A short-list of pairing-friendly curves resistant to the Special TNFS algorithm at the 192-bit security level
Authors
Diego F. Aranha, Georgios Fotiadis, Aurore Guillevic
Diego F. Aranha
Aarhus University, Aarhus, Denmark
dfaranha at cs dot au dot dk
dfaranha at cs dot au dot dk
Georgios Fotiadis
Université du Luxembourg, Esch-sur-Alzette, Luxembourg
georgios dot fotiadis at uni dot lu
georgios dot fotiadis at uni dot lu
Aurore Guillevic
Aarhus University, Aarhus, Denmark
Université de Lorraine, CNRS, Inria, LORIA, Nancy, France
Univ Rennes, Inria, CNRS, IRISA, Rennes, France
aurore dot guillevic at inria dot fr
Université de Lorraine, CNRS, Inria, LORIA, Nancy, France
Univ Rennes, Inria, CNRS, IRISA, Rennes, France
aurore dot guillevic at inria dot fr
Abstract
For more than two decades, pairings have been a fundamental tool for designing elegant cryptosystems, varying from digital signature schemes to more complex privacy-preserving constructions. However, the advancement of quantum computing threatens to undermine public-key cryptography. Concretely, it is widely accepted that a future large-scale quantum computer would be capable to break any public-key cryptosystem used today, rendering today's public-key cryptography obsolete and mandating the transition to quantum-safe cryptographic solutions. This necessity is enforced by numerous recognized government bodies around the world, including NIST which initiated the first open competition in standardizing post-quantum (PQ) cryptographic schemes, focusing primarily on digital signatures and key encapsulation/public-key encryption schemes. Despite the current efforts in standardizing PQ primitives, the landscape of complex, privacy-preserving cryptographic protocols, e.g., zkSNARKs/zkSTARKs, is at an early stage. Existing solutions suffer from various disadvantages in terms of efficiency and compactness and in addition, they need to undergo the required scrutiny to gain the necessary trust in the academic and industrial domains. Therefore, it is believed that the migration to purely quantum-safe cryptography would require an intermediate step where current classically secure protocols and quantum-safe solutions will co-exist. This is enforced by the report of the Commercial National Security Algorithm Suite version 2.0, mandating transition to quantum-safe cryptographic algorithms by 2033 and suggesting to incorporate ECC at 192-bit security in the meantime. To this end, the present paper aims at providing a comprehensive study on pairings at 192-bit security level. We start with an exhaustive review in the literature to search for all possible recommendations of such pairing constructions, from which we extract the most promising candidates in terms of efficiency and security, with respect to the advanced Special TNFS attacks. Our analysis is focused, not only on the pairing computation itself, but on additional operations that are relevant in pairing-based applications, such as hashing to pairing groups, cofactor clearing and subgroup membership testing. We implement all functionalities of the most promising candidates within the RELIC cryptographic toolkit in order to identify the most efficient pairing implementation at 192-bit security and provide extensive experimental results.
References
[AFK+13]
Diego F. Aranha, Laura Fuentes-Castañeda, Edward Knapp, Alfred Menezes, and Francisco Rodríguez-Henríquez. Implementing Pairings at the 192-Bit Security Level. In Michel Abdalla and Tanja Lange, editors, PAIRING 2012, volume 7708 of LNCS, pages 177–195. May 2013. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-36334-4_11
[AFK24]
Mónica P. Arenas, Georgios Fotiadis, and Elisavet Konstantinou. Special TNFS-Secure Pairings on Ordinary Genus 2 Hyperelliptic Curves. In Serge Vaudenay and Christophe Petit, editors, AFRICACRYPT 2024, volume 14861 of LNCS, pages 285–310, Douala, Cameroon. July 10-12 2024. Springer. DOI: 10.1007/978-3-031-64381-1_13
[AGM+]
Diego F. Aranha, Conrado P. L. Gouvêa, Tobias Markmann, Riad S. Wahby, and K. Liao. RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.
