Fast Ate Pairing Computation of Embedding Degree 12 Using Subfield-Twisted Elliptic Curve

This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve $y^2=x^3+a, a\\in\\Fp{}$. For the curve, an isomorphic substitution from $\\Gii\\subset \\EFpxii$ into $\\Gii'$ in subfield-twisted elliptic curve $\\EdFpii$ speeds up scalar multiplications over $\\Gii$ and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

[1]  晋輝 趙,et al.  H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen and F. Vercauteren (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography, Discrete Math. Appl. (Boca Raton)., Chapman & Hall/CRC, 2006年,xxxiv + 808ページ. , 2009 .

[2]  Yasuyuki Nogami,et al.  Finite Extension Field with Modulus of All-One Polynomial and Representation of Its Elements for Fast Arithmetic Operations , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  F. Morain,et al.  Computing the cardinality of CM elliptic curves using torsion points , 2002, math/0210173.

[4]  Seigo Arita,et al.  Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three , 2000, ASIACRYPT.

[5]  Masaaki Shirase,et al.  An Algorithm for the nt Pairing Calculation in Characteristic Three and its Hardware Implementation , 2007, 18th IEEE Symposium on Computer Arithmetic (ARITH '07).

[6]  Alice Silverberg,et al.  Supersingular Abelian Varieties in Cryptology , 2002, CRYPTO.

[7]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[8]  Tetsuya Takahashi,et al.  Pairing-Friendly Hyperelliptic Curves with Ordinary Jacobians of Type y2=x5ax , 2008, Pairing.

[9]  Yasuyuki Nogami,et al.  Cyclic Vector Multiplication Algorithm Based on a Special Class of Gauss Period Normal Basis , 2007 .

[10]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[11]  Christof Paar,et al.  Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.

[12]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[13]  Y. Nogami A Fast Implementation of Elliptic Curve Cryptosystem with Prime Order Defined over F(p8) , 2003 .

[14]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[15]  Paulo S. L. M. Barreto,et al.  Efficient Implementation of Pairing-Based Cryptosystems , 2004, Journal of Cryptology.

[16]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[17]  Ricardo Dahab,et al.  Implementing Cryptographic Pairings over Barreto-Naehrig Curves , 2007, Pairing.

[18]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[19]  Yasuyuki Nogami,et al.  Fast Implementation of Extension Fields with TypeII ONB and Cyclic Vector Multiplication Algorithm , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[20]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[21]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[22]  Eiji Okamoto,et al.  Optimised Versions of the Ate and Twisted Ate Pairings , 2007, IMACC.

[23]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.