On the Selection of Pairing-Friendly Groups

  • Paulo S. L. M. Barreto
  • Ben Lynn
  • Michael Scott
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3006)

Abstract

We propose a simple algorithm to select group generators suitable for pairing-based cryptosystems. The selected parameters are shown to favor implementations of the Tate pairing that are at once conceptually simple and efficient, with an observed performance about 2 to 10 times better than previously reported implementations, depending on the embedding degree. Our algorithm has beneficial side effects: various non-pairing operations become faster, and bandwidth may be saved.

Keywords

pairing-based cryptosystems group generators elliptic curves Tate pairing 

References

  1. 1.
    Balasubramanian, R., Koblitz, N.: The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm. Journal of Cryptology 11(2), 141–145 (1998)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 377–387. Springer, Heidelberg (2002)Google Scholar
  3. 3.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 263–273. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press, London (1999)MATHGoogle Scholar
  5. 5.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Mironov, I., Shoup, V.: A secure signature scheme from bilinear maps. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 98–110. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Coppersmith, D.: Fast evaluation of logarithms in fields of characteristics two. IEEE Transactions on Information Theory 30, 587–594 (1984)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Dupont, R., Enge, A., Morain, F.: Building curves with arbitrary small MOV degree over finite prime fields. Cryptology ePrint Archive, Report 2002/094 (2002), http://eprint.iacr.org/2002/094
  9. 9.
    Duursma, I., Lee, H.-S.: Tate-pairing implementations for tripartite key agreement. Cryptology ePrint Archive, Report 2003/053 (2003), http://eprint.iacr.org/2003/053
  10. 10.
    Eisentraeger, K., Lauter, K., Montgomery, P.L.: Fast elliptic curve arithmetic and improved Weil pairing evaluation. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 343–354. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves. Mathematics of Computation 62, 865–874 (1994)MATHMathSciNetGoogle Scholar
  12. 12.
    Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Izu, T., Takagi, T.: Efficient computations of the Tate pairing for the large MOV degrees. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 283–297. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Lidl, R., Niederreiter, H.: Finite Fields, 2nd edn. Encyclopedia of Mathematics and its Applications, vol. 20. Cambridge University Press, Cambridge (1997)Google Scholar
  15. 15.
    Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Menezes, J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)MATHGoogle Scholar
  17. 17.
    Miller, V.: Short programs for functions on curves (1986) (unpublished manuscript)Google Scholar
  18. 18.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Paulo S. L. M. Barreto
    • 1
  • Ben Lynn
    • 2
  • Michael Scott
    • 3
  1. 1.Escola PolitécnicaUniversidade de São PauloSão PauloBrazil
  2. 2.Computer Science DepartmentStanford UniversityUSA
  3. 3.School of Computer ApplicationsDublin City University BallymunDublin 9Ireland

Personalised recommendations