[AHG23]
Diego F. Aranha, Youssef El Housni, and Aurore Guillevic. A survey of elliptic curves for proof systems. Des. Codes Cryptography, 91(11):3333–3378, 2023. DOI: 10.1007/s10623-022-01135-y
[AHST23]
Diego F. Aranha, Benjamin Salling Hvass, Bas Spitters, and Mehdi Tibouchi. Faster Constant-time Evaluation of the Kronecker Symbol with Application to Elliptic Curve Hashing. In Weizhi Meng, Christian Damsgaard Jensen, Cas Cremers, and Engin Kirda, editors, CCS, pages 3228–3238. 2023. ACM. DOI: 10.1145/3576915.3616597 ePrint 2023/1261
[AKL+11]
Diego F. Aranha, Koray Karabina, Patrick Longa, Catherine H. Gebotys, and Julio Cesar López-Hernández. Faster Explicit Formulas for Computing Pairings over Ordinary Curves. In Kenneth G. Paterson, editor, EUROCRYPT 2011, volume 6632 of LNCS, pages 48–68. May 2011. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-20465-4_5
[ALH10]
Diego F. Aranha, Julio Cesar López-Hernández, and Darrel Hankerson. High-Speed Parallel Software Implementation of the $\eta_{T}$ Pairing. In Josef Pieprzyk, editor, CT-RSA 2010, volume 5985 of LNCS, pages 89–105. March 2010. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-11925-5_7
[APR21]
Diego F. Aranha, Elena Pagnin, and Francisco Rodríguez-Henríquez. LOVE a Pairing. In Patrick Longa and Carla Ràfols, editors, LATINCRYPT 2021, volume 12912 of LNCS, pages 320–340. October 2021. Springer, Cham. DOI: 10.1007/978-3-030-88238-9_16
[AR14]
Gora Adj and Francisco Rodríguez-Henríquez. Square Root Computation over Even Extension Fields. IEEE Trans. Computers, 63(11):2829–2841, 2014. ePrint 2012/685 DOI: 10.1109/TC.2013.145
[BBHR18]
Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. Scalable, transparent, and post-quantum secure computational integrity. ePrint 2018/046. 2018.
[BCI+10]
Eric Brier, Jean-Sébastien Coron, Thomas Icart, David Madore, Hugues Randriam, and Mehdi Tibouchi. Efficient Indifferentiable Hashing into Ordinary Elliptic Curves. In Tal Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 237–254. August 2010. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-14623-7_13
[BCN14]
Joppe W. Bos, Craig Costello, and Michael Naehrig. Exponentiating in Pairing Groups. In Tanja Lange, Kristin Lauter, and Petr Lisonek, editors, SAC 2013, volume 8282 of LNCS, pages 438–455. August 2014. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-662-43414-7_22
[BD19]
Razvan Barbulescu and Sylvain Duquesne. Updating Key Size Estimations for Pairings. Journal of Cryptology, 32(4):1298–1336, October 2019. DOI: 10.1007/s00145-018-9280-5
[BEG19]
Razvan Barbulescu, Nadia El Mrabet, and Loubna Ghammam. A taxonomy of pairings, their security, their complexity. ePrint 2019/485, rev. Sept. 24, 2019. 2019.
[BF01]
Dan Boneh and Matthew K. Franklin. Identity-Based Encryption from the Weil Pairing. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 213–229. August 2001. Springer, Berlin, Heidelberg. DOI: 10.1007/3-540-44647-8_13
[BGW+22]
Dan Boneh, Sergey Gorbunov, Riad S. Wahby, Hoeteck Wee, Christopher A. Wood, and Zhenfei Zhang. BLS signatures. IETF draft. https://datatracker.ietf.org/doc/draft-irtf-cfrg-bls-signature/. June 2022.
