Advertisement

Pairing-Friendly Twisted Hessian Curves

  • Chitchanok Chuengsatiansup
  • Chloe Martindale
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11356)

Abstract

This paper presents efficient formulas to compute Miller doubling and Miller addition utilizing degree-3 twists on curves with j-invariant 0 written in Hessian form. We give the formulas for both odd and even embedding degrees and for pairings on both \(\mathbb {G}_1 \times \mathbb {G}_2\) and \(\mathbb {G}_{2} \times \mathbb {G}_{1}\). We propose the use of embedding degrees 15 and 21 for 128-bit and 192-bit security respectively in light of the NFS attacks and their variants. We give a comprehensive comparison with other curve models; our formulas give the fastest known pairing computation for embedding degrees 15, 21, and 24.

Keywords

Twisted Hessian curves Pairing-friendly curves Ate pairing Degree-3 twists Explicit formulas 

References

  1. 1.
    Arene, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster computation of the Tate pairing. IACR Cryptology ePrint Archive, 2009:155 (2009). http://eprint.iacr.org/2009/155
  2. 2.
    Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Improving NFS for the discrete logarithm problem in non-prime finite fields. In: Eurocrypt 2015 [44], pp. 129–155 (2015)zbMATHGoogle Scholar
  3. 3.
    Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Asiacrypt 2015 [28], pp. 31–55 (2015)CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: SAC 2003 [42], pp. 17–25 (2003)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: SAC 2005 [45], pp. 319–331 (2006). http://cryptosith.org/papers/pfcpo.pdfCrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., Chuengsatiansup, C., Kohel, D., Lange, T.: Twisted Hessian curves. In: LATINCRYPT 2015 [39], pp. 269–294 (2015). http://cr.yp.to/papers.html#hessianCrossRefGoogle Scholar
  7. 7.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Asiacrypt 2007 [37], pp. 29–50 (2007). http://cr.yp.to/newelliptic/newelliptic-20070906.pdf
  8. 8.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: CRYPTO 2001 [34], pp. 213–229 (2001). http://www.iacr.org/archive/crypto2001/21390212.pdfCrossRefGoogle Scholar
  9. 9.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004). http://crypto.stanford.edu/~dabo/pubs/papers/weilsigs.psMathSciNetCrossRefGoogle Scholar
  10. 10.
    Bos, J.W., Costello, C., Naehrig, M.: Exponentiating in pairing groups. In: SAC 2013 [38] (2013). https://eprint.iacr.org/2013/458.pdf
  11. 11.
    Bosma, W. (ed.): ANTS 2000. LNCS, vol. 1838. Springer, Heidelberg (2000).  https://doi.org/10.1007/10722028CrossRefzbMATHGoogle Scholar
  12. 12.
    Cao, Z., Zhang, F. (eds.): Pairing 2013. LNCS, vol. 8365. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-04873-4CrossRefzbMATHGoogle Scholar
  13. 13.
    Koç, Ç.K., Naccache, D., Paar, C. (eds.): CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1CrossRefzbMATHGoogle Scholar
  14. 14.
    Chowdhury, D.R., Rijmen, V., Das, A. (eds.): INDOCRYPT 2008. LNCS, vol. 5365. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89754-5CrossRefzbMATHGoogle Scholar
  15. 15.
    Costello, C., Hisil, H., Boyd, C., González Nieto, J.M., Wong, K.K.-H.: Faster pairings on special Weierstrass curves. In: Pairing 2009 [48], pp. 89–101 (2009)CrossRefGoogle Scholar
  16. 16.
    Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005).  https://doi.org/10.1007/b136415CrossRefzbMATHGoogle Scholar
  17. 17.
    Edwards, H.M.: A normal form for elliptic curves. Bulletin Am. Mathe. Soc. 44, 393–422 (2007). http://www.ams.org/bull/2007-44-03/S0273-0979-07-01153-6/home.htmlMathSciNetCrossRefGoogle Scholar
  18. 18.
    Fotiadis, G., Konstantinou, E.: TNFS resistant families of pairing-friendly elliptic curves. J. Theor. Comput. Sci. (2018, to appear)Google Scholar
  19. 19.
    Fouotsa, E., El Mrabet, N., Pecha, A.: Optimal ate pairing on elliptic curves with embedding degree 9, 15 and 27. IACR Cryptology ePrint Archive, 2016:1187 (2016). http://eprint.iacr.org/2016/1187
  20. 20.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010). http://eprint.iacr.org/2006/372/MathSciNetCrossRefGoogle Scholar
  21. 21.
    Galbraith, S.D., Paterson, K.G. (eds.): Pairing 2008. LNCS, vol. 5209. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85538-5CrossRefzbMATHGoogle Scholar
  22. 22.
    Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Asiacrypt 2002 [52], pp. 548–566 (2002). http://www.cs.ucdavis.edu/~franklin/ecs228/pubs/extra_pubs/hibe.pdfGoogle Scholar
  23. 23.
    Gu, H., Gu, D., Xie, W.L.: Efficient pairing computation on elliptic curves in Hessian form. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 169–176. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24209-0_11CrossRefGoogle Scholar
