Abstract
The choice of the elliptic curve for a given pairing based protocol is primordial. For many cryptosystems based on pairings such as group signatures and their variants (EPID, anonymous attestation, etc) or accumulators, operations in the first pairing group \(\mathbb {G}\) of points of the elliptic curve is more predominant. At 128-bit security level two curves BW13-P310 and BW19-P286 with odd embedding degrees 13 and 19 suitable for super optimal pairing have been recommended for such pairing based protocols. But a prime embedding degree (\(k=13;19\)) eliminates some important optimisation for the pairing computation. However The Miller loop length of the superoptimal pairing is the half of that of the optimal ate pairing but involve more exponentiations that affect its efficiency. In this work, we successfully develop methods and construct algorithms to efficiently evaluate and avoid heavy exponentiations that affect the efficiency of the superoptimal pairing. This leads to the definition of new bilinear and non degenerate pairing on BW13-P310 and BW19-P286 called x-superoptimal pairing where its Miller loop is about \(15.3 \%\) and \(39.8 \%\) faster than the one of the optimal ate pairing previously computed on BW13-P310 and BW19-P286 respectively.
Similar content being viewed by others
References
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4–8, 2003, Proceedings, pp. 416–432, (2003)
Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Advances in Cryptology - CRYPTO 2001, 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19–23, 2001, Proceedings, pp. 213–229, (2001)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptol. 17(4), 297–319 (2004)
Zanon, G., Simplício, M.A., Jr., Pereira, G.C.C.F., Doliskani, J., Barreto, P.S.L.M.: Faster key compression for isogeny-based cryptosystems. IEEE Trans. Comput. 68(5), 688–701 (2019)
Feo, L.D., Masson, S., Petit, C., Sanso, A.: Verifiable delay functions from supersingular isogenies and pairings. In Steven D.G., Shiho M., eds. Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8–12, 2019, Proceedings, Part I, volume 11921 of Lecture Notes in Computer Science, pp. 248–277. Springer, (2019)
Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56(1), 455–461 (2010)
Feng, Q.Y., Ming, T.C., Baoan, G., Zhi, X.M.: Super-optimal pairings. In: Mechanical Engineering, Materials and Energy II, volume 281 of Applied Mechanics and Materials, pp. 127–133. Trans Tech Publications Ltd, 3 (2013)
Kim, T., Barbulescu, R.: Extended tower number field sieve: A new complexity for the medium prime case. In: Matthew, R., Jonathan, K., eds. Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part I, volume 9814 of Lecture Notes in Computer Science, pp. 543–571. Springer, (2016)
Clarisse, R., Duquesne, S., Sanders, O.: Curves with fast computations in the first pairing group. In: Stephan, K., Haya, S., Serge, V., eds. Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings, volume 12579 of Lecture Notes in Computer Science, pp. 280–298. Springer, (2020)
Brickell, E., Li, J.: Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Trans. Dependable Secur. Comput. 9(3), 345–360 (2012)
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Colin, B., ed. Advances in Cryptology - ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, December 9-13, 2001, Proceedings, volume 2248 of Lecture Notes in Computer Science, pp. 552–565. Springer, (2001)
Dai, Y., Zhou, Z., Zhang, F., Zhao, C.: Software implementation of optimal pairings on elliptic curves with odd prime embedding degrees. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 105(5), 858–870 (2022)
Dai, Y., Zhang, F., Zhao, C.: Fast hashing to \(\mathbb{G}_{2}\) in direct anonymous attestation. In: Cryptology ePrint Archive, pp. 996, (2022)
Barreto, P.S.L.M., et al. :Efficient algorithms for pairing-based cryptosystems. In: Moti, Y., ed. Advances in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, 2002, Proceedings, volume 2442 of Lecture Notes in Computer Science, pp. 354–368. Springer, (2002)
Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)
Barbulescu, R., El Mrabet, N., Ghammam, L.: A taxonomy of pairings, their security, their complexity. IACR Cryptol. ePrint Arch., 485, (2019)
Guillevic, A.: A short-list of pairing-friendly curves resistant to special TNFS at the 128-bit security level. In: Kiayias, A., et al. eds. Public-Key Cryptography - PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Edinburgh, UK, May 4–7, 2020, Proceedings, Part II, volume 12111 of Lecture Notes in Computer Science, pp. 535–564. Springer, (2020)
Laurian, A,G., Fouotsa, E., Ayissi, R.: Magma code for the verification of various algorithms/formulas and bilinearity of pairings (2022). http://www.emmanuelfouotsa-prmais.org/Portals/22/codeXsuperopt
Guillevic, A., Masson, S., Thomé, E.: Cocks-pinch curves of embedding degrees five to eight and optimal ate pairing computation. Des. Codes Cryptogr. 88(6), 1047–1081 (2020)
Shim, Kyung-Ah.: An efficient ring signature scheme from pairings. Inf. Sci. 300, 63–69 (2015)
Minkowski, H.: Geometrie der Zahlen, volume Druck und Verlag von B.G. Teubner. Leipzig und Berlin, (1910)
Brezing, F., Weng, A.: Elliptic curves suitable for pairing based cryptography. Des. Codes Cryptogr. 37(1), 133–141 (2005)
Acknowledgements
The first author acknowledges the support of TWAS UNESCO under the Grant 20-063 RG/MATHS/AF/AC-I.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The first author acknowledges the support of TWAS UNESCO under the Grant 20-063 RG/MATHS/AF/AC-I.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Fouotsa, E., Guimagang, L.A. & Ayissi, R. x-superoptimal pairings on elliptic curves with odd prime embedding degrees: BW13-P310 and BW19-P286. AAECC (2023). https://doi.org/10.1007/s00200-023-00596-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00200-023-00596-5