[BKLS02]
Paulo S. L. M. Barreto, Hae Yong Kim, Ben Lynn, and Michael Scott. Efficient Algorithms for Pairing-Based Cryptosystems. In Moti Yung, editor, CRYPTO 2002, volume 2442 of LNCS, pages 354–368. August 2002. Springer, Berlin, Heidelberg. DOI: 10.1007/3-540-45708-9_23
[BL13]
Daniel J. Bernstein and Tanja Lange. Non-uniform Cracks in the Concrete: The Power of Free Precomputation. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 321–340. December 2013. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-42045-0_17
[BLS01]
Dan Boneh, Ben Lynn, and Hovav Shacham. Short Signatures from the Weil Pairing. In Colin Boyd, editor, ASIACRYPT 2001, volume 2248 of LNCS, pages 514–532. December 2001. Springer, Berlin, Heidelberg. DOI: 10.1007/3-540-45682-1_30
[BLS03]
Paulo S. L. M. Barreto, Ben Lynn, and Michael Scott. Constructing Elliptic Curves with Prescribed Embedding Degrees. In Stelvio Cimato, Clemente Galdi, and Giuseppe Persiano, editors, SCN 02, volume 2576 of LNCS, pages 257–267. September 2003. Springer, Berlin, Heidelberg. DOI: 10.1007/3-540-36413-7_19
[BMDFAF19]
Narcise Bang Mbiang, Diego De Freitas Aranha, and Emmanuel Fouotsa. Computing the optimal Ate pairing over elliptic curves with embedding degrees 54 and 48 at the 256-bit security level. International Journal of Applied Cryptography (IJACT), 4(1):45–59, 2019. DOI: 10.1504/IJACT.2020.107167
[BMUS23]
Marta Bellés-Muñoz, Jorge Jiménez Urroz, and Javier Silva. Revisiting Cycles of Pairing-Friendly Elliptic Curves. In Helena Handschuh and Anna Lysyanskaya, editors, CRYPTO 2023, Part II, volume 14082 of LNCS, pages 3–37. August 2023. Springer, Cham. DOI: 10.1007/978-3-031-38545-2_1
[BN06]
Paulo S. L. M. Barreto and Michael Naehrig. Pairing-Friendly Elliptic Curves of Prime Order. In Bart Preneel and Stafford Tavares, editors, SAC 2005, volume 3897 of LNCS, pages 319–331. August 2006. Springer, Berlin, Heidelberg. DOI: 10.1007/11693383_22
[Bow17]
Sean Bowe. BLS12-381: New zk-SNARK Elliptic Curve Construction. https://electriccoin.co/blog/new-snark-curve/. Zcash blog. March 11 2017.
[BS23]
Ward Beullens and Gregor Seiler. LaBRADOR: Compact Proofs for R1CS from Module-SIS. In Helena Handschuh and Anna Lysyanskaya, editors, CRYPTO 2023, Part V, volume 14085 of LNCS, pages 518–548. August 2023. Springer, Cham. DOI: 10.1007/978-3-031-38554-4_17
[BW05]
Friederike Brezing and Annegret Weng. Elliptic Curves Suitable for Pairing Based Cryptography. Des. Codes Cryptography, 37(1):133–141, 2005. ePrint 2003/143 DOI: 10.1007/s10623-004-3808-4
[CCW19]
Alessandro Chiesa, Lynn Chua, and Matthew Weidner. On Cycles of Pairing-Friendly Elliptic Curves. SIAM Journal on Applied Algebra and Geometry, 3(2):175-192, 2019. DOI: 10.1137/18M1173708
[CDS20]
Rémi Clarisse, Sylvain Duquesne, and Olivier Sanders. Curves with Fast Computations in the First Pairing Group. In Stephan Krenn, Haya Shulman, and Serge Vaudenay, editors, CANS 20, volume 12579 of LNCS, pages 280–298. December 2020. Springer, Cham. DOI: 10.1007/978-3-030-65411-5_14
[CH07]
Jaewook Chung and M. Anwar Hasan. Asymmetric Squaring Formulae. In 18th IEEE Symposium on Computer Arithmetic (ARITH-18 2007), 25-27 June 2007, Montpellier, France, pages 113–122. 2007. IEEE Computer Society. DOI: 10.1109/ARITH.2007.11 https://www.lirmm.fr/arith18/papers/Chung-Squaring.pdf
[CHZ22]
Shi Ping Cai, Zhi Hu, and Chang-An Zhao. Faster Final Exponentiation on the KSS18 Curve. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E105.A(8):1162-1164, 2022. ePrint 2021/1309 DOI: 10.1587/transfun.2021EAL2086
[CL04]
Jan Camenisch and Anna Lysyanskaya. Signature Schemes and Anonymous Credentials from Bilinear Maps. In Matthew Franklin, editor, CRYPTO 2004, volume 3152 of LNCS, pages 56–72. August 2004. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-540-28628-8_4
[CLN10]
Craig Costello, Tanja Lange, and Michael Naehrig. Faster Pairing Computations on Curves with High-Degree Twists. In Phong Q. Nguyen and David Pointcheval, editors, PKC 2010, volume 6056 of LNCS, pages 224–242. May 2010. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-13013-7_14
[CLN11]
Craig Costello, Kristin Lauter, and Michael Naehrig. Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings. In Daniel J. Bernstein and Sanjit Chatterjee, editors, INDOCRYPT 2011, volume 7107 of LNCS, pages 320–342. December 2011. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-25578-6_23
[Cos12]
Craig Costello. Pairings for beginners. https://www.craigcostello.com.au/s/PairingsForBeginners.pdf. 2012.
