On Computing Products of Pairings
نویسندگان
چکیده
In many pairing-based protocols often the evaluation of the product of many pairing evaluations is required. In this paper we consider methods to compute such products efficiently. Focusing on pairingfriendly fields in particular, we evaluate methods for the Weil, Tate and Ate pairing algorithms for ordinary elliptic curves at various security levels. Our operation counts indicate that the minimal cost of each additional pairing relative to the cost of one is ≈ 0.61, 0.45, and 0.43, for each of these pairings respectively at the 128-bit security level. For larger security levels the Ate pairing can have a relative additional cost of as low as 0.13 for each additional pairing. These estimates allow implementors to make optimal algorithm choices for given scenarios, in which the number of pairings in the product, the security level, and the embedding degree are factors under consideration.
منابع مشابه
Identification of Multiple Invalid Signatures in Pairing-Based Batched Signatures
This paper describes new methods in pairing-based signature schemes for identifying the invalid digital signatures in a batch, after batch verification has failed. These methods efficiently identify non-trivial numbers of invalid signatures in batches of (potentially large) numbers of signatures. Our methods use “divide-and-conquer” search to identify the invalid signatures within a batch, but ...
متن کاملPairings from a tensor product point of view
Pairings are particular bilinear maps, and as any bilinear maps they factor through the tensor product as group homomorphisms. Besides, nothing seems to prevent us to construct pairings on other abelian groups than elliptic curves or more general abelian varieties. The point of view adopted in this contribution is based on these two observations. Thus we present an elliptic curve free study of ...
متن کاملCOMPUTING THE PRODUCTS OF CONJUGACY CLASSES FOR SPECIFIC FINITE GROUPS
Suppose $G$ is a finite group, $A$ and $B$ are conjugacy classes of $G$ and $eta(AB)$ denotes the number of conjugacy classes contained in $AB$. The set of all $eta(AB)$ such that $A, B$ run over conjugacy classes of $G$ is denoted by $eta(G)$.The aim of this paper is to compute $eta(G)$, $G in { D_{2n}, T_{4n}, U_{6n}, V_{8n}, SD_{8n}}$ or $G$ is a decomposable group of order $2pq$, a group of...
متن کاملATP hydrolysis provides functions that promote rejection of pairings between different copies of long repeated sequences
During DNA recombination and repair, RecA family proteins must promote rapid joining of homologous DNA. Repeated sequences with >100 base pair lengths occupy more than 1% of bacterial genomes; however, commitment to strand exchange was believed to occur after testing ∼20-30 bp. If that were true, pairings between different copies of long repeated sequences would usually become irreversible. Our...
متن کاملAn Analysis of Affine Coordinates for Pairing Computation
In this paper we analyze the use of affine coordinates for pairing computation. We observe that in many practical settings, e. g. when implementing optimal ate pairings in high security levels, affine coordinates are faster than using the best currently known formulas for projective coordinates. This observation relies on two known techniques for speeding up field inversions which we analyze in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006