Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide e�cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for di�erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to e�ciently multiply a point in a subgroup de�ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the �nal exponentiation in the calculation of the Tate pairing and its variant

[1]  R. Tennant Algebra , 1941, Nature.

[2]  W. Sierpinski,et al.  Sur certaines hypothèses concernant les nombres premiers , 1958 .

[3]  J. Tate Endomorphisms of abelian varieties over finite fields , 1966 .

[4]  W. Waterhouse,et al.  Abelian varieties over finite fields , 1969 .

[5]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6]  斉藤 博 中間次元サイクルに伴う abelian variety , 1977 .

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  Jorge Olivos On Vectorial Addition Chains , 1981, J. Algorithms.

[9]  L. Washington Introduction to Cyclotomic Fields , 1982 .

[10]  Serge Lang,et al.  Abelian varieties , 1983 .

[11]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[12]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[13]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[14]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[15]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[16]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[17]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[18]  Arjen K. Lenstra,et al.  The number field sieve , 1990, STOC '90.

[19]  Hans-Georg Rück Abelian surfaces and jacobian varieties over finite fields , 1990 .

[20]  Yacov Yacobi,et al.  Exponentiating Faster with Addition Chains , 1991, EUROCRYPT.

[21]  Atsuko Miyaji,et al.  On Ordinary Elliptic Curve Cryptosystems , 1991, ASIACRYPT.

[22]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[23]  J. Silverman,et al.  Rational Points on Elliptic Curves , 1992 .

[24]  A. Atkin,et al.  ELLIPTIC CURVES AND PRIMALITY PROVING , 1993 .

[25]  Peter de Rooij,et al.  Efficient Exponentiation using Procomputation and Vector Addition Chains , 1994, EUROCRYPT.

[26]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[27]  Horst G. Zimmer,et al.  Constructing elliptic curves with given group order over large finite fields , 1994, ANTS.

[28]  J. Silverman Advanced Topics in the Arithmetic of Elliptic Curves , 1994 .

[29]  Arjen K. Lenstra,et al.  Some Remarks on Lucas-Based Cryptosystems , 1995, CRYPTO.

[30]  G. Shimura Abelian Varieties with Complex Multiplication and Modular Functions , 1997 .

[31]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[32]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[33]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[34]  Victor Shoup Efficient computation of minimal polynomials in algebraic extensions of finite fields , 1999, ISSAC '99.

[35]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[36]  Robert Harley,et al.  Counting Points on Hyperelliptic Curves over Finite Fields , 2000, ANTS.

[37]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[38]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[39]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[40]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[41]  Tetsuya Takahashi,et al.  Counting Points for Hyperelliptic Curves of Type y2= x5 + ax over Finite Prime Fields , 2003, Selected Areas in Cryptography.

[42]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[43]  Keith R. Matthews,et al.  Thue's theorem and the diophantine equation x2 - Dy2 = +-N , 2001, Math. Comput..

[44]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[45]  Annegret Weng,et al.  Constructing hyperelliptic curves of genus 2 suitable for cryptography , 2003, Math. Comput..

[46]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[47]  M. Stam,et al.  Speeding up subgroup cryptosystems , 2003 .

[48]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[49]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[50]  Koh-ichi Nagao,et al.  Improvement of ThéLeriault Algorithm of Index Calculus for Jacobian of Hyperelliptic Curves of Small Genus , 2004, IACR Cryptol. ePrint Arch..

[51]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[52]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[53]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[54]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[55]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[56]  Andreas Enge,et al.  Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields , 2004, Journal of Cryptology.

[57]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[58]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[59]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[60]  Nigel P. Smart,et al.  Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series) , 2005 .

[61]  Annegret Weng,et al.  Elliptic Curves Suitable for Pairing Based Cryptography , 2005, Des. Codes Cryptogr..

[62]  Paulo S. L. M. Barreto,et al.  Generating More MNT Elliptic Curves , 2006, Des. Codes Cryptogr..

[63]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[64]  David Mandell Freeman,et al.  Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10 , 2006, ANTS.

[65]  David Mandell Freeman,et al.  Constructing Pairing-Friendly Genus 2 Curves with Ordinary Jacobians , 2007, Pairing.

[66]  Ricardo Dahab,et al.  Implementing Cryptographic Pairings over Barreto-Naehrig Curves , 2007, Pairing.

[67]  Satoru Tanaka,et al.  Implementing Cryptographic Pairings over Curves of Embedding Degrees 8 and 10 , 2007, IACR Cryptol. ePrint Arch..

[68]  Steven D. Galbraith,et al.  Ordinary abelian varieties having small embedding degree , 2007, Finite Fields Their Appl..

[69]  Frederik Vercauteren,et al.  On computable isomorphisms in efficient asymmetric pairing-based systems , 2007, Discret. Appl. Math..

[70]  M. Scott Implementing cryptographic pairings , 2007 .

[71]  Michael Scott,et al.  Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field , 2008, Pairing.

[72]  Paulo S. L. M. Barreto,et al.  On Compressible Pairings and Their Computation , 2008, AFRICACRYPT.

[73]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[74]  Ken Nakamula,et al.  Constructing Pairing-Friendly Elliptic Curves Using Factorization of Cyclotomic Polynomials , 2008, Pairing.

[75]  Tetsuya Takahashi,et al.  Pairing-Friendly Hyperelliptic Curves with Ordinary Jacobians of Type y2=x5ax , 2008, Pairing.

[76]  David Mandell Freeman,et al.  Abelian varieties with prescribed embedding degree , 2008, IACR Cryptol. ePrint Arch..

[77]  Michael Scott,et al.  Exponentiation in Pairing-Friendly Groups Using Homomorphisms , 2008, Pairing.

[78]  David Mandell Freeman,et al.  A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties , 2008, Pairing.

[79]  Changan Zhao,et al.  Computing the Ate Pairing on Elliptic Curves with Embedding Degree k = 9 , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[80]  Takakazu Satoh,et al.  Constructing pairing-friendly hyperelliptic curves using Weil restriction , 2011, IACR Cryptol. ePrint Arch..

[81]  K. Lauter,et al.  A CRT ALGORITHM FOR CONSTRUCTING GENUS 2 CURVES OVER FINITE FIELDS , 2004, math/0405305.

[82]  Michael Scott,et al.  Implementing cryptographic pairings: a magma tutorial , 2009, IACR Cryptol. ePrint Arch..

[83]  Sorina Ionica,et al.  Pairing Computation for Elliptic Curves with Embedding Degree 15 , 2009 .

[84]  Hyang-Sook Lee,et al.  Efficient and Generalized Pairing Computation on Abelian Varieties , 2009, IEEE Transactions on Information Theory.

[85]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[86]  Michael Scott,et al.  Fast Hashing to G2 on Pairing-Friendly Curves , 2009, Pairing.

[87]  By J. M. Pollard Monte Carlo Methods for Index Computation (mod p) , 2010 .

[88]  Andreas Enge,et al.  Class Invariants by the CRT Method , 2010, ANTS.

[89]  Ezekiel J. Kachisa Generating More Kawazoe-Takahashi Genus 2 Pairing-Friendly Hyperelliptic Curves , 2010, Pairing.

[90]  Fangguo Zhang Twisted Ate pairing on hyperelliptic curves and applications , 2010, Science China Information Sciences.

[91]  Kirsten Eisenträger,et al.  Pairings on hyperelliptic curves , 2009, WIN - Women in Numbers.

[92]  A Note on Addition Chains , 2011 .