A comparison of MNT curves and supersingular curves

We compare both the security and performance issues related to the choice of MNT curves against supersingular curves in characteristic three, for pairing based systems. We pay particular attention to equating the relevant security levels and comparing not only computational performance and bandwidth performance. The paper focuses on the BLS signature scheme and the Boneh–Franklin encryption scheme, but a similar analysis can be applied to many other pairing based schemes.

[1]  Ninghui Li,et al.  Oblivious signature-based envelope , 2003, PODC '03.

[2]  Tsuyoshi Takagi,et al.  Efficient Computations of the Tate Pairingfor the Large MOV Degrees , 2002, ICISC.

[3]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[5]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[6]  Don Coppersmith,et al.  Discrete logarithms inGF(p) , 2005, Algorithmica.

[7]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[8]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[9]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[10]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[11]  Oliver Schirokauer,et al.  Using number fields to compute logarithms in finite fields , 2000, Math. Comput..

[12]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[13]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[14]  Nigel P. Smart,et al.  Escrow-free encryption supporting cryptographic workflow , 2006, International Journal of Information Security.

[15]  Paulo S. L. M. Barreto,et al.  Generating More MNT Elliptic Curves , 2006, Des. Codes Cryptogr..

[16]  Paulo S. L. M. Barreto,et al.  On the Selection of Pairing-Friendly Groups , 2003, Selected Areas in Cryptography.

[17]  Emmanuel Thomé,et al.  Computation of Discrete Logarithms in F2607 , 2001, ASIACRYPT.

[18]  Frederik Vercauteren,et al.  Function Field Sieve in Characteristic Three , 2004, ANTS.

[19]  Don Coppersmith Evaluating logarithms in GF(2n) , 1984, STOC '84.

[20]  Antoine Joux,et al.  The Function Field Sieve Is Quite Special , 2002, ANTS.

[21]  Nigel P. Smart,et al.  Software Implementation of Finite Fields of Characteristic Three, for Use in Pairing-based Cryptosystems , 2002 .

[22]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..