Advertisement

Application of Scalar Multiplication of Edwards Curves to Pairing-Based Cryptography

  • Takanori Yasuda
  • Tsuyoshi Takagi
  • Kouichi Sakurai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7631)

Abstract

Edwards curves have efficient scalar multiplication algorithms, and their application to pairing-based cryptography has been studied. In particular, if a pairing-friendly curve used in a pairing-based protocol is isomorphic to an Edwards curve, all the scalar multiplication appearing in the protocol can be computed efficiently. In this paper, we extend this idea to pairing-friendly curves not isomorphic but isogenous to Edwards curves, and add to pairing-friendly curves to which Edwards curves can be applied. Above all, pairing-friendly curves with smaller ρ-values provide more efficient pairing computation. Therefore, we investigate whether pairing-friendly curves with the minimal ρ-values are isogenous to Edwards curves for embedding degree up to 50. Based on the investigation, we present parameters of pairing-friendly curves with 160-bit and 256-bit security level at embedding degree 16 and 24, respectively. These curves have the minimal ρ-values and are not isomorphic but isogenous to Edwards curves, and thus our proposed method is effective for these curves.

Keywords

Pairing-friendly curves Edwards curves embedding degree 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aréne, C., Lange, T., Naehrig, M., Ritzenthaler, C.: Faster Pairing Computation of the Tate Pairing. Journal of Number Theory 131, 842–847 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Atkin, A.O.L., Morain, F.: Elliptic Curves and Primarity Proving. Math. Comp. 61(203), 29–68 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Bach, E., Shallit, J.: Algorithmic number theory. Efficient algorithms. Foundations of Computing Series, vol. 1. MIT Press, Cambridge (1996)Google Scholar
  4. 4.
    Balasubramanian, R., Koblitz, N.: The Improbability that an Elliptic Curve has Subexponential Discrete Log Problem under the Menezes-Okamoto-Vanstone Algorithm. J. Cryptology 11(2), 141–145 (1998)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Galbraith, S., O’hEigeartaigh, C., Scott, M.: Efficient Pairing Computation on Supersingular Abelian Varieties. Designs, Codes and Cryptography, 239–271 (2004)Google Scholar
  6. 6.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing Elliptic Curves with Prescribed Embedding Degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Benger, N., Scott, M.: Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 180–195. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards Curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Bernstein, D.J., Lange, T.: Faster Addition and Doubling on Elliptic Curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Boyen, X.: Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Brezing, F., Weng, A.: Elliptic Curves Suitable for Pairing based Cryptography. Designs, Codes and Cryptography 37, 133–141 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Cocks, C., Pinch, R.G.E.: Identity-based Cryptosystems based on the Weil pairing. Unpublished manuscript (2001)Google Scholar
  15. 15.
    Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Das, M.P.L., Sarkar, P.: Pairing Computation on Twisted Edwards Form Elliptic Curves. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 192–210. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Dupont, P., Enge, A., Morain, F.: Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields. Journal of Cryptology 18, 79–89 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Edwards, H.M.: A Normal Form for Elliptic Curves. Bulletin of the American Mathematical Society 44, 393–422 (2007)zbMATHCrossRefGoogle Scholar
  19. 19.
    Freeman, D.: Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 452–465. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Freeman, D., Scott, M., Teske, E.: A Taxonomy of Pairing-Friendly Elliptic Curves. Journal of Cryptology 23(2), 224–280 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Fouquet, M., Morain, F.: Isogeny Volcanoes and the SEA Algorithm. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 276–291. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Galbraith, S.D., McKee, J., Valença, P.: Ordinary Abelian Varieties Having Small Embedding Degree. Finite Fields and Their Applications 13, 800–814 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Gentry, C.: Practical Identity-Based Encryption Without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Hess, F., Smart, N., Vercauteren, F., Berlin, T.U.: The Eta Pairing Revisited. IEEE Transactions on Information Theory 52, 4595–4602 (2006)zbMATHCrossRefGoogle Scholar
  25. 25.
    Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted Edwards Curves Revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Ionica, S., Joux, A.: Another Approach to Pairing Computation in Edwards Coordinates. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 400–413. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Koblitz, N., Menezes, A.: Pairing-Based Cryptography at High Security Levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Kohel, D.: Endomorphism Rings of Elliptic Curves over Finite Fields. PhD thesis, University of California at Berkeley (1996)Google Scholar
  30. 30.
    Miyaji, A., Nakabayashi, M., Takano, S.: New Explicit Conditions of Elliptic Curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234–1243 (2001)Google Scholar
  31. 31.
    Morain, F.: Edwards Curves and CM Curves (2009), http://arxiv.org/PS_cache/arxiv/pdf/0904/0904.2243v1.pdf
  32. 32.
    Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on Pairing. In: SCIS 2000 (2000)Google Scholar
  34. 34.
    Scott, M., Barreto, P.S.L.M.: Generating more MNT Elliptic Curves. Designs, Codes and Cryptography 38, 209–217 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  35. 35.
    Scott, M.: Computing the Tate Pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  36. 36.
    Scott, M.: On the Efficient Implementation of Pairing-Based Protocols. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 296–308. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  37. 37.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Tanaka, S., Nakamula, K.: Constructing Pairing-Friendly Elliptic Curves Using Factorization of Cyclotomic Polynomials. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 136–145. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  39. 39.
    Vélu, J.: Isogenies entre courbes elliptiques. Comptes Rendus De L’Academie Des Sciences Paris, Serie I-Mathematique, Serie A 273, 238–241 (1971)zbMATHGoogle Scholar
  40. 40.
    Waters, B.: Efficient Identity-Based Encryption Without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  41. 41.
    Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Takanori Yasuda
    • 1
  • Tsuyoshi Takagi
    • 2
  • Kouichi Sakurai
    • 1
    • 3
  1. 1.Institute of Systems, Information Technologies and NanotechnologiesJapan
  2. 2.Institute of Mathematics for IndustryKyushu UniversityJapan
  3. 3.Department of InformaticsKyushu UniversityJapan

Personalised recommendations