Efficient Algorithms for Pairing-Based Cryptosystems
We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fp m, the latter technique being also useful in contexts other than that of pairing-based cryptography.
KeywordsElliptic Curve Elliptic Curf Weil Pairing Cryptology ePrint Archive Tate Pairing
- 1.I. Blake, G. Seroussi and N. Smart, “Elliptic Curves in Cryptography,” Cambridge University Press, 1999.Google Scholar
- 2.D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” Advances in Cryptology — Crypto’2001, Lecture Notes in Computer Science 2139, pp. 213–229, Springer-Verlag, 2001.Google Scholar
- 3.D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the Weil pairing,” Asiacrypt’2001, Lecture Notes in Computer Science 2248, pp. 514–532, Springer-Verlag, 2002.Google Scholar
- 4.H. Cohen, “A Course in Computational Algebraic Number Theory,” Springer-Verlag, 1993.Google Scholar
- 6.S. Galbraith, “Supersingular curves in cryptography,” Asiacrypt’2001, Lecture Notes in Computer Science 2248, pp. 495–513, Springer-Verlag, 2002.Google Scholar
- 7.S. Galbraith, K. Harrison and D. Soldera, “Implementing the Tate pairing,” Algorithm Number Theory Symposium — ANTS V, Lecture Notes in Computer Science 2369, Springer-Verlag, to appear.Google Scholar
- 8.F. Hess, “Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings,” Cryptology ePrint Archive, Report 2002/012, available at http://www.eprint.iacr.org/2002/012/.
- 10.A. Joux, “A one-round protocol for tripartite Diffie-Hellman,” Algorithm Number Theory Symposium — ANTS IV, Lecture Notes in Computer Science 1838, pp. 385–394, Springer-Verlag, 2000.Google Scholar
- 11.A. Joux and K. Nguyen, “Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups,” Cryptology ePrint Archive, Report 2001/003, available at http://www.eprint.iacr.org/2001/003/.
- 13.R. Lidl and H. Niederreiter, “Finite Fields,” Encyclopedia of Mathematics and its Applications 20, 2nd Ed. Cambridge University Press, 1997.Google Scholar
- 14.B. Lynn, “Stanford IBE library,” available at http://www.crypto.stanford.edu/ibe/.
- 15.A.J. Menezes, “Elliptic Curve Public Key Cryptosystems,” Kluwer International Series in Engineering and Computer Science, 1993.Google Scholar
- 17.A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, “Handbook of Applied Cryptography,” CRC Press, 1997.Google Scholar
- 19.V. Miller, “Short Programs for Functions on Curves,” unpublished manuscript, 1986.Google Scholar
- 20.A. Miyaji, M. Nakabayashi, and S. Takano, “New explicit conditions of elliptic curve traces for FR-reduction,” IEICE Trans. Fundamentals, Vol. E84 A, no. 5, May 2001.Google Scholar
- 21.IEEE Std 2000-1363, “Standard Specifications for Public Key Cryptography,” 2000.Google Scholar
- 22.K.G. Paterson, “ID-based signatures from pairings on elliptic curves,” Cryptology ePrint Archive, Report 2002/004, available at http://www.eprint.iacr.org/2002/004/.
- 23.K. Rubin and A. Silverberg, “Supersingular abelian varieties in cryptology,” Advances in Cryptology — Crypto’2002, these proceedings.Google Scholar
- 24.R. Sakai, K. Ohgishi and M. Kasahara, “Cryptosystems based on pairing,” 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, Jan. 26—28, 2000.Google Scholar
- 25.R. Schroeppel, H. Orman, S. O'Malley, O. Spatscheck, “Fast Key Exchange with Elliptic Curve Systems,” Advances in Cryptology — Crypto’ 95, Lecture Notes in Computer Science 963, pp. 43–56, Springer-Verlag, 1995.Google Scholar
- 26.M. Scott, “Multiprecision Integer and Rational Arithmetic C/C++ Library (MIRACL),” available at http://www.indigo.ie/~mscott/.
- 27.J.H. Silverman, “The Arithmetic of Elliptic Curves,” Graduate Texts in Mathematics, vol. 106, Springer-Verlag, 1986.Google Scholar
- 28.N.P. Smart, “The Algorithmic Resolution of Diophantine Equations,” London Mathematical Society Student Text 41, Cambridge University Press, 1998.Google Scholar
- 29.N.P. Smart, “An Identity Based Authenticated Key Agreement Protocol Based on the Weil Pairing,” Electronics Letters, to appear.Google Scholar
- 30.J. Solinas, “Generalized Mersenne numbers,” technical report CORR-39, Department of C&O, University of Waterloo, 1999, available at http://www.cacr.math.uwaterloo.ca/.
- 32.E. Verheul, “Evidence that XTR is more secure than supersingular elliptic curve cryptosystems,” Advances in Cryptology — Eurocrypt’2001, Lecture Notes in Computer Science 2045 (2001), pp. 195–210.Google Scholar