Application of Scalar Multiplication of Edwards Curves to Pairing-Based Cryptography

  • Takanori Yasuda
  • Tsuyoshi Takagi
  • Kouichi Sakurai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7631)


Edwards curves have efficient scalar multiplication algorithms, and their application to pairing-based cryptography has been studied. In particular, if a pairing-friendly curve used in a pairing-based protocol is isomorphic to an Edwards curve, all the scalar multiplication appearing in the protocol can be computed efficiently. In this paper, we extend this idea to pairing-friendly curves not isomorphic but isogenous to Edwards curves, and add to pairing-friendly curves to which Edwards curves can be applied. Above all, pairing-friendly curves with smaller ρ-values provide more efficient pairing computation. Therefore, we investigate whether pairing-friendly curves with the minimal ρ-values are isogenous to Edwards curves for embedding degree up to 50. Based on the investigation, we present parameters of pairing-friendly curves with 160-bit and 256-bit security level at embedding degree 16 and 24, respectively. These curves have the minimal ρ-values and are not isomorphic but isogenous to Edwards curves, and thus our proposed method is effective for these curves.


Pairing-friendly curves Edwards curves embedding degree 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aréne, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster Pairing Computation of the Tate Pairing. Journal of Number Theory 131, 842–847 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Atkin, A.O.L., Morain, F.: Elliptic Curves and Primarity Proving. Math. Comp. 61(203), 29–68 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Bach, E., Shallit, J.: Algorithmic number theory. Efficient algorithms. Foundations of Computing Series, vol. 1. MIT Press, Cambridge (1996)Google Scholar
  4. 4.
    Balasubramanian, R., Koblitz, N.: The Improbability that an Elliptic Curve has Subexponential Discrete Log Problem under the Menezes-Okamoto-Vanstone Algorithm. J. Cryptology 11(2), 141–145 (1998)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Galbraith, S., O’hEigeartaigh, C., Scott, M.: Efficient Pairing Computation on Supersingular Abelian Varieties. Designs, Codes and Cryptography, 239–271 (2004)Google Scholar
  6. 6.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing Elliptic Curves with Prescribed Embedding Degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Benger, N., Scott, M.: Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 180–195. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards Curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Bernstein, D.J., Lange, T.: Faster Addition and Doubling on Elliptic Curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Boyen, X.: Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Brezing, F., Weng, A.: Elliptic Curves Suitable for Pairing based Cryptography. Designs, Codes and Cryptography 37, 133–141 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Cocks, C., Pinch, R.G.E.: Identity-based Cryptosystems based on the Weil pairing. Unpublished manuscript (2001)Google Scholar
  15. 15.
    Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Das, M.P.L., Sarkar, P.: Pairing Computation on Twisted Edwards Form Elliptic Curves. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 192–210. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Dupont, P., Enge, A., Morain, F.: Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields. Journal of Cryptology 18, 79–89 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Edwards, H.M.: A Normal Form for Elliptic Curves. Bulletin of the American Mathematical Society 44, 393–422 (2007)zbMATHCrossRefGoogle Scholar
  19. 19.
    Freeman, D.: Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 452–465. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Freeman, D., Scott, M., Teske, E.: A Taxonomy of Pairing-Friendly Elliptic Curves. Journal of Cryptology 23(2), 224–280 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Fouquet, M., Morain, F.: Isogeny Volcanoes and the SEA Algorithm. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 276–291. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Galbraith, S.D., McKee, J., Valença, P.: Ordinary Abelian Varieties Having Small Embedding Degree. Finite Fields and Their Applications 13, 800–814 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Gentry, C.: Practical Identity-Based Encryption Without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Hess, F., Smart, N., Vercauteren, F., Berlin, T.U.: The Eta Pairing Revisited. IEEE Transactions on Information Theory 52, 4595–4602 (2006)zbMATHCrossRefGoogle Scholar
  25. 25.
    Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted Edwards Curves Revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Ionica, S., Joux, A.: Another Approach to Pairing Computation in Edwards Coordinates. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 400–413. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Koblitz, N., Menezes, A.: Pairing-Based Cryptography at High Security Levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Kohel, D.: Endomorphism Rings of Elliptic Curves over Finite Fields. PhD thesis, University of California at Berkeley (1996)Google Scholar
  30. 30.
    Miyaji, A., Nakabayashi, M., Takano, S.: New Explicit Conditions of Elliptic Curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)Google Scholar
  31. 31.
    Morain, F.: Edwards Curves and CM Curves (2009),
  32. 32.
    Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on Pairing. In: SCIS 2000 (2000)Google Scholar
  34. 34.
    Scott, M., Barreto, P.S.L.M.: Generating more MNT Elliptic Curves. Designs, Codes and Cryptography 38, 209–217 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  35. 35.
    Scott, M.: Computing the Tate Pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  36. 36.
    Scott, M.: On the Efficient Implementation of Pairing-Based Protocols. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 296–308. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  37. 37.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Tanaka, S., Nakamula, K.: Constructing Pairing-Friendly Elliptic Curves Using Factorization of Cyclotomic Polynomials. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 136–145. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  39. 39.
    Vélu, J.: Isogenies entre courbes elliptiques. Comptes Rendus De L’Academie Des Sciences Paris, Serie I-Mathematique, Serie A 273, 238–241 (1971)zbMATHGoogle Scholar
  40. 40.
    Waters, B.: Efficient Identity-Based Encryption Without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  41. 41.
    Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Takanori Yasuda
    • 1
  • Tsuyoshi Takagi
    • 2
  • Kouichi Sakurai
    • 1
    • 3
  1. 1.Institute of Systems, Information Technologies and NanotechnologiesJapan
  2. 2.Institute of Mathematics for IndustryKyushu UniversityJapan
  3. 3.Department of InformaticsKyushu UniversityJapan

Personalised recommendations