Constructing Symmetric Pairings over Supersingular Elliptic Curves with Embedding Degree Three

  • Tadanori Teruya
  • Kazutaka Saito
  • Naoki Kanayama
  • Yuto Kawahara
  • Tetsutaro Kobayashi
  • Eiji Okamoto
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8365)


In the present paper, we propose constructing symmetric pairings by applying the Ate pairing to supersingular elliptic curves over finite fields that have large characteristics with embedding degree three. We also propose an efficient algorithm of the Ate pairing on these curves. To construct the algorithm, we apply the denominator elimination technique and the signed-binary approach to the Miller’s algorithm, and improve the final exponentiation. We then show the efficiency of the proposed method through an experimental implementation.


supersingular elliptic curves symmetric pairings 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adj, G., et al.: Weakness of \(\mathbb{F}_{3^{6.509}}\) for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 19–43. Springer, Heidelberg (2014)Google Scholar
  2. 2.
    Adleman, L.M.: The function field sieve. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Galbraith, S.D., ÓhÉigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Des. Codes Cryptography 42(3), 239–271 (2007)CrossRefzbMATHGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-speed software implementation of the optimal ate pairing over barreto–naehrig curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 21–39. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: [19], pp. 213–229Google Scholar
  7. 7.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3-4), 235–265 (1997); Computational algebra and number theory, London (1993)Google Scholar
  9. 9.
    Chatterjee, S., Hankerson, D., Knapp, E., Menezes, A.: Comparing two pairing-based aggregate signature schemes. Des. Codes Cryptography 55(2-3), 141–167 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptology 23(2), 224–280 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Applied Mathematics 156(16), 3113–3121 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Gallant, R., Lambert, R., Vanstone, S.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: [19], pp. 190–200 (2001)Google Scholar
  13. 13.
    Gaudry, P., Thomé, E., Thériault, N., Diem, C.: A double large prime variation for small genus hyperelliptic index calculus. Mathematics of Computation 76, 475–492 (2004)CrossRefGoogle Scholar
  14. 14.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag New York, Inc., Secaucus (2004)zbMATHGoogle Scholar
  15. 15.
    Hayashi, T., et al.: Breaking pairing-based cryptosystems using η T pairing over GF(397). In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 43–60. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Joux, A.: Discrete logarithms in GF(26168) [ = GF((2257)24)]. NMBRTHRY list (May 21, 2013),;49bb494e.1305
  18. 18.
    Joux, A., Pierrot, C.: The special number field sieve in \(\mathbb{F}_{p^{n}}\), application to pairing-friendly constructions. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 45–61. Springer, Heidelberg (2014)Google Scholar
  19. 19.
    Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  20. 20.
    Lee, E., Lee, H.S., Park, C.M.: Efficient and generalized pairing computation on abelian varieties. IEEE Transactions on Information Theory 55(4), 1793–1803 (2009)CrossRefGoogle Scholar
  21. 21.
    Lin, X., Zhao, C., Zhang, F., Wang, Y.: Computing the ate pairing on elliptic curves with embedding degree k = 9. IEICE Transactions 91-A(9), 2387–2393 (2008)CrossRefGoogle Scholar
  22. 22.
    Miller, V.S.: The Weil pairing, and its efficient calculation. J. Cryptology 17(4), 235–261 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Momose, F., Chao, J.: Scholten forms and elliptic/hyperelliptic curves with weak Weil restrictions. Cryptology ePrint Archive, Report 2005/277 (2005),
  24. 24.
    Nagao, K.: Improvement of Thériault algorithm of index calculus for Jacobian of hyperelliptic curves of small genus. Cryptology ePrint Archive, Report 2004/161 (2004),
  25. 25.
    Ogura, N., Uchiyama, S., Kanayama, N., Okamoato, E.: A note on the pairing computation using normalized Miller functions. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E95-A(1), 196–203 (2012)Google Scholar
  26. 26.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: 2000 Symposium on Cryptography and Information Security (SCIS 2000), pp. 26–28 (January 2000) C20Google Scholar
  27. 27.
    Scholten, J.: Weil restriction of an elliptic curve over a quadratic extension (2003) (preprint),
  28. 28.
    Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)CrossRefMathSciNetGoogle Scholar
  29. 29.
    Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Cryptology 17(4), 277–296 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  31. 31.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Zhao, C., Zhang, F., Huang, J.: A note on the ate pairing. Int. J. Inf. Sec. 7(6), 379–382 (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Tadanori Teruya
    • 1
  • Kazutaka Saito
    • 2
  • Naoki Kanayama
    • 3
  • Yuto Kawahara
    • 4
  • Tetsutaro Kobayashi
    • 4
  • Eiji Okamoto
    • 3
  1. 1.Research Institute for Secure SystemsNational Institute of Advanced Industrial Science and TechnologyTsukuba-shiJapan
  2. 2.Internet Initiative Japan Inc.Chiyoda-kuJapan
  3. 3.Faculty of Systems and Information EngineeringUniversity of TsukubaTsukuba-shiJapan
  4. 4.NTT Secure Platform LaboratoriesMusashino-shiJapan

Personalised recommendations