Faster computation of the Tate pairing

This paper proposes new explicit formulas for the doubling and addition step in Miller's algorithm to compute the Tate pairing. For Edwards curves the formulas come from a new way of seeing the arithmetic. We state the first geometric interpretation of the group law on Edwards curves by presenting the functions which arise in the addition and doubling. Computing the coefficients of the functions and the sum or double of the points is faster than with all previously proposed formulas for pairings on Edwards curves. They are even competitive with all published formulas for pairing computation on Weierstrass curves. We also speed up pairing computation on Weierstrass curves in Jacobian coordinates. Finally, we present several examples of pairing-friendly Edwards curves.Comment: 15 pages, 2 figures. Final version accepted for publication in Journal of Number Theor

Linearizing torsion classes in the Picard group of algebraic curves over finite fields

We address the problem of computing in the group of $\ell^k$-torsion rational points of the jacobian variety of algebraic curves over finite fields, with a view toward computing modular representations.Comment: To appear in Journal of Algebr

Efficient algorithms for pairing-based cryptosystems

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography

Second p descents on elliptic curves

Let p be a prime and let C be a genus one curve over a number field k representing an element of order dividing p in the Shafarevich-Tate group of its Jacobian. We describe an algorithm which computes the set of D in the Shafarevich-Tate group such that pD = C and obtains explicit models for these D as curves in projective space. This leads to a practical algorithm for performing 9-descents on elliptic curves over the rationals.Comment: 45 page

Efficient pairing computation with theta functions

The original publication is available at www.springerlink.comInternational audienceIn this paper, we present a new approach based on theta functions to compute Weil and Tate pairings. A benefit of our method, which does not rely on the classical Miller's algorithm, is its generality since it extends to all abelian varieties the classical Weil and Tate pairing formulas. In the case of dimension $1$ and $2$ abelian varieties our algorithms lead to implementations which are efficient and naturally deterministic. We also introduce symmetric Weil and Tate pairings on Kummer varieties and explain how to compute them efficiently. We exhibit a nice algorithmic compatibility between some algebraic groups quotiented by the action of the automorphism $-1$, where the $\Z$-action can be computed efficiently with a Montgomery ladder type algorithm

Efficient Implementations of Pairing-Based Cryptography on Embedded Systems

Many cryptographic applications use bilinear pairing such as identity based signature, instance identity-based key agreement, searchable public-key encryption, short signature scheme, certificate less encryption and blind signature. Elliptic curves over finite field are the most secure and efficient way to implement bilinear pairings for the these applications. Pairing based cryptosystems are being implemented on different platforms such as low-power and mobile devices. Recently, hardware capabilities of embedded devices have been emerging which can support efficient and faster implementations of pairings on hand-held devices. In this thesis, the main focus is optimization of Optimal Ate-pairing using special class of ordinary curves, Barreto-Naehring (BN), for different security levels on low-resource devices with ARM processors. Latest ARM architectures are using SIMD instructions based NEON engine and are helpful to optimize basic algorithms. Pairing implementations are being done using tower field which use field multiplication as the most important computation. This work presents NEON implementation of two multipliers (Karatsuba and Schoolbook) and compare the performance of these multipliers with different multipliers present in the literature for different field sizes. This work reports the fastest implementation timing of pairing for BN254, BN446 and BN638 curves for ARMv7 architecture which have security levels as 128-, 164-, and 192-bit, respectively. This work also presents comparison of code performance for ARMv8 architectures

Computing in Jacobians of projective curves over finite fields

We give algorithms for computing with divisors on projective curves over finite fields, and with their Jacobians, using the algorithmic representation of projective curves developed by Khuri-Makdisi. We show that many desirable operations can be done efficiently in this setting: decomposing divisors into prime divisors; computing pull-backs and push-forwards of divisors under finite morphisms, and hence Picard and Albanese maps on Jacobians; generating uniformly random divisors and points on Jacobians; computing Frobenius maps and Kummer maps; and finding a basis for the $l$-torsion of the Picard group, where $l$ is a prime number different from the characteristic of the base field.Comment: 42 page