[CRSCN24]
Maria Corte-Real Santos, Craig Costello, and Michael Naehrig. On cycles of pairing-friendly abelian varieties. In Leonid Reyzin and Douglas Stebila, editors, CRYPTO, Santa Barbara, CA. Aug 19-22 2024. Springer-Verlag. DOI: 10.1007/978-3-031-68400-5_7 ePrint 2024/869
[CSB05]
Sanjit Chatterjee, Palash Sarkar, and Rana Barua. Efficient Computation of Tate Pairing in Projective Coordinate over General Characteristic Fields. In Choonsik Park and Seongtaek Chee, editors, ICISC 04, volume 3506 of LNCS, pages 168–181. December 2005. Springer, Berlin, Heidelberg. DOI: 10.1007/11496618_13
[CSRT22]
Jorge Chávez-Saab, Francisco Rodríguez-Henríquez, and Mehdi Tibouchi. SwiftEC: Shallue-van de Woestijne Indifferentiable Function to Elliptic Curves - Faster Indifferentiable Hashing to Elliptic Curves. In Shweta Agrawal and Dongdai Lin, editors, ASIACRYPT 2022, Part I, volume 13791 of LNCS, pages 63–92. December 2022. Springer, Cham. DOI: 10.1007/978-3-031-22963-3_3
[Dai23]
Yu Dai. smt-magma. https://github.com/eccdaiy39/smt-magma. 2023.
[DGP21]
Gabrielle De Micheli, Pierrick Gaudry, and Cécile Pierrot. Lattice Enumeration for Tower NFS: A 521-Bit Discrete Logarithm Computation. In Mehdi Tibouchi and Huaxiong Wang, editors, ASIACRYPT 2021, Part I, volume 13090 of LNCS, pages 67–96. December 2021. Springer, Cham. DOI: 10.1007/978-3-030-92062-3_3
[DLZZ23]
Yu Dai, Kaizhan Lin, Chang-An Zhao, and Zijian Zhou. Fast subgroup membership testings for $\mathbb{G}_1$, $\mathbb{G}_2$ and $\mathbb{G}_{T}$ on pairing-friendly curves. Designs, Codes and Cryptography, 91(10):3141–3166, October 2023. ePrint 2022/348 DOI: 10.1007/s10623-023-01223-7
[DZZ23a]
Yu Dai, Fangguo Zhang, and Chang-An Zhao. Don't Forget Pairing-Friendly Curves with Odd Prime Embedding Degrees. IACR TCHES, 2023(4):393–419, 2023. DOI: 10.46586/tches.v2023.i4.393-419
[DZZ23b]
Yu Dai, Fangguo Zhang, and Chang-An Zhao. Fast hashing to $\mathbb{G}_2$ on pairing-friendly curves with the lack of twists. Finite Fields and Their Applications, 91:102263, 2023. ePrint 2022/996 DOI: 10.1016/j.ffa.2023.102263
[DZZZ21]
Yu Dai, Zijian Zhou, Fangguo Zhang, and Chang-An Zhao. Software Implementation of Optimal Pairings on Elliptic Curves with Odd Prime Embedding Degrees. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E105.A(5):858–870, 2021. ePrint 2021/1162 DOI: 10.1587/transfun.2021EAP1115
[EHG22]
Youssef El Housni and Aurore Guillevic. Families of SNARK-Friendly 2-Chains of Elliptic Curves. In Orr Dunkelman and Stefan Dziembowski, editors, EUROCRYPT 2022, Part II, volume 13276 of LNCS, pages 367–396. 2022. Springer, Cham. DOI: 10.1007/978-3-031-07085-3_13
[FAG20]
