Representation of Torsion Points on Pairing Curves of Embedding Degree 1

Recent efficient pairings such as Ate pairing use two efficient rational point subgroups such that π(P ) = P and π(Q) = [p]Q, where π, p, P , and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r + 1 but does not divide r − 1. Then, this paper shows a multiplicative representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable.