Advertisement

An Analysis of Affine Coordinates for Pairing Computation

  • Kristin Lauter
  • Peter L. Montgomery
  • Michael Naehrig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6487)

Abstract

In this paper we analyze the use of affine coordinates for pairing computation. We observe that in many practical settings, e. g. when implementing optimal ate pairings in high security levels, affine coordinates are faster than using the best currently known formulas for projective coordinates. This observation relies on two known techniques for speeding up field inversions which we analyze in the context of pairing computation. We give detailed performance numbers for a pairing implementation based on these ideas, including timings for base field and extension field arithmetic with relative ratios for inversion-to-multiplication costs, timings for pairings in both affine and projective coordinates, and average timings for multiple pairings and products of pairings.

Keywords

Pairing computation affine coordinates optimal ate pairing finite field inversions pairing cost multiple pairings pairing products 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arène, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster computation of the Tate pairing. Journal of Number Theory (2010), doi:10.1016/j.jnt.2010.05.013Google Scholar
  2. 2.
    Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. Journal of Cryptology 14(3), 153–176 (2001)MathSciNetMATHGoogle Scholar
  3. 3.
    Baktir, S., Sunar, B.: Optimal tower fields. IEEE Transactions on Computers 53(10), 1231–1243 (2004)CrossRefGoogle Scholar
  4. 4.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management - part 1: General (revised). Technical report, NIST National Institute of Standards and Technology. Published as NIST Special Publication 800-57 (2007), http://csrc.nist.gov/groups/ST/toolkit/documents/SP800-57Part1_3-8-07.pdf
  5. 5.
    Barreto, P.S.L.M., Galbraith, S.D., Ó hÉigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)CrossRefMathSciNetMATHGoogle Scholar
  6. 6.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Efficient implementation of pairing-based cryptosystems. Journal of Cryptology 17(4), 321–334 (2004)CrossRefMathSciNetMATHGoogle Scholar
  8. 8.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Benger, N., Scott, M.: Constructing tower extensions of finite fields for implementation of pairing-based cryptography. In: Anwar Hasan, M., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 180–195. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Bernstein, D.J., Lange, T.: Explicit-formulas database, http://www.hyperelliptic.org/EFD
  11. 11.
    Beuchat, J.-L., González Díaz, J.E., Mitsunari, S., Okamoto, E., Rodríguez-Henríquez, F., Teruya, T.: High-speed software implementation of the optimal ate pairing over Barreto-Naehrig curves. IACR ePrint Archive, report 2010/354 (2010), http://eprint.iacr.org/2010/354
  12. 12.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)MATHGoogle Scholar
  13. 13.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Cohen, H., Frey, G., Doche, C. (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman and Hall/CRC, Boca Raton (2005)Google Scholar
  15. 15.
    Costello, C., Hisil, H., Boyd, C., Nieto, J.M.G., Wong, K.K.-H.: Faster pairings on special Weierstrass curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 89–101. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Costello, C., Lange, T., Naehrig, M.: Faster pairing computations on curves with high-degree twists. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 224–242. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Doche, C.: Finite Field Arithmetic. In: [14], ch. 11, pp. 201–237. CRC Press, Boca Raton (2005)Google Scholar
  18. 18.
    Duquesne, S., Frey, G.: Background on Pairings. In: [14], ch. 6, pp. 115–124. CRC Press, Boca Raton (2005)Google Scholar
  19. 19.
    Duquesne, S., Frey, G.: Implementation of Pairings. In: [14], ch. 16, pp. 389–404. CRC Press, Boca Raton (2005)Google Scholar
  20. 20.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology 23(2), 224–280 (2010)CrossRefMathSciNetMATHGoogle Scholar
  21. 21.
    Galbraith, S.D.: Pairings. In: [12], ch. IX, pp. 183–213. Cambridge University Press, Cambridge (2005)Google Scholar
  22. 22.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Grabher, P., Großschädl, J., Page, D.: On software parallel implementation of cryptographic pairings. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 35–50. Springer, Heidelberg (2009)Google Scholar
  24. 24.
    Granger, R., Scott, M.: Faster squaring in the cyclotomic group of sixth degree extensions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 209–223. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Granger, R., Smart, N.P.: On computing products of pairings. Cryptology ePrint Archive, Report 2006/172 (2006), http://eprint.iacr.org/2006/172/
  26. 26.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Guajardo, J., Paar, C.: Itoh-Tsujii inversion in standard basis and its application in cryptography and codes. Designs, Codes and Cryptography 25, 207–216 (2001)CrossRefMathSciNetGoogle Scholar
  28. 28.
    Hankerson, D., Menezes, A.J., Scott, M.: Software implementation of pairings. In: Joye, M., Neven, G. (eds.) Identity-Based Cryptography. Cryptology and Information Security Series, vol. 2. IOS Press, Amsterdam (2008)Google Scholar
  29. 29.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2003)Google Scholar
  30. 30.
    Heß, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Transactions on Information Theory 52, 4595–4602 (2006)CrossRefMATHGoogle Scholar
  31. 31.
    Ionica, S., Joux, A.: Another approach to pairing computation in Edwards coordinates. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 400–413. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. 32.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(2ˆm) using normal bases. Inf. Comput. 78(3), 171–177 (1988)CrossRefMathSciNetMATHGoogle Scholar
  33. 33.
    Izu, T., Takagi, T.: Efficient computations of the Tate pairing for the large MOV degrees. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 283–297. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  34. 34.
    Kobayashi, T., Morita, H., Kobayashi, K., Hoshino, F.: Fast elliptic curve algorithm combining Frobenius map and table reference to adapt to higher characteristic. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 176–189. Springer, Heidelberg (1999)Google Scholar
  35. 35.
    Lee, E., Lee, H.S., Park, C.-M.: Efficient and generalized pairing computation on Abelian varieties. IEEE Trans. on Information Theory 55(4), 1793–1803 (2009)CrossRefGoogle Scholar
  36. 36.
    Miller, V.S.: The Weil pairing and its efficient calculation. Journal of Cryptology 17(4), 235–261 (2004)CrossRefMathSciNetMATHGoogle Scholar
  37. 37.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)CrossRefMathSciNetMATHGoogle Scholar
  38. 38.
    Montgomery, P.L.: Five, six, and seven-term Karatsuba-like formulae. IEEE Transactions on Computers 54(3), 362–369 (2005)CrossRefMATHGoogle Scholar
  39. 39.
    Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M. (ed.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010), corrected version: http://www.cryptojedi.org/papers/dclxvi-20100714.pdf CrossRefGoogle Scholar
  40. 40.
    Schroeppel, R., Beaver, C.: Accelerating elliptic curve calculations with the reciprocal sharing trick. In: Mathematics of Public-Key Cryptography (MPKC), University of Illinois at Chicago (2003)Google Scholar
  41. 41.
    Scott, M.: Computing the Tate pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  42. 42.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  43. 43.
    Smart, N. (ed.): ECRYPT II yearly report on algorithms and keysizes (2009-2010). Technical report, ECRYPT II – European Network of Excellence in Cryptology, EU FP7, ICT-2007-216676. Published as deliverable D.SPA.13 (2010), http://www.ecrypt.eu.org/documents/D.SPA.13.pdf
  44. 44.
    Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Kristin Lauter
    • 1
  • Peter L. Montgomery
    • 1
  • Michael Naehrig
    • 1
  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations