Polynomials for Ate Pairing and Atei Pairing
نویسندگان
چکیده
The irreducible factor r(x) of Φk(u(x)) and u(x) are often used in constructing pairing-friendly curves. u(x) and uc ≡ u(x) (mod r(x)) are selected to be the Miller loop control polynomial in Ate pairing and Atei pairing. In this paper we show that when 4|k or the minimal prime which divides k is larger than 2, some u(x) and r(x) can not be used as curve generation parameters if we want Atei pairing to be efficient. We also show that the Miller loop length can not reach the bound log2r φ(k) when we use the factorization of Φk(u(x)) to generate elliptic curves.
منابع مشابه
Fixed argument pairing inversion on elliptic curves
Let E be an elliptic curve over a finite field Fq with a power of prime q, r a prime dividing #E(Fq), and k the smallest positive integer satisfying r|Φk(p), called embedding degree. Then a bilinear map t : E(Fq)[r]×E(Fqk )/rE(Fqk )→ Fqk is defined, called the Tate pairing. And the Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power....
متن کاملCryptographic Pairings Based on Elliptic Nets
In 2007, Stange proposed a novel method for computing the Tate pairing on an elliptic curve over a finite field. This method is based on elliptic nets, which are maps from Z to a ring that satisfies a certain recurrence relation. In the present paper, we explicitly give formulae based on elliptic nets for computing the following variants of the Tate pairing: the Ate, Atei, R-Ate, and optimal pa...
متن کاملSimple and exact formula for minimum loop length in Ate i pairing based on Brezing-Weng curves
We provide a simple and exact formula for the minimum Miller loop length in Atei pairing based on Brezing-Weng curves, in terms of the involved parameters, under a mild condition on the parameters. It will be also shown that almost all cryptographically useful/meaningful parameters satisfy the mild condition. Hence the simple and exact formula is valid for them. It will also turn out that the f...
متن کاملBilinear pairings on elliptic curves
We give an elementary and self-contained introduction to pairings on elliptic curves over finite fields. For the first time in the literature, the three different definitions of the Weil pairing are stated correctly and proved to be equivalent using Weil reciprocity. Pairings with shorter loops, such as the ate, atei, R-ate and optimal pairings, together with their twisted variants, are present...
متن کاملAn Improvement of Twisted Ate Pairing Using Integer Variable with Small Hamming Weight
Barreto–Naehrig (BN) curve has been introduced as a pairing-friendly elliptic curve over prime field Fp which has embedding degree 12. Characteristic and Frobenius trace are given as polynomials of integer variable χ. This paper proposes an improvement of Miller’s algorithm of twisted Ate pairing with BN curve by χ of small hamming weight. Then, in order to show the efficiency of the proposed m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008