Implementing Pairings at the 192-Bit Security Level
We implement asymmetric pairings derived from Kachisa-Schaefer-Scott (KSS), Barreto-Naehrig (BN), and Barreto-Lynn-Scott (BLS) elliptic curves at the 192-bit security level. Somewhat surprisingly, we find pairings derived from BLS curves with embedding degree 12 to be the fastest for our serial as well as our parallel implementations. Our serial implementations provide a factor-3 speedup over the previous state-of-the-art, demonstrating that pairing computation at the 192-bit security level is not as expensive as previously thought. We also present a general framework for deriving a Weil-type pairing that is well-suited for computing a single pairing on a multi-processor machine.
KeywordsElliptic Curf Security Level Line Evaluation High Security Level Weil Pairing
Unable to display preview. Download preview PDF.
- 1.Aranha, D.F., Gouvêa, C.P.L.: RELIC is an Efficient LIbrary for Cryptography, http://code.google.com/p/relic-toolkit/
- 18.Karabina, K.: Squaring in cyclotomic subgroups. Mathematics of Computation (to appear)Google Scholar
- 23.NSA Suite B Cryptography, www.nsa.gov/ia/programs/suiteb_cryptography/