Faster computation of the Tate pairing

This paper proposes new explicit formulas for the doubling and addition step in Miller's algorithm to compute the Tate pairing. For Edwards curves the formulas come from a new way of seeing the arithmetic. We state the first geometric interpretation of the group law on Edwards curves by presenting the functions which arise in the addition and doubling. Computing the coefficients of the functions and the sum or double of the points is faster than with all previously proposed formulas for pairings on Edwards curves. They are even competitive with all published formulas for pairing computation on Weierstrass curves. We also speed up pairing computation on Weierstrass curves in Jacobian coordinates. Finally, we present several examples of pairing-friendly Edwards curves.Comment: 15 pages, 2 figures. Final version accepted for publication in Journal of Number Theor

Encryption using the Edwards elliptic curve

Розглянуто криптографічну схему, що використовує протокол Діффі-Геллмана, застосований до кільця Zp та групи точок еліптичної кривої Едвардса. Ця схема описує алгоритм, який можна використовувати для закритого зв’язку при обміні даними по мережі загального користування і є безпечною, якщо забезпечена автентичність ключа. Запропонований алгоритм має достатній рівень безпеки при невеликих обчислювальних затратах.We consider an encryption system based on the Diffie–Hellman protocol applied both to the ring Zp and to the group of points on the Edwards elliptic curve. This protocol establishes a shared secret that can be used for secret communications while exchanging data over a public network and is secure only if the authenticity of the key is assured. The original implementation of the protocol uses the multiplicative group of integers modulo p, where p is a prime. N. Koblitz and V. Miller discovered the Weierstrass elliptic curve cryptography in 1985. The elliptic curve cryptographic schemes are a public-key protocol and their security is based on the hardness of an elliptic curve discrete logarithmic problem. The algorithms are based on the properties of the group of rational points of a Weierstrass elliptic curve with high stability. This group can be used to develop a variety of elliptic curve cryptographic schemes including the digital signature, encryption and key exchange. Over the years, the use of such algorithms did not experience a significant drop in their resistance, although the resistance algorithms built on other groups, significantly decreased. Many papers in recent years are devoted to the study of the cryptographic properties of Edwards elliptic curves: finding fast algorithms to perform batch operations used in cryptosystems constructed on the group of rational points of these curves, the construction of stable curves of this type. The principal attraction of the Edwards elliptic curve cryptography is that it offers sufficient security for a small enough prime p and for a small enough key size. In the present paper we consider a new encryption algorithm using both to the Edwards elliptic curve over finite fields and to the ring Zp, due to this the linear cryptanalysis is highly difficult. The algorithm proposed here provides sufficient security at sufficiently small computational expenses

Encryption using the Edwards elliptic curve

Розглянуто криптографічну схему, що використовує протокол Діффі-Геллмана, застосований до кільця Zp та групи точок еліптичної кривої Едвардса. Ця схема описує алгоритм, який можна використовувати для закритого зв’язку при обміні даними по мережі загального користування і є безпечною, якщо забезпечена автентичність ключа. Запропонований алгоритм має достатній рівень безпеки при невеликих обчислювальних затратах.We consider an encryption system based on the Diffie–Hellman protocol applied both to the ring Zp and to the group of points on the Edwards elliptic curve. This protocol establishes a shared secret that can be used for secret communications while exchanging data over a public network and is secure only if the authenticity of the key is assured. The original implementation of the protocol uses the multiplicative group of integers modulo p, where p is a prime. N. Koblitz and V. Miller discovered the Weierstrass elliptic curve cryptography in 1985. The elliptic curve cryptographic schemes are a public-key protocol and their security is based on the hardness of an elliptic curve discrete logarithmic problem. The algorithms are based on the properties of the group of rational points of a Weierstrass elliptic curve with high stability. This group can be used to develop a variety of elliptic curve cryptographic schemes including the digital signature, encryption and key exchange. Over the years, the use of such algorithms did not experience a significant drop in their resistance, although the resistance algorithms built on other groups, significantly decreased. Many papers in recent years are devoted to the study of the cryptographic properties of Edwards elliptic curves: finding fast algorithms to perform batch operations used in cryptosystems constructed on the group of rational points of these curves, the construction of stable curves of this type. The principal attraction of the Edwards elliptic curve cryptography is that it offers sufficient security for a small enough prime p and for a small enough key size. In the present paper we consider a new encryption algorithm using both to the Edwards elliptic curve over finite fields and to the ring Zp, due to this the linear cryptanalysis is highly difficult. The algorithm proposed here provides sufficient security at sufficiently small computational expenses

The Pairing Computation on Edwards Curves

We propose an elaborate geometry approach to explain the group law on twisted Edwards curves which are seen as the intersection of quadric surfaces in place. Using the geometric interpretation of the group law, we obtain the Miller function for Tate pairing computation on twisted Edwards curves. Then we present the explicit formulae for pairing computation on twisted Edwards curves. Our formulae for the doubling step are a little faster than that proposed by Arène et al. Finally, to improve the efficiency of pairing computation, we present twists of degrees 4 and 6 on twisted Edwards curves

On near prime-order elliptic curves with small embedding degrees (Full version)

In this paper, we extend the method of Scott and Barreto and present an explicit and simple algorithm to generate families of generalized MNT elliptic curves. Our algorithm allows us to obtain all families of generalized MNT curves with any given cofactor. Then, we analyze the complex multiplication equations of these families of curves and transform them into generalized Pell equation. As an example, we describe a way to generate Edwards curves with embedding degree 6, that is, elliptic curves having cofactor h = 4

Ways to improve the performance of zero-knowledge succinct non-interactivearguments of knowledge and the analysis of the rusults achieved

Рассматриваются способы повышения производительности кратких неинтерактивных аргументов с нулевым разглашением на основе полиномиальных наборов с использованием различных вычислительных методов. Проводится сравнительный анализ протоколов по размерам главных ссылочных строк и доказательств достоверности вычислений, затратам формирования доказательств и их верификации

Compression for trace zero points on twisted Edwards curves

We propose two optimal representations for the elements of trace zero subgroups of twisted Edwards curves. For both representations, we provide efficient compression and decompression algorithms. The efficiency of the algorithm is compared with the efficiency of similar algorithms on elliptic curves in Weierstrass form