195 research outputs found
Heuristics on pairing-friendly abelian varieties
We discuss heuristic asymptotic formulae for the number of pairing-friendly
abelian varieties over prime fields, generalizing previous work of one of the
authors arXiv:math1107.0307Comment: Pages 6-7 rewritten, other minor changes mad
Pairings in Cryptology: efficiency, security and applications
Abstract
The study of pairings can be considered in so many di�erent ways that it
may not be useless to state in a few words the plan which has been adopted,
and the chief objects at which it has aimed. This is not an attempt to write
the whole history of the pairings in cryptology, or to detail every discovery,
but rather a general presentation motivated by the two main requirements
in cryptology; e�ciency and security.
Starting from the basic underlying mathematics, pairing maps are con-
structed and a major security issue related to the question of the minimal
embedding �eld [12]1 is resolved. This is followed by an exposition on how
to compute e�ciently the �nal exponentiation occurring in the calculation
of a pairing [124]2 and a thorough survey on the security of the discrete log-
arithm problem from both theoretical and implementational perspectives.
These two crucial cryptologic requirements being ful�lled an identity based
encryption scheme taking advantage of pairings [24]3 is introduced. Then,
perceiving the need to hash identities to points on a pairing-friendly elliptic
curve in the more general context of identity based cryptography, a new
technique to efficiently solve this practical issue is exhibited.
Unveiling pairings in cryptology involves a good understanding of both
mathematical and cryptologic principles. Therefore, although �rst pre-
sented from an abstract mathematical viewpoint, pairings are then studied
from a more practical perspective, slowly drifting away toward cryptologic
applications
Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves
One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide e�cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols.
In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for di�erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to e�ciently multiply a point in a subgroup de�ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the �nal exponentiation in the calculation of the Tate pairing and its varian
Cryptographic Pairings: Efficiency and DLP security
This thesis studies two important aspects of the use of pairings in cryptography, efficient
algorithms and security.
Pairings are very useful tools in cryptography, originally used for the cryptanalysis of
elliptic curve cryptography, they are now used in key exchange protocols, signature schemes
and Identity-based cryptography.
This thesis comprises of two parts: Security and Efficient Algorithms.
In Part I: Security, the security of pairing-based protocols is considered, with a thorough
examination of the Discrete Logarithm Problem (DLP) as it occurs in PBC. Results on the
relationship between the two instances of the DLP will be presented along with a discussion
about the appropriate selection of parameters to ensure particular security level.
In Part II: Efficient Algorithms, some of the computational issues which arise when using
pairings in cryptography are addressed. Pairings can be computationally expensive, so
the Pairing-Based Cryptography (PBC) research community is constantly striving to find
computational improvements for all aspects of protocols using pairings. The improvements
given in this section contribute towards more efficient methods for the computation of pairings,
and increase the efficiency of operations necessary in some pairing-based protocol
A CM construction for curves of genus 2 with p-rank 1
We construct Weil numbers corresponding to genus-2 curves with -rank 1
over the finite field \F_{p^2} of elements. The corresponding curves
can be constructed using explicit CM constructions. In one of our algorithms,
the group of \F_{p^2}-valued points of the Jacobian has prime order, while
another allows for a prescribed embedding degree with respect to a subgroup of
prescribed order. The curves are defined over \F_{p^2} out of necessity: we
show that curves of -rank 1 over \F_p for large cannot be efficiently
constructed using explicit CM constructions.Comment: 19 page
Abelian Varieties with Prescribed Embedding Degree
We present an algorithm that, on input of a CM-field , an integer ,
and a prime , constructs a -Weil number \pi \in \O_K
corresponding to an ordinary, simple abelian variety over the field \F of
elements that has an \F-rational point of order and embedding degree
with respect to . We then discuss how CM-methods over can be used to
explicitly construct .Comment: to appear in ANTS-VII
Refinements of Miller's Algorithm over Weierstrass Curves Revisited
In 1986 Victor Miller described an algorithm for computing the Weil pairing
in his unpublished manuscript. This algorithm has then become the core of all
pairing-based cryptosystems. Many improvements of the algorithm have been
presented. Most of them involve a choice of elliptic curves of a \emph{special}
forms to exploit a possible twist during Tate pairing computation. Other
improvements involve a reduction of the number of iterations in the Miller's
algorithm. For the generic case, Blake, Murty and Xu proposed three refinements
to Miller's algorithm over Weierstrass curves. Though their refinements which
only reduce the total number of vertical lines in Miller's algorithm, did not
give an efficient computation as other optimizations, but they can be applied
for computing \emph{both} of Weil and Tate pairings on \emph{all}
pairing-friendly elliptic curves. In this paper we extend the Blake-Murty-Xu's
method and show how to perform an elimination of all vertical lines in Miller's
algorithm during Weil/Tate pairings computation on \emph{general} elliptic
curves. Experimental results show that our algorithm is faster about 25% in
comparison with the original Miller's algorithm.Comment: 17 page
Abelian varieties in pairing-based cryptography
We study the problem of the embedding degree of an abelian variety over a
finite field which is vital in pairing-based cryptography. In particular, we
show that for a prescribed CM field of degree , prescribed integers
, and any prime , there exists an ordinary abelian
variety over a finite field with endomorphism algebra , embedding degree
with respect to and the field extension generated by the -torsion points
of degree over the field of definition. We also study a class of
absolutely simple higher dimensional abelian varieties whose endomorphism
algebras are central over imaginary quadratic fields.Comment: Typos fixe
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
Constructing pairing-friendly hyperelliptic curves using Weil restriction
A pairing-friendly curve is a curve over a finite field whose Jacobian has small embedding degree with respect to a large prime-order subgroup. In this paper we construct pairing-friendly genus 2 curves over finite fields whose Jacobians are ordinary and simple, but not absolutely simple. We show that constructing such curves is equivalent to constructing elliptic curves over that become pairing-friendly over a finite extension of . Our main proof technique is Weil restriction of elliptic curves. We describe adaptations of the Cocks-Pinch and Brezing-Weng methods that produce genus 2 curves with the desired properties. Our examples include a parametric family of genus 2 curves whose Jacobians have the smallest recorded -value for simple, non-supersingular abelian surfaces
- …