Emmanuel Fouotsa and Laurian Azebaze Guimagang. Fast Hashing to $\mathbb{G}_2$ on Aurifeuillean Pairing-Friendly Elliptic Curves. SN Comput. Sci., 1(1):51, 2020. DOI: 10.1007/S42979-019-0053-5
[FAGA23]
Emmanuel Fouotsa, Laurian Azebaze Guimagang, and Raoul Ayissi. $x$-Superoptimal Pairings on Elliptic Curves with Odd Prime Embedding Degrees: BW13-P310 and BW19-P286. Applicable Algebra in Engineering, Communication and Computing (AAECC), February 2023. ePrint 2022/716 DOI: 10.1007/s00200-023-00596-5
[FHSS+23]
Armando Faz-Hernandez, Sam Scott, Nick Sullivan, Riad S. Wahby, and Christopher A. Wood. Hashing to Elliptic Curves. RFC 9380. August 2023.
[FK19]
Georgios Fotiadis and Elisavet Konstantinou. TNFS resistant families of pairing-friendly elliptic curves. Theoretical Computer Science, 800:73–89, 31 December 2019. ePrint 2018/1017 DOI: 10.1016/j.tcs.2019.10.017
[FKR12]
Laura Fuentes-Castañeda, Edward Knapp, and Francisco Rodríguez-Henríquez. Faster Hashing to $\mathbb{G}_2$. In Ali Miri and Serge Vaudenay, editors, SAC 2011, volume 7118 of LNCS, pages 412–430. August 2012. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-28496-0_25
[FLS15]
Armando Faz-Hernández, Patrick Longa, and Ana H. Sánchez. Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV-GLS curves (extended version). Journal of Cryptographic Engineering, 5(1):31–52, April 2015. DOI: 10.1007/s13389-014-0085-7
[FM19]
Georgios Fotiadis and Chloe Martindale. Optimal TNFS-secure pairings on elliptic curves with composite embedding degree. ePrint 2019/555. 2019.
[Fot21]
Georgios Fotiadis. Constructing Efficient and STNFS–Secure Pairings. Talk at Inria Nancy seminar. Slides at https://caramba.loria.fr/sem-slides/202102161400.pdf. February 2021.
[FST10]
David Freeman, Michael Scott, and Edlyn Teske. A Taxonomy of Pairing-Friendly Elliptic Curves. Journal of Cryptology, 23(2):224–280, April 2010. DOI: 10.1007/s00145-009-9048-z
[GF16]
Loubna Ghammam and Emmanuel Fouotsa. Adequate Elliptic Curves for Computing the Product of $n$ Pairings. In Sylvain Duquesne and Svetla Petkova-Nikova, editors, Arithmetic of Finite Fields - 6th International Workshop, WAIFI 2016, Ghent, Belgium, July 13-15, 2016, Revised Selected Papers, volume 10064 of LNCS, pages 36–53. 2016. DOI: 10.1007/978-3-319-55227-9_3 ePrint 2016/472
[GG23]
Jean Gasnier and Aurore Guillevic. An Algebraic Point of View on the Generation of Pairing-Friendly Curves. preprint available at https://hal.science/hal-04205681. September 2023.
[Gha16]
Loubna Ghammam. Utilisation des Couplages en Cryptographie asymétrique pour la micro-électronique. PhD thesis, Université de Rennes 1, France, December 2016.
