Efficient and Generalized Pairing Computation on Abelian Varieties

In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the R-ate pairing. This pairing is a generalization of the Ate and Atei pairing, and can be computed more efficiently. Using the R-ate pairing, the loop length in Miller's algorithm can be as small as log (r1/phi(k)) some pairing-friendly elliptic curves which have not reached this lower bound. Therefore, we obtain savings of between 29% and 69% in overall costs compared to the Atei pairing. On supersingular hyperelliptic curves of genus 2, we show that this approach makes the loop length in Miller's algorithm shorter than that of the Ate pairing.

[1]  David Mandell Freeman,et al.  Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10 , 2006, ANTS.

[2]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[3]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[4]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, EUROCRYPT.

[5]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[6]  Henning Stichtenoth,et al.  Algebraic function fields and codes , 1993, Universitext.

[7]  YoungJu Choie,et al.  Implementation of Tate Pairing on Hyperelliptic Curves of Genus 2 , 2003, ICISC.

[8]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[9]  Frederik Vercauteren,et al.  Ate Pairing on Hyperelliptic Curves , 2007, EUROCRYPT.

[10]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[11]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[12]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[13]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[14]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[15]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[16]  Steven D. Galbraith,et al.  Distortion maps for genus two curves , 2006, IACR Cryptol. ePrint Arch..

[17]  Soonhak Kwon,et al.  Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields , 2005, ACISP.

[18]  Steven D. Galbraith,et al.  Distortion maps for supersingular genus two curves , 2009, J. Math. Cryptol..

[19]  Frederik Vercauteren,et al.  Hyperelliptic Pairings , 2007, Pairing.

[20]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[21]  Jiwu Huang,et al.  A note on the Ate pairing , 2008, International Journal of Information Security.

[22]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[23]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[24]  Angela Murphy,et al.  Elliptic Curves for Pairing Applications , 2005, IACR Cryptol. ePrint Arch..

[25]  Chaoping Xing On Supersingular Abelian Varieties of Dimension Two over Finite Fields , 1996 .

[26]  Eiji Okamoto,et al.  Optimised Versions of the Ate and Twisted Ate Pairings , 2007, IMACC.

[27]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.