Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions

  • Robert Granger
  • Michael Scott
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6056)


This paper describes an extremely efficient squaring operation in the so-called ‘cyclotomic subgroup’ of \(\mathbb{F}_{q^6}^{\times}\), for \(q \equiv 1 \bmod{6}\). Our result arises from considering the Weil restriction of scalars of this group from \(\mathbb{F}_{q^6}\) to \(\mathbb{F}_{q^2}\), and provides efficiency improvements for both pairing-based and torus-based cryptographic protocols. In particular we argue that such fields are ideally suited for the latter when the field characteristic satisfies \(p \equiv 1 \pmod{6}\), and since torus-based techniques can be applied to the former, we present a compelling argument for the adoption of a single approach to efficient field arithmetic for pairing-based cryptography.


Pairing-based cryptography torus-based cryptography finite field arithmetic 


  1. 1.
    Bailey, D.V., Paar, C.: Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 472–485. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    Barreto, P., Galbraith, S.D., ÓhÉigeartaigh, C., Scott, M.: Efficient Pairing Computation on Supersingular Abelian Varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Barreto, P., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Benger, N., Scott, M.: Constructing Tower Extensions for the implementation of Pairing-Based Cryptography (Preprint)Google Scholar
  6. 6.
    Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (2005)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Chung, J., Hasan, M.A.: Asymmetric Squaring Formulae. In: IEEE Symposium on Computer Arithmetic, pp. 113–122 (2007)Google Scholar
  9. 9.
    Devegili, A.J., ÓhÉigeartaigh, C., Scott, M., Dahab, R.: Multiplication and Squaring on Pairing-Friendly Fields,
  10. 10.
    Devegili, A.J., Scott, M., Dahab, R.: Implementing Cryptographic Pairings over Barreto-Naehrig Curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    van Dijk, M., Granger, R., Page, D., Rubin, K., Silverberg, A., Stam, M., Woodruff, D.: Practical cryptography in high dimensional tori. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 234–250. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Galbraith, S.D., Scott, M.: Exponentiation in Pairing-Friendly Groups Using Homomorphisms. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 211–224. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Gallant, R., Lambert, J., Vanstone, S.: Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 190–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Granger, R., Page, D., Smart, N.P.: High Security Pairing-Based Cryptography Revisited. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 480–494. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Granger, R., Page, D., Stam, M.: A Comparison of CEILIDH and XTR. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 235–249. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Granger, R., Page, D., Stam, M.: On Small Characteristic Algebraic Tori in Pairing-based Cryptography. LMS Journal of Computation and Mathematics 9, 64–85 (2006)MATHMathSciNetGoogle Scholar
  18. 18.
    Hess, F., Vercauteren, F., Smart, N.P.: The Eta Pairing Revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)CrossRefMathSciNetGoogle Scholar
  19. 19.
    IEEE Draft Standard for Identity-based Public-key Cryptography using Pairings, P1636.3/D1 (2008),
  20. 20.
    IEEE Draft Standard for identity-based cryptographic techniques using pairings, P1363.3/D3 (2009),
  21. 21.
    Joux, A.: A One Round Protocol for Tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Karatsuba, A., Ofman, Y.: Multiplication of Many-Digital Numbers by Automatic Computers. Soviet Physics Doklady 7, 595–596 (1963)Google Scholar
  24. 24.
    Koblitz, N., Menezes, A.J.: Pairing-Based Cryptography at High Security Levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Lee, E., Lee, H.S., Park, C.M.: Efficient and Generalized Pairing Computation on Abelian Varieties. IEEE Transactions on Information Theory 55(4), 1793–1803 (2009)CrossRefGoogle Scholar
  26. 26.
    Lenstra, A.K., Verheul, E.: The XTR Public Key System. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 1–19. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  27. 27.
    Lim, S., Kim, S., Yie, I., Kim, J., Lee, H.: XTR extended to GF(p\(^{\mbox{6m}}\)). In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 301–312. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals E84-A (5), 1234–1243 (2001)Google Scholar
  29. 29.
    Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On Compressible Pairings and their Computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  30. 30.
    Rubin, K., Silverberg, A.: Torus-Based Cryptography. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 349–365. Springer, Heidelberg (2003)Google Scholar
  31. 31.
    Scott, M., Barreto, P.: Compressed Pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004)Google Scholar
  32. 32.
    Scott, M., Benger, N., Charlemagne, M., Perez, L.J.D., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H. (ed.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)Google Scholar
  33. 33.
    Smith, P., Skinner, C.: A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 357–364. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  34. 34.
    Stam, M., Lenstra, A.K.: Efficient Subgroup Exponentiation in Quadratic and Sixth Degree Extensions. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 318–332. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  35. 35.
    Stam, M., Lenstra, A.K.: Speeding Up XTR. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 125–143. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  36. 36.
    Toom, A.L.: The Complexity of a Scheme of Functional Elements realizing the Multiplication of Integers. Soviet Mathematics 4(3), 714–716 (1963)Google Scholar
  37. 37.
    Weil, A.: Adeles and algebraic groups. Progress in Mathematics, vol. 23. Birkhäuser, Boston (1982)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Robert Granger
    • 1
  • Michael Scott
    • 1
  1. 1.Claude Shannon Institute School of ComputingDublin City UniversityGlasnevin, Dublin 9Ireland

Personalised recommendations