Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications

Finite Fields: Theory and Applications

Finite fields are the focal point of many interesting geometric, algorithmic and combinatorial problems. The workshop was devoted to progress on these questions, with an eye also on the important applications of finite field techniques in cryptography, error correcting codes, and random number generation

The probability that the number of points on the Jacobian of a genus 2 curve is prime

In 2000, Galbraith and McKee heuristically derived a formula that estimates the probability that a randomly chosen elliptic curve over a fixed finite prime field has a prime number of rational points. We show how their heuristics can be generalized to Jacobians of curves of higher genus. We then elaborate this in genus 2 and study various related issues, such as the probability of cyclicity and the probability of primality of the number of points on the curve itself. Finally, we discuss the asymptotic behavior as the genus tends to infinity.Comment: Minor edits, 37 pages. To appear in Proceedings of the London Mathematical Societ

On the distribution of Atkin and Elkies primes for reductions of elliptic curves on average

For an elliptic curve E/Q without complex multiplication we study the distribution of Atkin and Elkies primes l, on average, over all good reductions of E modulo primes p. We show that, under the Generalised Riemann Hypothesis, for almost all primes p there are enough small Elkies primes l to ensure that the Schoof-Elkies-Atkin point-counting algorithm runs in (log p)^(4+o(1)) expected time.Comment: 20 pages, to appear in LMS J. Comput. Mat