An Improvement of Optimal Ate Pairing on KSS Curve with Pseudo 12-Sparse Multiplication

  • Md. Al-Amin KhandakerEmail author
  • Hirotaka Ono
  • Yasuyuki Nogami
  • Masaaki Shirase
  • Sylvain Duquesne
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10157)


Acceleration of a pairing calculation of an Ate-based pairing such as Optimal Ate pairing depends not only on the optimization of Miller algorithm’s loop parameter but also on efficient elliptic curve arithmetic operation and efficient final exponentiation. Some recent works have shown the implementation of Optimal Ate pairing over Kachisa-Schaefer-Scott (KSS) curve of embedding degree 18. Pairing over KSS curve is regarded as the basis of next generation security protocols. This paper has proposed a pseudo 12-sparse multiplication to accelerate Miller’s loop calculation in KSS curve by utilizing the property of rational point groups. In addition, this papers has showed an enhancement of the elliptic curve addition and doubling calculation in Miller’s algorithm by applying implicit mapping of its sextic twisted isomorphic group. Moreover this paper has implemented the proposal with recommended security parameter settings for KSS curve at 192 bit security level. The simulation result shows that the proposed pseudo 12-sparse multiplication gives more efficient Miller’s loop calculation of an Optimal Ate pairing operation along with recommended parameters than pairing calculation without sparse multiplication.


KSS curve Sparse multiplication Optimal Ate pairing 



This work is partially supported by the Strategic Information and Communications R&D Promotion Programme (SCOPE) of Ministry of Internal Affairs and Communications, Japan.


  1. 1.
    Aranha, D.F., Fuentes-Castañeda, L., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Implementing pairings at the 192-bit security level. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 177–195. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36334-4_11 CrossRefGoogle Scholar
  2. 2.
    Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. J. Crypt. 14(3), 153–176 (2001). MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003). doi: 10.1007/3-540-36413-7_19 CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). doi: 10.1007/11693383_22 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_30 CrossRefGoogle Scholar
  6. 6.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)CrossRefzbMATHGoogle Scholar
  7. 7.
    Dupont, R., Enge, A., Morain, F.: Building curves with arbitrary small MOV degree over finite prime fields. J. Crypt. 18(2), 79–89 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Crypt. 23(2), 224–280 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Granlund, T.: The GMP development team: GNU MP: The GNU Multiple Precision Arithmetic Library, 6.1.0 edn. (2015).
  10. 10.
    Joux, A.: A one round protocol for tripartite Diffie–Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000). doi: 10.1007/10722028_23 CrossRefGoogle Scholar
  11. 11.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85538-5_9 CrossRefGoogle Scholar
  12. 12.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: A new complexity for medium prime case. Technical report, IACR Cryptology ePrint Archive, 2015: 1027 (2015)Google Scholar
  13. 13.
    Lee, E., Lee, H.S., Park, C.M.: Efficient and generalized pairing computation on abelian varieties. IEEE Trans. Inf. Theor. 55(4), 1793–1803 (2009)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Matsuda, S., Kanayama, N., Hess, F., Okamoto, E.: Optimised versions of the ate and twisted ate pairings. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 302–312. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-77272-9_18 CrossRefGoogle Scholar
  15. 15.
    Mori, Y., Akagi, S., Nogami, Y., Shirase, M.: Pseudo 8–sparse multiplication for efficient ate–based pairing on Barreto–Naehrig curve. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 186–198. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-04873-4_11 CrossRefGoogle Scholar
  16. 16.
    Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005). doi: 10.1007/11593447_29 CrossRefGoogle Scholar
  17. 17.
    Nogami, Y., Akane, M., Sakemi, Y., Katou, H., Morikawa, Y.: Integer variable chi-based ate pairing. In: Proceedings of the Second International Conference on Pairing-Based Cryptography - Pairing 2008, Egham, UK, pp. 178–191, 1–3 September 2008.
  18. 18.
    Sakai, R., Kasahara, M.: ID based cryptosystems with pairing on elliptic curve. IACR Cryptology ePrint Archive 2003, p. 54 (2003)Google Scholar
  19. 19.
    Scott, M., Benger, N., Charlemagne, M., Perez, L.J.D., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03298-1_6 CrossRefGoogle Scholar
  20. 20.
    Shirase, M., Takagi, T., Okamoto, E.: Some efficient algorithms for the final exponentiation of \({\eta _T}\) pairing. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 254–268. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72163-5_20 CrossRefGoogle Scholar
  21. 21.
    Silverman, J.H., Cornell, G., Artin, M.: Arithmetic Geometry. Springer, Heidelberg (1986)Google Scholar
  22. 22.
    Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theor. 56(1), 455–461 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Md. Al-Amin Khandaker
    • 1
    Email author
  • Hirotaka Ono
    • 1
  • Yasuyuki Nogami
    • 1
  • Masaaki Shirase
    • 2
  • Sylvain Duquesne
    • 3
  1. 1.Graduate School of Natural Science and TechnologyOkayama UniversityOkayamaJapan
  2. 2.Future University HakodateHakodateJapan
  3. 3.Université Rennes IRennesFrance

Personalised recommendations