TY - GEN
T1 - Efficient optimal ate pairing at 128-bit security level
AU - Khandaker, Md Al Amin
AU - Nanjo, Yuki
AU - Ghammam, Loubna
AU - Duquesne, Sylvain
AU - Nogami, Yasuyuki
AU - Kodera, Yuta
N1 - Funding Information:
Acknowledgments. This work was partially supported by the Strategic Information and Communications R&D Promotion Programme (SCOPE) of Ministry of Internal Affairs and Communications, Japan and The French projects ANR-16-CE39-0012 “SafeTLS” and ANR-11-LABX-0020-01 “Centre Henri Lebesgue”.
PY - 2017
Y1 - 2017
N2 - Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller’s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller’s algorithm to experimentally verify Barbulescu et al.’s estimation. The result shows that Miller’s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne’s conclusion for 128-bit security.
AB - Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller’s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller’s algorithm to experimentally verify Barbulescu et al.’s estimation. The result shows that Miller’s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne’s conclusion for 128-bit security.
KW - KSS-16 curve
KW - Optimal-Ate pairing
KW - Sparse multiplication
UR - http://www.scopus.com/inward/record.url?scp=85037848576&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85037848576&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-71667-1_10
DO - 10.1007/978-3-319-71667-1_10
M3 - Conference contribution
AN - SCOPUS:85037848576
SN - 9783319716664
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 186
EP - 205
BT - Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings
A2 - Patra, Arpita
A2 - Smart, Nigel P.
PB - Springer Verlag
T2 - 18th International Conference on Cryptology in India, INDOCRYPT 2017
Y2 - 10 December 2017 through 13 December 2017
ER -