On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves

  • Michael Scott
  • Naomi Benger
  • Manuel Charlemagne
  • Luis J. Dominguez Perez
  • Ezekiel J. Kachisa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5671)


When performing a Tate pairing (or a derivative thereof) on an ordinary pairing-friendly elliptic curve, the computation can be looked at as having two stages, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of “truncated loop” pairings like the R-ate pairing [18]), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing-friendly elliptic curves to reduce to a minimum the computation required for the final exponentiation.


Tate pairing addition sequences addition chains 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avanzi, R., Cohen, H., Doche, D., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman and Hall/CRC, Boca Raton (2006)MATHGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography, vol. 2. Cambridge University Press, Cambridge (2005)CrossRefMATHGoogle Scholar
  7. 7.
    Bos, J., Coster, M.: Addition chain heuristics. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 400–407. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Brezing, F., Weng, A.: Elliptic curves suitable for pairing based cryptography. Designs, Codes and Cryptology 37, 133–141 (2005)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Doche, C., Lange, T.: Arithmetic of elliptic curves. In: Handbook of Elliptic and Hyperelliptic Curve Cryptography, pp. 267–302. Chapman & Hall/CRC, Boca Raton (2006)Google Scholar
  11. 11.
    Downey, L., Sethi: Computing sequences with addition chains. Siam Journal of Computing 3, 638–696 (1981)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Freeman, D.: Constructing pairing-friendly elliptic curves with embedding degree 10. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 452–465. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing friendly elliptic curves. Cryptology ePrint Archive, Report 2006/372 (2006), http://eprint.iacr.org/2006/372
  14. 14.
    Granger, R., Page, D., Smart, N.P.: High security pairing-based cryptography revisited. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 480–494. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Hankerson, D., Menezes, A., Scott, M.: Software implementation of pairings. CACR Technical Report (2008), http://www.cacr.math.uwaterloo.ca/
  16. 16.
    Hei, L., Dong, J., Pei, D.: Implementation of cryptosystems based on Tate pairing. J. Comput. Sci. & Technology 20(2), 264–269 (2005)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Kachisa, E., Schaefer, E., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Lee, E., Lee, H.-S., Park, C.-M.: Efficient and generalized pairing computation on abelian varieties. Cryptology ePrint Archive, Report 2008/040 (2008), http://eprint.iacr.org/2008/040
  19. 19.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of applied cryptography. CRC Press, Boca Raton (1996), http://cacr.math.uwaterloo.ca/hac CrossRefMATHGoogle Scholar
  20. 20.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)MATHGoogle Scholar
  21. 21.
    Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On compressible pairings and their computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Nogami, Y., Akane, M., Sakemi, Y., Kato, H., Morikawa, Y.: Integer variable X-based ate pairing. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 178–191. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Olivos, J.: On vectorial addition chains. Journal of Algorithms 2, 13–21 (1981)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Scott, M., Barreto, P.: Compressed pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004), http://eprint.iacr.org/2004/032/ CrossRefGoogle Scholar
  25. 25.
    Stam, M., Lenstra, A.K.: Efficient subgroup exponentiation in quadratic and sixth degree extensions. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 318–332. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Michael Scott
    • 1
  • Naomi Benger
    • 1
  • Manuel Charlemagne
    • 1
  • Luis J. Dominguez Perez
    • 1
  • Ezekiel J. Kachisa
    • 1
  1. 1.School of ComputingDublin City University, BallymunDublin 9Ireland

Personalised recommendations