[GKL+21]
Robert Granger, Thorsten Kleinjung, Arjen K. Lenstra, Benjamin Wesolowski, and Jens Zumbrägel. Computation of a 30750-bit binary field discrete logarithm. Math. Comp., 90(332):2997–3022, 2021. ePrint 2020/965 DOI: 10.1090/mcom/3669
[GLS11]
Steven D. Galbraith, Xibin Lin, and Michael Scott. Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves. Journal of Cryptology, 24(3):446–469, July 2011. DOI: 10.1007/s00145-010-9065-y
[GLV01]
Robert P. Gallant, Robert J. Lambert, and Scott A. Vanstone. Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 190–200. August 2001. Springer, Berlin, Heidelberg. DOI: 10.1007/3-540-44647-8_11
[GMT20]
Aurore Guillevic, Simon Masson, and Emmanuel Thomé. Cocks–Pinch curves of embedding degrees five to eight and optimal ate pairing computation. Des. Codes Cryptography, 88:1047–1081, March 2020. ePrint 2019/431 DOI: 10.1007/s10623-020-00727-w
[Gro16]
Jens Groth. On the Size of Pairing-Based Non-interactive Arguments. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part II, volume 9666 of LNCS, pages 305–326. May 2016. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-662-49896-5_11
[GS08]
Steven D. Galbraith and Michael Scott. Exponentiation in Pairing-Friendly Groups Using Homomorphisms. In Steven D. Galbraith and Kenneth G. Paterson, editors, PAIRING 2008, volume 5209 of LNCS, pages 211–224. September 2008. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-540-85538-5_15
[GS10]
Robert Granger and Michael Scott. Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions. In Phong Q. Nguyen and David Pointcheval, editors, PKC 2010, volume 6056 of LNCS, pages 209–223. May 2010. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-13013-7_13
[GS21]
Aurore Guillevic and Shashank Singh. On the alpha value of polynomials in the Tower Number Field Sieve Algorithm. Mathematical Cryptology, 1(1):1–39, Feb. 2021.
[Gui20]
Aurore Guillevic. A Short-List of Pairing-Friendly Curves Resistant to Special TNFS at the 128-Bit Security Level. In Aggelos Kiayias, Markulf Kohlweiss, Petros Wallden, and Vassilis Zikas, editors, PKC 2020, Part II, volume 12111 of LNCS, pages 535–564. May 2020. Springer, Cham. DOI: 10.1007/978-3-030-45388-6_19
[Gui21]
Aurore Guillevic. Pairing-friendly curves. Last updated February 22, 2021. https://members.loria.fr/AGuillevic/pairing-friendly-curves/. February 2021.
[HGP22]
Youssef El Housni, Aurore Guillevic, and Thomas Piellard. Co-factor Clearing and Subgroup Membership Testing on Pairing-Friendly Curves. In Lejla Batina and Joan Daemen, editors, AFRICACRYPT 22, volume 2022 of LNCS, pages 518–536. July 2022. Springer, Cham. DOI: 10.1007/978-3-031-17433-9_22
[HHT20]
Daiki Hayashida, Kenichiro Hayasaka, and Tadanori Teruya. Efficient Final Exponentiation via Cyclotomic Structure for Pairings over Families of Elliptic Curves. ePrint 2020/875. 2020.
