Advertisement

Pairings on Hyperelliptic Curves with Considering Recent Progress on the NFS Algorithms

  • Masahiro IshiiEmail author
Chapter
Part of the Mathematics for Industry book series (MFI, volume 29)

Abstract

In this paper, we analyze and reexamine the key lengths of the pairings on the hyperelliptic curves of genus 2 and considering the estimated run time of the (special) extended tower number field sieve. Pairing-based cryptosystems have become a major research topic in cryptography and have attracted more attention because of the increasing interest in the efficient and functional cryptographic protocols, e.g., functional encryption. Recently, the algorithm of number field sieve and its variants have made progress, and it is urgently necessary to estimate key lengths of pairings taking into account of impact of the algorithms. We report the detailed computational cost of the pairings on the Kawazoe–Takahashi curves of genus 2, and give the comparison of our pairing and the pairing on the BLS24 elliptic curves at the 192-bit security level. The estimated cost of our pairing is approximately 2.5 times more than the cost of the BLS24 pairing.

Keywords

Twisted ate pairing Kawazoe–Takahashi curves Key length Security levels Extended tower number field sieve Hyperelliptic curves Jacobians Discrete logarithms in finite fields 

References

  1. 1.
    D.F. Aranha, L. Fuentes-Castañeda, E. Knapp, A. Menezes, F. Rodríguez-Henríquez, Implementing pairings at the 192-bit security level, in Pairing-Based Cryptography - Pairing 2012, vol. 7708, Lecture Notes in Computer Science, ed. by M. Abdalla, T. Lange (Springer, Berlin, 2013), pp. 177–195CrossRefGoogle Scholar
  2. 2.
    J. Balakrishnan, J. Belding, S. Chisholm, K. Eisenträger, K.E. Stange, E. Teske, Pairings on hyperelliptic curves, in CoRR, http://arxiv.org/abs/0908.3731v2 (2009)
  3. 3.
    R. Barbulescu, P. Gaudry, A. Guillevic, F. Morain, Improving NFS for the discrete logarithm problem in non-prime finite fields, in Advances in Cryptology - EUROCRYPT 2015, vol. 9056, Lecture Notes in Computer Science, ed. by E. Oswald, M. Fischlin (Springer, Berlin, 2015), pp. 129–155Google Scholar
  4. 4.
    R. Barbulescu, P. Gaudry, A. Guillevic, F. Morain, Improving NFS for the discrete logarithm problem in non-prime finite fields, in Advances in Cryptology - EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I, ed. by E. Oswald, M. Fischlin (Springer, Berlin, 2015), pp. 129–155Google Scholar
  5. 5.
    R. Barbulescu, P. Gaudry, A. Joux, E. Thom, A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic, in Advances in Cryptology - EUROCRYPT 2014, vol. 8441, Lecture Notes in Computer Science, ed. by P. Nguyen, E. Oswald (Springer, Berlin, 2014), pp. 1–16CrossRefGoogle Scholar
  6. 6.
    R. Barbulescu, P. Gaudry, T. Kleinjung, The tower number field sieve, in Advances in Cryptology - ASIACRYPT 2015: 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II, ed. by T. Iwata, H.J. Cheon (Springer, Berlin, 2015), pp. 31–55CrossRefGoogle Scholar
  7. 7.
    N. Benger, M. Scott, Constructing tower extensions of finite fields for implementation of pairing-based cryptography, in Arithmetic of Finite Fields: Third International Workshop, ed. by M.A. Hasan, T. Helleseth, WAIFI 2010, Istanbul, Turkey, June 27–30, 2010. Proceedings (Springer, Berlin, 2010), pp. 180–195Google Scholar
  8. 8.
    BlueKrypt: - cryptographic key length recommendation, http://www.keylength.com (2012)
  9. 9.
    X. Fan, G. Gong, D. Jao, Speeding up pairing computations on genus 2 hyperelliptic curves with efficiently computable automorphisms, in Pairing-Based Cryptography – Pairing 2008, ed. by S. Galbraith, K. Paterson. Lecture Notes in Computer Science, vol. 5209 (Springer, Berlin, 2008), pp. 243–264. doi: 10.1007/978-3-540-85538-5_17
  10. 10.
    X. Fan, G. Gong, D. Jao, Efficient pairing computation on genus 2 curves in projective coordinates, in Selected Areas in Cryptography, vol. 5381, Lecture Notes in Computer Science, ed. by R. Avanzi, L. Keliher, F. Sica (Springer, Berlin, 2009), pp. 18–34CrossRefGoogle Scholar
  11. 11.
    D. Freeman, M. Scott, E. Teske, A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    L. Fuentes-Castañeda, E. Knapp, F. Rodríguez-Henríquez, Faster hashing to \(\mathbb{G}_2\), in Selected Areas in Cryptography: 18th International Workshop, SAC 2011, Toronto, ON, Canada, August 11–12, 2011, Revised Selected Papers, ed. by A. Miri, S. Vaudenay (Springer, Berlin, 2012), pp. 412–430CrossRefGoogle Scholar
  13. 13.
    S.D. Galbraith, X. Lin, D.J.M. Morales, Pairings on hyperelliptic curves with a real model, in Pairing-Based Cryptography – Pairing 2008, ed. by S. Galbraith, K. Paterson. Lecture Notes in Computer Science, vol. 5209 (Springer, Berlin, 2008), pp. 265–281Google Scholar
