorizations. Nederl. Akad. Wetensch. Indag. Math. 49(4), 451–468 (1987).  https://doi.org/10.1016/1385-7258(87)90009-6MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56, 455–461 (2009). https://eprint.iacr.org/2008/096MathSciNetCrossRefGoogle Scholar
  24. 24.
    Wagstaff Jr., S.S.: The search for Aurifeuillian-like factorizations. J. Integers 12A(6), 1449–1461 (2012). https://homes.cerias.purdue.edu/~ssw/cun/mine.pdf

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.MIRACL.comTrimIreland
  2. 2.Université de Lorraine, CNRS, Inria, LORIANancyFrance

Personalised recommendations