[Hou23]
Youssef El Housni. Pairings in Rank-1 Constraint Systems. In Mehdi Tibouchi and Xiaofeng Wang, editors, ACNS 23International Conference on Applied Cryptography and Network Security, Part I, volume 13905 of LNCS, pages 339–362. June 2023. Springer, Cham. DOI: 10.1007/978-3-031-33488-7_13
[HSST12]
Takuya Hayashi, Takeshi Shimoyama, Naoyuki Shinohara, and Tsuyoshi Takagi. Breaking Pairing-Based Cryptosystems Using $\eta_{T}$ Pairing over $\text{GF}(3^{97})$. In Xiaoyun Wang and Kazue Sako, editors, ASIACRYPT 2012, volume 7658 of LNCS, pages 43–60. December 2012. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-34961-4_5
[HSV06]
F. Hess, N.P. Smart, and F. Vercauteren. The Eta Pairing Revisited. IEEE Transactions on Information Theory, 52(10):4595-4602, 2006. ePrint 2006/110 DOI: 10.1109/TIT.2006.881709
[Jou04]
Antoine Joux. A One Round Protocol for Tripartite Diffie–Hellman. Journal of Cryptology, 17(4):263–276, September 2004. DOI: 10.1007/s00145-004-0312-y
[JT09]
Marc Joye and Michael Tunstall. Exponent Recoding and Regular Exponentiation Algorithms. In Bart Preneel, editor, AFRICACRYPT 09, volume 5580 of LNCS, pages 334–349. June 2009. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-02384-2_21
[KB16]
Taechan Kim and Razvan Barbulescu. Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 543–571. August 2016. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-662-53018-4_20
[KIK+17]
Yutaro Kiyomura, Akiko Inoue, Yuto Kawahara, Masaya Yasuda, Tsuyoshi Takagi, and Tetsutaro Kobayashi. Secure and Efficient Pairing at 256-Bit Security Level. In Dieter Gollmann, Atsuko Miyaji, and Hiroaki Kikuchi, editors, ACNS 17International Conference on Applied Cryptography and Network Security, volume 10355 of LNCS, pages 59–79. July 2017. Springer, Cham. DOI: 10.1007/978-3-319-61204-1_4
[KJ17]
Taechan Kim and Jinhyuck Jeong. Extended Tower Number Field Sieve with Application to Finite Fields of Arbitrary Composite Extension Degree. In Serge Fehr, editor, PKC 2017, Part I, volume 10174 of LNCS, pages 388–408. March 2017. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-662-54365-8_16
[KM16]
Neal Koblitz and Alfred Menezes. A Riddle Wrapped in an Enigma. IEEE Security & Privacy, 14(6):34-42, 2016. ePrint 2015/1018 DOI: 10.1109/MSP.2016.120
[Kos24]
Dmitrii Koshelev. Simultaneously simple universal and indifferentiable hashing to elliptic curves. ePrint 2024/085. January 2024.
[KSS08]
Ezekiel J. Kachisa, Edward F. Schaefer, and Michael Scott. Constructing Brezing-Weng Pairing-Friendly Elliptic Curves Using Elements in the Cyclotomic Field. In Steven D. Galbraith and Kenneth G. Paterson, editors, PAIRING 2008, volume 5209 of LNCS, pages 126–135. September 2008. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-540-85538-5_9
[KZG10]
Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg. Constant-Size Commitments to Polynomials and Their Applications. In Masayuki Abe, editor, ASIACRYPT 2010, volume 6477 of LNCS, pages 177–194. December 2010. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-17373-8_11
[Lip24]
Helger Lipmaa. Polymath: Groth16 Is Not the Limit. In CRYPTO (10), volume 14929 of LNCS, pages 170–206. 2024. Springer. DOI: 10.1007/978-3-031-68403-6_6 ePrint 2024/916
[Lon23]
Patrick Longa. Efficient Algorithms for Large Prime Characteristic Fields and Their Application to Bilinear Pairings. IACR TCHES, 2023(3):445–472, 2023. DOI: 10.46586/tches.v2023.i3.445-472
[LZZ24]
Jianming Lin, Chang-An Zhao, and Yuhao Zheng. Efficient Implementation of Super-optimal Pairings on Curves with Small Prime Fields at the 192-bit Security Level. ePrint 2024/1195. July 2024.
[Mas20]
Simon Masson. Algorithmic of curves in the context of bilinear and post-quantum cryptography. PhD thesis, Université de Lorraine, Nancy, France, December 2020.
