Pairing computation on hyperelliptic curves of genus 2

Bilinear pairings have been recently used to construct cryptographic schemes with new and novel properties, the most celebrated example being the Identity Based Encryption scheme of Boneh and Franklin. As pairing computation is generally the most computationally intensive part of any painng-based cryptosystem, it is essential to investigate new ways in which to compute pairings efficiently. The vast majority of the literature on pairing computation focuscs solely on using elliptic curves. In this thesis we investigate pairing computation on supersingular hyperelliptic curves of genus 2 Our aim is to provide a practical alternative to using elliptic curves for pairing based cryptography. Specifically, we illustrate how to implement pairings efficiently using genus 2 curves, and how to attain performance comparable to using elliptic curves. We show that pairing computation on genus 2 curves over F2m can outperform elliptic curves by using a new variant of the Tate pairing, called the r¡j pairing, to compute the fastest pairing implementation in the literature to date We also show for the first time how the final exponentiation required to compute the Tate pairing can be avoided for certain hyperelliptic curves. We investigate pairing computation using genus 2 curves over large prime fields, and detail various techniques that lead to an efficient implementation, thus showing that these curves are a viable candidate for practical use

Speeding Up Pairing Computation

In this note, we describe how to achieve a simple yet substantial speed up of Miller's algorithm, when not using denominator elimination, and working over quadratic extension fields

Pairing calculation on supersingular genus 2 curves

Abstract. In this paper we describe how to efficiently implement pairing calculation on supersingular genus 2 curves over prime fields. We find that, contrary to the results reported in [8], pairing calculation on supersingular genus 2 curves over prime fields is efficient and a viable candidate for the practical implementation of pairing-based cryptosystems. We also show how to eliminate divisions in an efficient manner when computing the Tate pairing, and how this algorithm is useful for curves of genus greater than one

Multiplication and Squaring on Pairing-Friendly

Abstract. Pairing-friendly fields are finite fields that are suitable for the implementation of cryptographic bilinear pairings. In this paper we review multiplication and squaring methods for pairing-friendly fields F p k with k ∈ {2, 3, 4, 6}. For composite k, we consider every possible towering construction. We compare the methods to determine which is most efficient based on the number of basic Fp operations, as well as the best constructions for these finite extension fields. We also present experimental results for every method

Hardware implementation of the ηT pairing in characteristic 3

Recently, there have been many proposals for secure and novel cryptographic protocols that are built on bilinear pairings. The ηT pairing is one such pairing and is closely related to the Tate pairing. In this paper we consider the efficient hardware implementation of this pairing in characteristic 3. All characteristic 3 operations required to compute the pairing are outlined in detail. An efficient, flexible and reconfigurable processor for the ηT pairing in characteristic 3 is presented and discussed. The processor can easily be tailored for a low area implementation, for a high throughput implementation, or for a balance between the two. Results are provided for various configurations of the processor when implemented over the field F 3 97 on an FPGA. As far as we are aware, the processor returns the first characteristic 3 ηT pairing in hardware that includes a final exponentiation to a unique value