Skip to main content
SpringerLink
Log in

Adequate Elliptic Curves for Computing the Product of n Pairings

  • Conference paper
  • First Online:
Arithmetic of Finite Fields (WAIFI 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10064))

Included in the following conference series:

Abstract

Many pairing-based protocols require the computation of the product and/or of a quotient of n pairings where \(n>1\) is a natural integer. Zhang et al. [1] recently showed that the Kachisa-Schafer and Scott family of elliptic curves with embedding degree 16 denoted KSS16 at the 192-bit security level is suitable for such protocols comparatively to the Baretto-Lynn and Scott family of elliptic curves of embedding degree 12 (BLS12). In this work, we provide important corrections and improvements to their work based on the computation of the optimal Ate pairing. We focus on the computation of the final exponentiation which represent an important part of the overall computation of this pairing. Our results improve by 864 multiplications in \(\mathbb {F}_p\) the computations of Zhang et al. [1]. We prove that for computing the product or the quotient of 2 pairings, BLS12 curves are the best solution. In other cases, especially when \(n>2\) as mentioned in [1], KSS16 curves are recommended for computing product of n pairings. Furthermore, we prove that the curve presented by Zhang et al. [1] is not resistant against small subgroup attacks. We provide an example of KSS16 curve protected against such attacks.

This work was supported in part by French ANR projects PEACE and ANR-12-INSE-0014 SIMPATIC, LIRIMA MACISA project and centre Henri Lebesgue, The Simons Foundations through Pole of Research in Mathematics with applications to Information Security, Subsaharan Africa.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zhang, X., Lin, D.: Analysis of optimum pairing products at high security levels. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 412–430. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_24

    Chapter  Google Scholar 

  2. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). doi:10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  3. Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). doi:10.1007/3-540-45325-3_32

    Chapter  Google Scholar 

  4. Libert, B., Quisquater, J.-J.: Identity based undeniable signatures. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 112–125. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24660-2_9

    Chapter  Google Scholar 

  5. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  6. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Linawati, Mahendra, M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) ICT-EurAsia 2014. LNCS, vol. 8407, pp. 89–98. Springer, Heidelberg (2006). doi:10.1007/978-3-642-55032-4_60

    Google Scholar 

  7. Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). doi:10.1007/11693383_22

    Chapter  Google Scholar 

  8. Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003). doi:10.1007/3-540-36413-7_19

    Chapter  Google Scholar 

  9. Aranha, D.F., Fuentes-Castañeda, L., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Implementing pairings at the 192-bit security level. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 177–195. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36334-4_11

    Chapter  Google Scholar 

  10. Ghammam, L., Fouotsa, E.: On the computation of the optimal ate pairing at the 192-bit security level. IACR Cryptology ePrint Archive, 2016:130 (2016)

    Google Scholar 

  11. Chen, L., Cheng, Z., Smart, N.P.: A built-in decisional function and security proof of id-based key agreement protocols from pairings. IACR Cryptology ePrint Archive, 2006:160 (2006)

    Google Scholar 

  12. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28628-8_3

    Chapter  Google Scholar 

  13. Abdalla, M., Catalano, D., Dent, A.W., Malone-Lee, J., Neven, G., Smart, N.P.: Identity-based encryption gone wild. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 300–311. Springer, Heidelberg (2006). doi:10.1007/11787006_26

    Chapter  Google Scholar 

  14. Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). doi:10.1007/11426639_7

    Chapter  Google Scholar 

  15. Granger, R., Smart, N.P.: On computing products of pairings. IACR Cryptology ePrint Archive, 2006:172 (2006)

    Google Scholar 

  16. Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing friendly elliptic curves using elements in the cyclotomic field. IACR Cryptology ePrint Archive 2007:452 (2007)

    Google Scholar 

  17. Barreto, P.S.L.M., Costello, C., Misoczki, R., Naehrig, M., Pereira, G.C.C.F., Zanon, G.: Subgroup security in pairing-based cryptography. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 245–265. Springer, Cham (2015). doi:10.1007/978-3-319-22174-8_14

    Chapter  Google Scholar 

  18. Fouotsa, E., Ghammam, L.: http://www.camercrypt.org/KSS16-finalexponentiation

  19. Kim, T.: Extended tower number field sieve: a new complexity for medium prime case. IACR Cryptology ePrint Archive, 2015:1027 (2015)

    Google Scholar 

  20. Jeong, J., Kim, T.: Extended tower number field sieve with application to finite fields of arbitrary composite extension degree. IACR Cryptology ePrint Archive, 2016:526 (2016)

    Google Scholar 

  21. Miller, V.S.: The Weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  22. Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the final exponentiation for calculating pairings on ordinary elliptic curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03298-1_6

    Chapter  Google Scholar 

  23. Fuentes-Castañeda, L., Knapp, E., Rodríguez-Henríquez, F.: Faster hashing to \({\mathbb{G}}_2\). In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 412–430. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28496-0_25

    Chapter  Google Scholar 

  24. Smeets, I., Lenstra, A.K., Lenstra, H., Lovász, L., van Emde Boas, P.: The history of the LLL-algorithm. In: Nguyen, P.Q., Vallée, B. (eds.) The LLL Algorithm - Survey and Applications, pp. 1–17. Springer, Heidelberg (2010)

    Google Scholar 

  25. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). doi:10.1007/11426639_26

    Chapter  Google Scholar 

  26. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_24

    Chapter  Google Scholar 

  27. Scott, M.: Computing the tate pairing. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 293–304. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30574-3_20

    Chapter  Google Scholar 

  28. Washington, L.C.: Elliptic Curves Number Theory and Cryptography. Discrete Mathematics and Its Applications. Chapman and Hall, London (2008)

    Book  MATH  Google Scholar 

  29. Hesse, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595–4602 (2006)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IRMAR, UMR CNRS 6625, Université Rennes 1, Campus de Beaulieu, 35042, Rennes Cedex, France

    Loubna Ghammam

  2. Laboratoire d’électronique et de microélectronique, FSM Monastir Université de Monastir, Monastir, Tunisia

    Loubna Ghammam

  3. LMNO, UMR CNRS 5139 Université de Caen, Campus 2, 14032, Caen Cedex, France

    Emmanuel Fouotsa

  4. Higher Teacher Training College, University of Bamenda, P.O. Box 39, Bambili, Cameroon

    Emmanuel Fouotsa

Authors
  1. Loubna Ghammam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel Fouotsa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Loubna Ghammam .

Editor information

Editors and Affiliations

  1. University of Rennes, Rennes, France

    Sylvain Duquesne

  2. University of Leuven, Leuven, Belgium

    Svetla Petkova-Nikova

A Algorithms

A Algorithms

In these tables and to have the same expressions as Zhang et al. we denote by f the result of Miller loop and by M the result of the first part of the final exponentiation.

Table 8. Final exponentiation with a new exponent. See [18] for the magma code for the verification.
Full size table
Table 9. Corrected version of the final exponentiation in [1]. See [18] for the magma code for the verification.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Ghammam, L., Fouotsa, E. (2016). Adequate Elliptic Curves for Computing the Product of n Pairings. In: Duquesne, S., Petkova-Nikova, S. (eds) Arithmetic of Finite Fields. WAIFI 2016. Lecture Notes in Computer Science(), vol 10064. Springer, Cham. https://doi.org/10.1007/978-3-319-55227-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-55227-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-55226-2

  • Online ISBN: 978-3-319-55227-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation