Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields

  • Soonhak Kwon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


In this paper, we present a closed formula for the Tate pairing computation for supersingular elliptic curves defined over the binary field \(\mathbb F_{2^m}\) of odd dimension. There are exactly three isomorphism classes of supersingular elliptic curves over \(\mathbb F_{2^m}\) for odd m and our result is applicable to all these curves.


supersingular elliptic curve Tate pairing divisor automorphism roots of unity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Information Theory 39, 1639–1646 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Frey, G., Rück, H.: A remark concerning m-divisibility and the discrete logarithm in the divisor class groups of curves. Math. Comp. 62, 865–874 (1994)zbMATHMathSciNetGoogle Scholar
  3. 3.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: SICS 2000, Symposium on Cryptography and Information Security, pp. 26–28 (2000)Google Scholar
  7. 7.
    Smart, N.P.: An identity based authentication key agreement protocol based on pairing. Electronics Letters 38, 630–632 (2002)zbMATHCrossRefGoogle Scholar
  8. 8.
    Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three (preprint) (2004), available at
  9. 9.
    Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing based cryptography, preprint (2004), available at
  10. 10.
    Duursma, I., Lee, H.: Tate pairing implementation for hyperelliptic curves y2 = xp − x + d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 111–123. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Eisenträger, K., Lauter, K., Montgomery, P.L.: ImprovedWeil and Tate pairing for elliptic and hyperelliptic curves, preprint (2004)Google Scholar
  12. 12.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve trace for FR-reduction. IEICE Trans. Fundamentals E84 A, 1–10 (2001)Google Scholar
  13. 13.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. Springer, Heidelberg (1985)Google Scholar
  14. 14.
    Barreto, P., Kim, H., Lynn, B., Scott, M.: Efficient algorithms for pairing based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Hess, F.: A Note on the Tate pairing of curves over finite fields. Arch. Math. 82, 28–32 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)zbMATHGoogle Scholar
  18. 18.
    Harrison, K.: Personal Communications (2004)Google Scholar
  19. 19.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Rubin, K., Silverberg, A.: Torus based cryptography. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 349–365. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Miller, V.: Short programs for functions on curves (1986) (unpublished manuscript)Google Scholar
  23. 23.
    Hankerson, D., Hernandez, J.L., Menezes, A.J.: Software implementation of elliptic curve cryptography over binary fields. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 1–24. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Galbraith, S.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Fong, K., Hankerson, D., López, J., Menezes, A.: Field inversion and point halving revisited, Technical Report CORR 2003-18, Univ. of Waterloo (2003)Google Scholar
  27. 27.
    Gao, S., von zur Gathen, J., Panario, D.: Gauss periods and fast exponentiation in finite fields. In: Baeza-Yates, R., Poblete, P.V., Goles, E. (eds.) LATIN 1995. LNCS, vol. 911, pp. 311–322. Springer, Heidelberg (1995)Google Scholar
  28. 28.
    Baek, J., Zheng, Y.: Identity-based threshold signature scheme from the bilinear pairings. In: ITCC 2004, Proceedings of International Conference on Information Technology, vol. 1, pp. 124–128 (2004)Google Scholar
  29. 29.
    Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. of Cryptology 15, 19–46 (2002)CrossRefMathSciNetGoogle Scholar
  30. 30.
    Koblitz, N., Menezes, A., Vanstone, S.: The state of elliptic curve cryptography. Design, Codes and Cryptography 19, 173–193 (2000)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Soonhak Kwon
    • 1
  1. 1.Inst. of Basic Science and Dept. of MathematicsSungkyunkwan UniversitySuwonKorea

Personalised recommendations