Abstract
In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard PC and on a 32-bit smartcard. First we introduce a sub-family of such curves with a particularly simple representation. Next we consider the issues that arise in the efficient implemention of field arithmetic in \({{\mathbb{F}}_{p^{12}}}\), which is crucial to good performance. Various optimisations are suggested, including a novel approach to the ‘final exponentiation’, which is faster and requires less memory than the methods previously recommended.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahmadi, O., Hankerson, D., Menezes, A.: Software implementation of arithmetic in GF(3m). In: WAIFI 2007, Springer, Heidleberg (to be published)
Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Cryptology ePrint Archive, Report, 2006/372 (2006) http://eprint.iacr.org/
Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals E84-A(5), 1234–1243 (2001)
Boneh, D., Lynn, B., Schacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004)
Schirokauer, O.: The number field sieve for integers of low weight. Cryptology ePrint Archive, Report, 2006/107 (2006), http://eprint.iacr.org/
Miller, V.S.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17(4), 235–261 (2004)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)
Hess, F., Smart, N.P., Vercauteren, F.: The Eta Pairing Revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
Devegili, A.J., ÓhÉigeartaigh, C., Scott, M., Dahab, R.: Multiplication and squaring on pairing-friendly fields. Cryptology ePrint Archive, Report, 2006/471 (2006), http://eprint.iacr.org/
Granger, R., Page, D., Smart, N.P.: High security pairing-based cryptography revisited. In: Hess, F., Pauli, S., Pohst, M. (eds.) Algorithmic Number Theory. LNCS, vol. 4076, pp. 480–494. Springer, Heidelberg (2006)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Scott, M., Costigan, N., Abdulwahab, W.: Implementing cryptographic pairings on smartcards. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 134–147. Springer, Heidelberg (2006)
Großschädl, J., Savas, E.: Instruction set extensions for fast arithmetic in finite fields GF(p) and GF(2m). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, Springer, Heidelberg (2004)
Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)
Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Devegili, A.J., Scott, M., Dahab, R. (2007). Implementing Cryptographic Pairings over Barreto-Naehrig Curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds) Pairing-Based Cryptography – Pairing 2007. Pairing 2007. Lecture Notes in Computer Science, vol 4575. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73489-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-73489-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73488-8
Online ISBN: 978-3-540-73489-5
eBook Packages: Computer ScienceComputer Science (R0)