[MNT01]
A. Miyaji, M. Nakabayashi, and S. Takano. New Explicit Conditions of Elliptic Curve Traces for FR-Reduction. IEICE Transactions on Fundamentals, E84-A(5):1234–1243, 2001. https://dspace.jaist.ac.jp/dspace/bitstream/10119/4432/1/73-48.pdf
[Mon05]
P. L. Montgomery. Five, Six, and Seven-Term Karatsuba-Like Formulae. IEEE Transactions on Computer, 54:362-369, March 2005. DOI: 10.1109/TC.2005.49
[MSS16]
Alfred Menezes, Palash Sarkar, and Shashank Singh. Challenges with Assessing the Impact of NFS Advances on the Security of Pairing-Based Cryptography. In Raphael C.-W. Phan and Moti Yung, editors, Mycrypt Conference, volume 10311 of LNCS, pages 83–108, Kuala Lumpur, Malaysia. December 1-2 2016. Springer. DOI: 10.1007/978-3-319-61273-7_5
[OLAR13]
Thomaz Oliveira, Julio Cesar López-Hernández, Diego F. Aranha, and Francisco Rodríguez-Henríquez. Lambda Coordinates for Binary Elliptic Curves. In Guido Bertoni and Jean-Sébastien Coron, editors, CHES 2013, volume 8086 of LNCS, pages 311–330. August 2013. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-40349-1_18
[PS16]
David Pointcheval and Olivier Sanders. Short Randomizable Signatures. In Kazue Sako, editor, CT-RSA 2016, volume 9610 of LNCS, pages 111–126. 2016. Springer, Cham. DOI: 10.1007/978-3-319-29485-8_7
[RCB16]
Joost Renes, Craig Costello, and Lejla Batina. Complete Addition Formulas for Prime Order Elliptic Curves. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part I, volume 9665 of LNCS, pages 403–428. May 2016. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-662-49890-3_16
[Rob22]
Oisin Robinson. An Implementation of the Extended Tower Number Field Sieve using 4D Sieving in a Box and a Record Computation in $\mathbb{F}_{p^4}$. arXiv:2212.04999 https://arxiv.org/abs/2212.04999. 2022.
[Sch87]
René Schoof. Nonsingular plane cubic curves over finite fields. Journal of Combinatorial Theory, Series A, 46(2):183-211, 1987. DOI: 10.1016/0097-3165(87)90003-3
[Sco21]
Michael Scott. A note on group membership tests for ${G_1}$, ${G_2}$ and ${G_T}$ on BLS pairing-friendly curves. ePrint 2021/1130. 2021.
[SG18]
Michael Scott and Aurore Guillevic. A New Family of Pairing-Friendly Elliptic Curves. In Lilya Budaghyan and Francisco Rodríguez-Henríquez, editors, Arithmetic of Finite Fields, pages 43–57, Cham. 2018. Springer. DOI: 10.1007/978-3-030-05153-2_2 ePrint 2018/193
[SKSW22]
Yumi Sakemi, Tetsutaro Kobayashi, Tsunekazu Saito, and Riad S. Wahby. Pairing-Friendly Curves. IETF draft. https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/11/. November 2022.
[Smi15]
Benjamin Smith. Easy scalar decompositions for efficient scalar multiplication on elliptic curves and genus 2 Jacobians. Contemporary mathematics, 637:15, May 2015. https://hal.inria.fr/hal-00874925 DOI: 10.1090/conm/637/12753
[TL23]
Michael B. Jones Tobias Looker. Barreto–Lynn–Scott Elliptic Curve Key Representations for JOSE and COSE. IETF draft. https://datatracker.ietf.org/doc/draft-ietf-cose-bls-key-representations/. October 2023.
[TZ23]
Stefano Tessaro and Chenzhi Zhu. Revisiting BBS Signatures. In Carmit Hazay and Martijn Stam, editors, EUROCRYPT 2023, Part V, volume 14008 of LNCS, pages 691–721. April 2023. Springer, Cham. DOI: 10.1007/978-3-031-30589-4_24
[Ver10]
F. Vercauteren. Optimal Pairings. IEEE Transactions on Information Theory, 56(1):455-461, January 2010. ePrint 2008/096 DOI: 10.1109/TIT.2009.2034881
[WB19]
Riad S. Wahby and Dan Boneh. Fast and simple constant-time hashing to the BLS12-381 elliptic curve. IACR TCHES, 2019(4):154–179, 2019. DOI: 10.13154/tches.v2019.i4.154-179
PDF
History
Submitted: 2024-04-09
Accepted: 2024-09-02
Published: 2024-10-07
Accepted: 2024-09-02
Published: 2024-10-07
How to cite
Diego F. Aranha, Georgios Fotiadis, and Aurore Guillevic, A short-list of pairing-friendly curves resistant to the Special TNFS algorithm at the 192-bit security level. IACR Communications in Cryptology, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/angyl86bm.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.