Advertisement

Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings

  • Craig Costello
  • Kristin Lauter
  • Michael Naehrig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7107)

Abstract

Barreto-Lynn-Scott (BLS) curves are a stand-out candidate for implementing high-security pairings. This paper shows that particular choices of the pairing-friendly search parameter give rise to four subfamilies of BLS curves, all of which offer highly efficient and implementation-friendly pairing instantiations.

Curves from these particular subfamilies are defined over prime fields that support very efficient towering options for the full extension field. The coefficients for a specific curve and its correct twist are automatically determined without any computational effort. The choice of an extremely sparse search parameter is immediately reflected by a highly efficient optimal ate Miller loop and final exponentiation. As a resource for implementors, we give a list with examples of implementation-friendly BLS curves through several high-security levels.

Keywords

Pairing-friendly high-security pairings BLS curves 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aranha, D.F., Karabina, K., Longa, P., Gebotys, C.H., López, J.: Faster Explicit Formulas for Computing Pairings Over Ordinary Curves. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 48–68. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management - part 1: General (revised). Technical report, NIST National Institute of Standards and Technology, Published as NIST Special Publication 800–57 (2007), http://csrc.nist.gov/groups/ST/toolkit/documents/SP800-57Part1_3-8-07.pdf
  3. 3.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing Elliptic Curves with Prescribed Embedding Degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Benger, N.: Cryptographic Pairings: Efficiency and DLP Security. PhD thesis, Dublin City University (May 2010)Google Scholar
  6. 6.
    Benger, N., Scott, M.: Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 180–195. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Beuchat, J.-L., González-Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-Speed Software Implementation of the Optimal Ate Pairing Over Barreto–Naehrig Curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 21–39. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Costello, C., Hişil, H., Boyd, C., Nieto, J.M.G., Wong, K.K.-H.: Faster pairings on special Weierstrass curves. In: Shacham and Waters [30], pp. 89–101 (2009)Google Scholar
  9. 9.
    Costello, C., Lange, T., Naehrig, M.: Faster Pairing Computations on Curves with High-Degree Twists. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 224–242. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Devegili, A.J., hÉigeartaigh, C.Ó., Scott, M., Dahab, R.: Multiplication and squaring on pairing-friendly fields. Cryptology ePrint Archive, Report 2006/471 (2006), http://eprint.iacr.org/
  11. 11.
    Dominguez Perez, L.J., Scott, M.: Private communication (November 2010)Google Scholar
  12. 12.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptology 23(2), 224–280 (2010)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Granger, R., Scott, M.: Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 209–223. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Hankerson, D., Menezes, A.J., Scott, M.: Software implementation of pairings. In: Joye, M., Neven, G. (eds.) Identity-Based Cryptography, pp. 188–206. IOS Press (2008)Google Scholar
  15. 15.
    Heß, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Transactions on Information Theory 52, 4595–4602 (2006)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Ireland, K., Rosen, M.: A Classical Introduction to Modern Number Theory. Graduate texts in mathematics, vol. 84. Springer, Heidelberg (1990)MATHGoogle Scholar
  17. 17.
    Karabina, K.: Squaring in cyclotomic subgroups. Cryptology ePrint Archive, Report 2010/542 (2010), http://eprint.iacr.org/
  18. 18.
    Lauter, K., Montgomery, P.L., Naehrig, M.: An Analysis of Affine Coordinates for Pairing Computation. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 1–20. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Miller, V.S.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17, 235–261 (2004)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Naehrig, M.: Constructive and computational aspects of cryptographic pairings. PhD thesis, Eindhoven University of Technology (May 2009)Google Scholar
  21. 21.
    Naehrig, M., Barreto, P.S.L.M., Schwabe, P.: On Compressible Pairings and Their Computation. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 371–388. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Naehrig, M., Niederhagen, R., Schwabe, P.: New Software Speed Records for Cryptographic Pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Pereira, G.C.C.F., Simplício Jr., M.A., Naehrig, M., Barreto, P.S.L.M.: A family of implementation-friendly BN elliptic curves. Journal of Systems and Software 84(8), 1319–1326 (2011), http://cryptojedi.org/papers/#fast-bn CrossRefGoogle Scholar
  24. 24.
    Rubin, K., Silverberg, A.: Choosing the correct elliptic curve in the CM method. Mathematics of Computation 79, 545–561 (2010)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Scott, M.: Scaling security in pairing-based protocols. Cryptology ePrint Archive, Report 2005/139 (2005), http://eprint.iacr.org/
  26. 26.
    Scott, M.: A note on twists for pairing friendly curves (February 2009), Personal webpage ftp://ftp.computing.dcu.ie/pub/resources/crypto/twists.pdf
  27. 27.
    Scott, M.: On the efficient implementation of pairing-based protocols. Cryptology ePrint Archive, Report 2011/334 (2011), http://eprint.iacr.org/
  28. 28.
    Scott, M., Barreto, P.S.L.M.: Compressed Pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: Shacham and Waters [30], pp. 78–88 (2009)Google Scholar
  30. 30.
    Shacham, H., Waters, B. (eds.): Pairing 2009. LNCS, vol. 5671. Springer, Heidelberg (2009)MATHGoogle Scholar
  31. 31.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate texts in mathematics, vol. 106. Springer, Heidelberg (1986)MATHGoogle Scholar
  32. 32.
    Smart, N. (ed.): ECRYPT II yearly report on algorithms and keysizes (2009-2010). Technical report, ECRYPT II – European Network of Excellence in Cryptology, EU FP7, ICT-2007-216676, Published as deliverable D.SPA.13 (2010), http://www.ecrypt.eu.org/documents/D.SPA.13.pdf
  33. 33.
    Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Craig Costello
    • 1
    • 2
  • Kristin Lauter
    • 2
  • Michael Naehrig
    • 2
    • 3
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia
  2. 2.Microsoft ResearchRedmondUSA
  3. 3.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands

Personalised recommendations