Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide e�cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for di�erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to e�ciently multiply a point in a subgroup de�ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the �nal exponentiation in the calculation of the Tate pairing and its varian

Heuristics on pairing-friendly abelian varieties

We discuss heuristic asymptotic formulae for the number of pairing-friendly abelian varieties over prime fields, generalizing previous work of one of the authors arXiv:math1107.0307Comment: Pages 6-7 rewritten, other minor changes mad

Constructing pairing-friendly hyperelliptic curves using Weil restriction

A pairing-friendly curve is a curve over a finite field whose Jacobian has small embedding degree with respect to a large prime-order subgroup. In this paper we construct pairing-friendly genus 2 curves over finite fields $\mathbb{F}_q$ whose Jacobians are ordinary and simple, but not absolutely simple. We show that constructing such curves is equivalent to constructing elliptic curves over $\mathbb{F}_q$ that become pairing-friendly over a finite extension of $\mathbb{F}_q$. Our main proof technique is Weil restriction of elliptic curves. We describe adaptations of the Cocks-Pinch and Brezing-Weng methods that produce genus 2 curves with the desired properties. Our examples include a parametric family of genus 2 curves whose Jacobians have the smallest recorded $\rho$-value for simple, non-supersingular abelian surfaces

On the final exponentiation for calculating pairings on ordinary elliptic curves

When using pairing-friendly ordinary elliptic curves to compute the Tate and related pairings, the computation consists of two main components, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of ``truncated loop\u27\u27 pairings like the R-ate pairing), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing friendly elliptic curves to reduce the computation required for the final exponentiation to a minimum

Generating Pairing-friendly Parameters for the CM Construction of Genus 2 Curves over Prime Fields

We present two contributions in this paper. First, we give a quantitative analysis of the scarcity of pairing-friendly genus 2 curves. This result is an improvement relative to prior work which estimated the density of pairing-friendly genus 2 curves heuristically. Second, we present a method for generating pairing-friendly parameters for which $\rho\approx 8$, where $\rho$ is a measure of efficiency in pairing-based cryptography. This method works by solving a system of equations given in terms of coefficients of the Frobenius element. The algorithm is easy to understand and implement

Границы сбалансированной степени вложения для криптографии на билинейных спариваниях

Вводится формула для расчёта границ сбалансированной степени вложения гиперэллиптической кривой. Вычислены текущие границы для кривых рода 1-3. Для кривых с известными алгоритмами генерации, наименьшими р-значениями и степенями вложения от 1 до 10 вычислен диапазон значений, которому принадлежит уровень безопасности кривой

Heuristics on pairing-friendly elliptic curves

We present a heuristic asymptotic formula as $x\to \infty$ for the number of isogeny classes of pairing-friendly elliptic curves with fixed embedding degree $k\geq 3$, with fixed discriminant, with rho-value bounded by a fixed $\rho_0$ such that $1<\rho_0<2$, and with prime subgroup order at most $x$.Comment: text substantially rewritten, tables correcte