A Remark on Implementing the Weil Pairing

  • Cheol Min Park
  • Myung Hwan Kim
  • Moti Yung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3822)


We propose an improved implementation of modified Weil pairings. By reduction of operations in the extension field to those in the base field, we can save some operations in the extension field when computing a modified Weil pairing. In particular, computing e (P,φ(P)) is the same as computing the Tate pairing without the final powering. So we can save about 50% of time for computing e (P,φ(P)) compared with the standard Miller’s algorithm.


Pairing-based cryptosystem Weil pairing modified Weil pairing separable endomorphism distortion map 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Galbraith, S.D., O’hEigeartaigh, C., Scott, M.: “Efficient Pairing Computation on Supersingular Abelian Varieties,” Cryptology ePrint Archive, Report 2004/375Google Scholar
  3. 3.
  4. 4.
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Charlap, L.S., Robbins, D.P.: An elementary introduction to elliptic curves, CRD Expository Report No. 31 (December 1988)Google Scholar
  8. 8.
    Charlap, L.S., Coley, R.: “An elementary introduction to elliptic curves II,” CCR Expository Report No. 34 (July 1990)Google Scholar
  9. 9.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap diffie-hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Eisentrager, K., Lauter, K., Montgomery, P.L.: “Fast Elliptic Curve Arithmetic and Improved Weil Pairing Evaluation,” CT-RSA, pp. 343-354 (2003)Google Scholar
  11. 11.
    Eisentrager, K., Lauter, K., Montgomery, P.L.: Improved Weil and Tate Pairings for Elliptic and Hyperelliptic Curves. In: ANTS 2004, pp.169-183 (2004)Google Scholar
  12. 12.
    Frey, G., Muller, M., Ruck, H.: The Tate Pairing and the Discrete Logarithm Applied to Elliptic Curve Cryptosystems. IEEE Transactions on Information Theory 45(5), 1717–1719 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    He, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Joux, A.: A one-round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Joux, A.: The weil and tate pairings as building blocks for public key cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Kim, M., Kim, H., Kim, K.: A New Identification Scheme based on the Gap Diffie-Hellman Problem. In: 2002 Symposium on Cryptography and Information Security (SCIS 2002), Shirahama, Japan, January 29 – February 1, vol. 1/2, pp. 349–352 (2003)Google Scholar
  19. 19.
    Koblitz, N., Menezes, A.J.: Pairing-Based Cryptography at High Security Levels. Cryptology ePrint Archive, Report 2005/76Google Scholar
  20. 20.
    Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. International Series in Engineering and Computer Science (1993)Google Scholar
  21. 21.
    Miller, V.: The Weil Pairing, and Its Efficient Calculation. Journal of Cryptology 17 (2004)Google Scholar
  22. 22.
    Paterson, K.G.: ID-based signatures from pairings on elliptic curves. Electronics Letters 38(18), 1025–1026 (2002)CrossRefGoogle Scholar
  23. 23.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. In: Graduate Texts in Mathe- matics, vol. 106, Springer, Heidelberg (1986)Google Scholar
  24. 24.
    Solinas, J.: ID-based digital signature algorithms (2003),
  25. 25.
    Verheul, E.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Zhang, F., Safavi-Naini, R., Susilo, W.: ID-Based Chameleon Hashes from Bilinear Pairings. Cryptology ePrint Archive, Report 2003/208Google Scholar
  27. 27.
    Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Cheol Min Park
    • 1
  • Myung Hwan Kim
    • 1
  • Moti Yung
    • 2
  1. 1.ISaC and Department of Mathematical SciencesSeoul National UniversityKorea
  2. 2.RSA Labs and Department of Computer ScienceColumbia UniversityUSA

Personalised recommendations