  14. 14.
    S.D. Galbraith, K.G. Paterson, N.P. Smart, Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008). doi: 10.1016/j.dam.2007.12.010
  15. 15.
    R. Granger, D. Page, N.P. Smart, High security pairing-based cryptography revisited, in Algorithmic Number Theory: 7th International Symposium, ANTS-VII, Berlin, Germany, July 23–28, 2006. Proceedings, ed. by F. Hess, S. Pauli, M. Pohst (Springer, Berlin, 2006), pp. 480–494Google Scholar
  16. 16.
    R. Granger, M. Scott, Faster squaring in the cyclotomic subgroup of sixth degree extensions, in Public Key Cryptography – PKC 2010: 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, May 26–28, 2010. Proceedings, ed. by P.Q. Nguyen, D. Pointcheval (Springer, Berlin, 2010), pp. 209–223Google Scholar
  17. 17.
    M. Ishii, Pairings on hyperelliptic curves of genus 2 at high security levels. Ph.D. thesis, Nara Institute of Science and Technology (2016), http://library.naist.jp/dspace/handle/10061/11005
  18. 18.
    J. Jeong, T. Kim, Extended tower number field sieve with application to finite fields of arbitrary composite extension degree. Cryptol. ePrint Arch. Rep. 2016/526 (2016), http://eprint.iacr.org/2016/526
  19. 19.
    A. Joux, C. Pierrot, The special number field sieve in \(\mathbb{F}_{p^n}\), application to pairing-friendly constructions, in Pairing-Based Cryptography – Pairing 2013: 6th International Conference, Beijing, China, November 22–24, 2013, Revised Selected Papers, ed. by Z. Cao, F. Zhang (Springer International Publishing, Berlin, 2014), pp. 45–61Google Scholar
  20. 20.
    K. Karabina, Squaring in cyclotomic subgroups. Math. Comput. 82(281) (2013), http://dx.doi.org/10.1090/S0025-5718-2012-02625-1
  21. 21.
    M. Kawazoe, T. Takahashi, Pairing-friendly hyperelliptic curves with ordinary jacobians of type \(y^2=x^5+ax\), in Pairing-Based Cryptography - Pairing 2008, vol. 5209, Lecture Notes in Computer Science, ed. by S. Galbraith, K. Paterson (Springer, Berlin, 2008), pp. 164–177CrossRefGoogle Scholar
  22. 22.
    T. Kim, R. Barbulescu, Extended tower number field sieve: A new complexity for the medium prime case, in Advances in Cryptology - CRYPTO 2016: 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part I, ed. by M. Robshaw, J. Katz (Springer, Berlin, 2016), pp. 543–571CrossRefGoogle Scholar
  23. 23.
    N. Koblitz, A. Menezes, Pairing-based cryptography at high security levels, in Cryptography and Coding: 10th IMA International Conference, Cirencester, UK, December 19–21, 2005. Proceedings, ed. by N.P. Smart (Springer, Berlin, 2005), pp. 13–36Google Scholar
  24. 24.
    A. Menezes, P. Sarkar, S. Singh, Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography. Cryptol. ePrint Arch. Rep. 2016/1102 (2016), http://eprint.iacr.org/2016/1102
  25. 25.
    C. Ó hÉigeartaigh, M. Scott, Pairing calculation on supersingular genus 2 curves, in Selected Areas in Cryptography: 13th International Workshop, SAC 2006, ed. by E. Biham, A.M. Youssef. Lecture Notes in Computer Science, vol. 4356 (Springer, Berlin, 2007), pp. 302–316Google Scholar
  26. 26.
    M. Scott, N. Benger, M. Charlemagne, L. Dominguez Perez, E. Kachisa, On the final exponentiation for calculating pairings on ordinary elliptic curves, in Pairing-Based Cryptography - Pairing 2009, vol. 5671, Lecture Notes in Computer Science, ed. by H. Shacham, B. Waters (Springer, Berlin, 2009), pp. 78–88CrossRefGoogle Scholar
  27. 27.
    M. Stam, A.K. Lenstra, Efficient subgroup exponentiation in quadratic and sixth degree extensions, in Cryptographic Hardware and Embedded Systems - CHES 2002: 4th International Workshop Redwood Shores, CA, USA, August 13–15, 2002 Revised Papers, ed. by B.S. Kaliski, ç.K. Koç, C. Paar (Springer, Berlin, 2003), pp. 318–332Google Scholar
  28. 28.
    T. Teruya, K. Saito, N. Kanayama, Y. Kawahara, T. Kobayashi, E. Okamoto, Constructing symmetric pairings over supersingular elliptic curves with embedding degree three, in Pairing-Based Cryptography – Pairing 2013, ed. by Z. Cao, F. Zhang. Lecture Notes in Computer Science, vol. 8365 (Springer, Berlin, 2014), pp. 97–112Google Scholar
  29. 29.
    F. Zhang, Twisted ate pairing on hyperelliptic curves and applications. Sci. China Inf. Sci. 53(8), 1528–1538 (2010)MathSciNetCrossRefGoogle Scholar
  30. 30.
    X. Zhang, K. Wang, Fast symmetric pairing revisited, in Pairing-Based Cryptography – Pairing 2013, ed. by Z. Cao, F. Zhang. Lecture Notes in Computer Science, vol. 8365 (Springer, Berlin, 2014), pp. 131–148Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.Department of Mathematical and Computing SciencesTokyo Institute of TechnologyTokyoJapan

Personalised recommendations