Pairing computation on hyperelliptic curves of genus 2

Abstract

Bilinear pairings have been recently used to construct cryptographic schemes with new and novel properties, the most celebrated example being the Identity Based Encryption scheme of Boneh and Franklin. As pairing computation is generally the most computationally intensive part of any painng-based cryptosystem, it is essential to investigate new ways in which to compute pairings efficiently. The vast majority of the literature on pairing computation focuscs solely on using elliptic curves. In this thesis we investigate pairing computation on supersingular hyperelliptic curves of genus 2 Our aim is to provide a practical alternative to using elliptic curves for pairing based cryptography. Specifically, we illustrate how to implement pairings efficiently using genus 2 curves, and how to attain performance comparable to using elliptic curves. We show that pairing computation on genus 2 curves over F2m can outperform elliptic curves by using a new variant of the Tate pairing, called the r¡j pairing, to compute the fastest pairing implementation in the literature to date We also show for the first time how the final exponentiation required to compute the Tate pairing can be avoided for certain hyperelliptic curves. We investigate pairing computation using genus 2 curves over large prime fields, and detail various techniques that lead to an efficient implementation, thus showing that these curves are a viable candidate for practical use