Fast Hashing to G2 on Pairing-Friendly Curves

  • Michael Scott
  • Naomi Benger
  • Manuel Charlemagne
  • Luis J. Dominguez Perez
  • Ezekiel J. Kachisa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5671)


Pairings on elliptic curves usually take as input a point in a subgroup G 1 of an elliptic curve group \(E({\mathbb{F}}_p)\) and a point in a subgroup G 2 of \(E'({\mathbb{F}}_{p^d})\) for some twist E′ of E. In this paper we consider the problem of hashing to G 2 when the group G 2 has prime order. The naive approach requires multiplication in the group \(E'({\mathbb{F}}_{p^d})\) by a large cofactor. Our main result is to describe a fast method to compute this cofactor multiplication; our method exploits an efficiently computable homomorphism.


Tate pairing addition chains 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avanzi, R., Cohen, H., Doche, D., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman and Hall/CRC, Boca Raton (2006)zbMATHGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography, vol. 2. Cambridge University Press, Cambridge (2005)zbMATHGoogle Scholar
  5. 5.
    Freeman, D.: Constructing pairing-friendly elliptic curves with embedding degree 10. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 452–465. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing friendly elliptic curves. Cryptology ePrint Archive, Report 2006/372 (2006),
  7. 7.
    Galbraith, S., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Galbraith, S., Scott, M.: Exponentiation in pairing-friendly groups using homomorphisms. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 211–224. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curves Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  10. 10.
    Hess, F., Smart, N., Vercauteren, F.: The eta pairing revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Kachisa, E., Schaefer, E., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Lee, E., Lee, H.-S., Park, C.-M.: Efficient and generalized pairing computation on abelian varieties. Cryptology ePrint Archive, Report 2008/040 (2008),
  13. 13.
    Menezes, A.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)CrossRefzbMATHGoogle Scholar
  14. 14.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)zbMATHGoogle Scholar
  15. 15.
    Olivos, J.: On vectorial addition chains. Journal of Algorithms 2, 13–21 (1981)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Michael Scott
    • 1
  • Naomi Benger
    • 1
  • Manuel Charlemagne
    • 1
  • Luis J. Dominguez Perez
    • 1
  • Ezekiel J. Kachisa
    • 1
  1. 1.School of ComputingDublin City University, BallymunDublin 9Ireland

Personalised recommendations