An Improved Twisted Ate Pairing over KSS Curves with k = 18

  • Shan Chen
  • Kunpeng Wang
  • Dongdai Lin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7708)


When implementing an efficient pairing calculation over KSS curves with embedding degree 18 and order r, the lower bound of the number of loop iterations of Miller’s algorithm is \(\frac{1}{6}\lfloor\log_2r\rfloor\). But the twisted Ate pairing requires \(\frac{1}{2}\lfloor\log_2r\rfloor\) loop iterations, and thus is slower than the optimal Ate pairing which achieves the lower bound. This paper proposes an improved twisted Ate pairing and uses multi-pairing techniques to compute it. Therefore, the number of loop iterations in Miller’s algorithm for the new pairing achieves the lower bound and it becomes faster than the original twisted Ate pairing by 30%.


pairing-based cryptography Miller’s algorithm twisted Ate pairing multi-pairing KSS curves 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aranha, D.F., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Parallelizing the Weil and Tate Pairings. In: Chen, L. (ed.) Cryptography and Coding 2011. LNCS, vol. 7089, pp. 275–295. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Barreto, P.S.L.M., Galbraith, S., hÉigeartaigh, C.Ó., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: On the Selection of Pairing-Friendly Groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Brezing, A.W.: Elliptic curves suitable for pairing-based cryptography. Designs, Codes and Cryptography 37(1), 133–141 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  7. 7.
    Granger, R., Smart, N.P.: On computing products of pairings. Cryptology ePrint Archive: Report 2006/172Google Scholar
  8. 8.
    Joux, A.: A One Round Protocol for Tripartite Diffie-Hellman. Journal of Cryptology 17, 263–276 (2004)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Lee, E., Lee, H., Park, C.: Efficient and generalized pairing computation on Abelien varieties. IEEE Transactions on Information Theory 55(4), 1793–1803 (2009)CrossRefGoogle Scholar
  11. 11.
    Miller, V.S.: The Weil Pairing and its efficient calculation. Journal of Cryptology 17(4), 235–261 (2004)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Nakanishi, T., Funabiki, N.: Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Hess, F.: Pairing Lattices. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 18–38. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Sakemi, Y., Takeuchi, S., Nogami, Y., Morikawa, Y.: Accelerating Twisted Ate Pairing with Frobenius Map, Small Scalar Multiplication, and Multi-pairing. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 47–64. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Sakemi, Y., Nogami, Y., Okeya, K., Kato, H., Morikawa, Y.: Skew Frobenius Map and Efficient Scalar Multiplication for Pairing–Based Cryptography. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 226–239. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Silverman, J.H.: The arithmetic of elliptic curves, 2nd edn. GTM 106 (2009)Google Scholar
  18. 18.
    Scott, M.: Faster Pairings Using an Elliptic Curve with an Efficient Endomorphism. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 258–269. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Scott, M., Benger, N., Charlemagne, M., Dominguez Perez, L.J., Kachisa, E.J.: On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 78–88. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Vercauteren, F.: Optimal pairings. IEEE Transactions on Information Theory 56(1), 455–461 (2010)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Zhao, C.-A., Zhang, F., Huang, J.: A note on the Ate pairing. Int. J. Inf. Security Arch. 7(6), 379–382 (2008)CrossRefGoogle Scholar
  22. 22.
    Zhao, C.-A., Zhang, F., Huang, J.: All pairings are in a group. IEICE Trans. Fundam. E91-A(10), 3084–3087 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Shan Chen
    • 1
    • 2
  • Kunpeng Wang
    • 1
  • Dongdai Lin
    • 1
  1. 1.SKLOIS, Institute of Information EngineeringChinese Academy of SciencesBeijingP.R. China
  2. 2.Graduate University of Chinese Academy of SciencesBeijingP.R. China

Personalised recommendations