Efficient Tate Pairing Computation for Supersingular Elliptic Curves over Binary Fields

After Miller’s original algorithm for the Tate pairing computation, many improved algorithms have been suggested, to name just a few, by Galbraith et al. and Barreto et al., especially for the fields with characteristic three. Also Duursma and Lee found a closed formula of the Tate pairing computation for the fields with characteristic three. In this paper, we show that a similar argument is also possible for the finite fields with characteristic two. That is, we present a closed formula for the Tate pairing computation for supersingular elliptic curves defined over the binary field F2m of odd dimension. There are exactly three isomorphism classes of supersingular elliptic curves over F2m for odd m and our result is applicable to all these curves. Moreover we show that our algorithm and also the Duursma-Lee algorithm can be modified to another algorithm which does not need any inverse Frobenius operation (square root or cube root extractions) without sacrificing any of the computational merits of the original algorithm. Since the computation of the inverse Frobenius map is not at all trivial in a polynomial basis and since a polynomial basis is still a preferred choice for the Tate pairing computation in many situations, this new algorithm avoiding the inverse Frobenius operation has some advantage over the existing algorithms.