  24. 24.
    Hess, F., Smart, N.P., Vercauteren, F.: The Eta pairing revisited. IEEE Trans. Inf. Theor. 52(10), 4595–4602 (2006). http://eprint.iacr.org/2006/110MathSciNetCrossRefGoogle Scholar
  25. 25.
    Hışıl, H.: Elliptic curves, group law, and efficient computation. Ph.D. thesis, Queensland University of Technology (2010)Google Scholar
  26. 26.
    Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Eurocrypt 2002 [36], pp. 466–481 (2002). http://theory.stanford.edu/~horwitz/pubs/hibe.pdfCrossRefGoogle Scholar
  27. 27.
    Ionica, S., Joux, A.: Another approach to pairing computation in Edwards coordinates. In: INDOCRYPT 2008 [14], pp. 400–413 (2008)CrossRefGoogle Scholar
  28. 28.
    Iwata, T., Cheon, J.H. (eds.): ASIACRYPT 2015. LNCS, vol. 9452. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6CrossRefzbMATHGoogle Scholar
  29. 29.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: ANTS-IV [11], pp. 385–393 (2000). http://cgi.di.uoa.gr/~aggelos/crypto/page4/assets/joux-tripartite.pdfGoogle Scholar
  30. 30.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Joux, A., Pierrot, C.: The special number field sieve in \(\mathbb{F}_{p^n}\), application to pairing-friendly constructions. In: Pairing 2013 [12], pp. 45–61 (2013)Google Scholar
  32. 32.
    Joye, M., Quisquater, J.-J.: Hessian elliptic curves and side-channel attacks. In: CHES 2001 [13], pp. 402–410 (2001). http://joye.site88.net/CrossRefGoogle Scholar
  33. 33.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Pairing 2008 [21], pp. 126–135 (2008)Google Scholar
  34. 34.
    Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8CrossRefzbMATHGoogle Scholar
  35. 35.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: CRYPTO 2016 [46], pp. 543–571 (2016)CrossRefGoogle Scholar
  36. 36.
    Knudsen, L.R. (ed.): EUROCRYPT 2002. LNCS, vol. 2332. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7CrossRefzbMATHGoogle Scholar
  37. 37.
    Kurosawa, K. (ed.): ASIACRYPT 2007. LNCS, vol. 4833. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-76900-2CrossRefzbMATHGoogle Scholar
  38. 38.
    Lange, T., Lauter, K., Lisoněk, P. (eds.): SAC 2013. LNCS, vol. 8282. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43414-7CrossRefzbMATHGoogle Scholar
  39. 39.
    Lauter, K., Rodríguez-Henríquez, F. (eds.): LATINCRYPT 2015. LNCS, vol. 9230. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-22174-8CrossRefzbMATHGoogle Scholar
  40. 40.
    Li, L., Wu, H., Zhang, F.: Pairing computation on Edwards curves with high-degree twists. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 185–200. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-12087-4_12CrossRefGoogle Scholar
  41. 41.
    Lin, X., Zhao, C., Zhang, F., Wang, Y.: Computing the ate pairing on elliptic curves with embedding degree k = 9. IEICE Trans. 91–A(9), 2387–2393 (2008)CrossRefGoogle Scholar
  42. 42.
    Matsui, M., Zuccherato, R.J. (eds.): SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004).  https://doi.org/10.1007/b96837CrossRefGoogle Scholar
  43. 43.
    El Mrabet, N., Guillermin, N., Ionica, S.: A study of pairing computation for elliptic curves with embedding degree 15. IACR Cryptology ePrint Archive, 2009:370 (2009). http://eprint.iacr.org/2009/370
  44. 44.
    Oswald, E., Fischlin, M. (eds.): EUROCRYPT 2015. LNCS, vol. 9056. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5CrossRefzbMATHGoogle Scholar
  45. 45.
    Preneel, B., Tavares, S. (eds.): SAC 2005. LNCS, vol. 3897. Springer, Heidelberg (2006).  https://doi.org/10.1007/11693383CrossRefzbMATHGoogle Scholar
  46. 46.
    Robshaw, M., Katz, J. (eds.): CRYPTO 2016. LNCS, vol. 9814. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4CrossRefzbMATHGoogle Scholar
  47. 47.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Eurocrypt 2005 [16], pp. 457–473 (2005). http://eprint.iacr.org/2004/086/Google Scholar
  48. 48.
    Shacham, H., Waters, B. (eds.): Pairing 2009. LNCS, vol. 5671. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03298-1CrossRefzbMATHGoogle Scholar
  49. 49.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009).  https://doi.org/10.1007/978-0-387-09494-6CrossRefzbMATHGoogle Scholar
  50. 50.
    Smart, N.P.: The Hessian form of an Hessian curve. In: CHES 2001 [13], pp. 118–125 (2001)Google Scholar
  51. 51.
    Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theor. 56(1), 455–461 (2010)MathSciNetCrossRefGoogle Scholar
  52. 52.
    Zheng, Y. (ed.): ASIACRYPT 2002. LNCS, vol. 2501. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-36178-2CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.INRIA and ENS de LyonLyon Cedex 07France
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands

Personalised recommendations