An Improvement of Optimal Ate Pairing on KSS Curve with Pseudo 12-Sparse Multiplication

Acceleration of a pairing calculation of an Ate-based pairing such as Optimal Ate pairing depends not only on the optimization of Miller algorithm's loop parameter but also on efficient elliptic curve arithmetic operation and efficient final exponentiation. Some recent works have shown the implementation of Optimal Ate pairing over Kachisa-Schaefer-Scott KSS curve of embedding degree 18. Pairing over KSS curve is regarded as the basis of next generation security protocols. This paper has proposed a pseudo 12-sparse multiplication to accelerate Miller's loop calculation in KSS curve by utilizing the property of rational point groups. In addition, this papers has showed an enhancement of the elliptic curve addition and doubling calculation in Miller's algorithm by applying implicit mapping of its sextic twisted isomorphic group. Moreover this paper has implemented the proposal with recommended security parameter settings for KSS curve at 192 bit security level. The simulation result shows that the proposed pseudo 12-sparse multiplication gives more efficient Miller's loop calculation of an Optimal Ate pairing operation along with recommended parameters than pairing calculation without sparse multiplication.

[1]  Andreas Enge,et al.  Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields , 2004, Journal of Cryptology.

[2]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[3]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[4]  Michael Scott,et al.  Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field , 2008, Pairing.

[5]  Hyang-Sook Lee,et al.  Efficient and Generalized Pairing Computation on Abelian Varieties , 2009, IEEE Transactions on Information Theory.

[6]  Francisco Rodríguez-Henríquez,et al.  Implementing Pairings at the 192-bit Security Level , 2012, IACR Cryptol. ePrint Arch..

[7]  Yasuyuki Nogami,et al.  Integer Variable chi-Based Ate Pairing , 2008, Pairing.

[8]  Torbjrn Granlund,et al.  GNU MP 6.0 Multiple Precision Arithmetic Library , 2015 .

[9]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[10]  Eiji Okamoto,et al.  Optimised Versions of the Ate and Twisted Ate Pairings , 2007, IMACC.

[11]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[12]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[13]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[14]  Masaaki Shirase,et al.  Pseudo 8-Sparse Multiplication for Efficient Ate-Based Pairing on Barreto-Naehrig Curve , 2013, Pairing.

[15]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, ASIACRYPT.

[16]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[17]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[18]  Masaaki Shirase,et al.  Some Efficient Algorithms for the Final Exponentiation of eta T Pairing , 2007, ISPEC.

[19]  Razvan Barbulescu,et al.  Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case , 2016, CRYPTO.

[20]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[21]  Christof Paar,et al.  Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography , 2015, Journal of Cryptology.