Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography

  • Naomi Benger
  • Michael Scott
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6087)


A cryptographic pairing evaluates as an element of a finite extension field, and the evaluation itself involves a considerable amount of extension field arithmetic. It is recognised that organising the extension field as a “tower” of subfield extensions has many advantages. Here we consider criteria that apply when choosing the best towering construction, and the associated choice of irreducible polynomials for the implementation of pairing-based cryptosystems. We introduce a method for automatically constructing efficient towers for more classes of finite fields than previous methods, some of which allow faster arithmetic.

We also show that for some families of pairing-friendly elliptic curves defined over \(\mathbb{F}_{p}\) there are a large number of instances for which an efficient tower extension \(\mathbb{F}_{p^k}\) is given immediately if the parameter defining the prime characteristic of the field satisfies a few easily checked equivalences.


Extension Fields Pairing implementation pairing-based cryptosystems Euler’s Conjectures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    IEEE P1363.3: Standard for identity-based cryptographic techniques using pairings. Draft 3: Section 5.3.2,
  2. 2.
    Arène, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster computation of the Tate pairing. Cryptology ePrint Archive, Report 2009/155 (2009),
  3. 3.
    Bailey, D., Paar, C.: Optimal extension fields for fast arithmetic in public-key algorithms. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 472–485. Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 263–273. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005)Google Scholar
  8. 8.
    Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over Barreto-Naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Dominguez Perez, L.J., Scott, M.: Automatic generation of optimised cryptographic pairing functions. In: SPEED-CC Workshop Record– Software Performance Enhancement for Encryption and Decryption and Cryptographic Compilers, vol. 1, pp. 55–71 (2009)Google Scholar
  10. 10.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology 23 (2010)Google Scholar
  11. 11.
    Galbraith, S., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing based cryptography. LMS Journal of Computation and Mathematics 9, 64–85 (2006)MATHMathSciNetGoogle Scholar
  13. 13.
    Hess, F., Smart, N., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Information Theory 52, 4595–4602 (2006)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Kachisa, E., Schaefer, E., Scott, M.: Constructing Brezing-Weng pairing friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Lee, E., Lee, H., Park, C.: Efficient and generalized pairing computation on abelian varieties. IEEE Trans. Information Theory 55, 1793–1803 (2009)CrossRefGoogle Scholar
  17. 17.
    Lemmermeyer, F.: Reciprocity Laws: From Euler to Eisenstein. Springer Monographs in Mathematics. Springer, Heidelberg (2000)MATHGoogle Scholar
  18. 18.
    Lidl, R., Niederreiter, H.: Finite Fields, 2nd edn. Encyclopedia of Mathematics and its Applications, vol. 20. Cambridge University Press, Cambridge (1997)Google Scholar
  19. 19.
    Baktır, S., Sunar, B.: Optimal tower fields. IEEE Transactions on Computers 53(10), 1231–1243 (2004)CrossRefGoogle Scholar
  20. 20.
    Scott, M.: A note on twists for pairing friendly curves,
  21. 21.
    Scott, M., Barreto, P.: Compressed pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004), Google Scholar
  22. 22.
    Shirase, M.: Universally constructing 12-th degree extension field for ate pairing. Cryptology ePrint Archive, Report 2009/623 (2009),
  23. 23.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106. Springer, New York (1986)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Naomi Benger
    • 1
  • Michael Scott
    • 1
  1. 1.School of ComputingDublin City UniversityBallymun, Dublin 9Ireland

Personalised recommendations