Attractive subfamilies of BLS curves for implementing high-security pairings

C. Costello, K. Lauter, M. Naehrig

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

22 Citations (Scopus)

Abstract

Barreto-Lynn-Scott (BLS) curves are a stand-out candidate for implementing high-security pairings. This paper shows that particular choices of the pairing-friendly search parameter give rise to four subfamilies of BLS curves, all of which offer highly efficient and implementation-friendly pairing instantiations. Curves from these particular subfamilies are defined over prime fields that support very efficient towering options for the full extension field. The coefficients for a specific curve and its correct twist are automatically determined without any computational effort. The choice of an extremely sparse search parameter is immediately reflected by a highly efficient optimal ate Miller loop and final exponentiation. As a resource for implementors, we give a list with examples of implementation-friendly BLS curves through several high-security levels.
Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2011 (12th International Conference on Cryptology in India, Chennai, India, December 11-14, 2011. Proceedings)
EditorsD.J. Bernstein, S. Chatterjee
Place of PublicationBerlin
PublisherSpringer
Pages320-342
ISBN (Print)978-3-642-25577-9
DOIs
Publication statusPublished - 2011

Publication series

NameLecture Notes in Computer Science
Volume7107
ISSN (Print)0302-9743

Fingerprint

Dive into the research topics of 'Attractive subfamilies of BLS curves for implementing high-security pairings'. Together they form a unique fingerprint.

Cite this