Faster pairing computations on curves with high-degree twists

C. Costello, T. Lange, M. Naehrig

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

60 Citations (Scopus)

Abstract

Research on efficient pairing implementation has focussed on reducing the loop length and on using high-degree twists. Existence of twists of degree larger than 2 is a very restrictive criterion but luckily constructions for pairing-friendly elliptic curves with such twists exist. In fact, Freeman, Scott and Teske showed in their overview paper that often the best known methods of constructing pairing-friendly elliptic curves over fields of large prime characteristic produce curves that admit twists of degree 3, 4 or 6. A few papers have presented explicit formulas for the doubling and the addition step in Miller’s algorithm, but the optimizations were all done for the Tate pairing with degree-2 twists, so the main usage of the high-degree twists remained incompatible with more efficient formulas. In this paper we present efficient formulas for curves with twists of degree 2, 3, 4 or 6. These formulas are significantly faster than their predecessors. We show how these faster formulas can be applied to Tate and ate pairing variants, thereby speeding up all practical suggestions for efficient pairing implementations over fields of large characteristic.
Original languageEnglish
Title of host publicationPublic Key Cryptography - PKC 2010 (13th International Conference on Practice and Theory in Public-Key Cryptography, Paris, France, May 26-28, 2010. Proceedings)
EditorsP.Q. Nguyen, D. Pointcheval
Place of PublicationBerlin
PublisherSpringer
Pages224-242
ISBN (Print)978-3-642-13012-0
DOIs
Publication statusPublished - 2010

Publication series

NameLecture Notes in Computer Science
Volume6056
ISSN (Print)0302-9743

Fingerprint Dive into the research topics of 'Faster pairing computations on curves with high-degree twists'. Together they form a unique fingerprint.

Cite this