Efficient optimal ate pairing at 128-bit security level

Md Al Amin Khandaker, Yuki Nanjo, Loubna Ghammam, Sylvain Duquesne, Yasuyuki Nogami, Yuta Kodera

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller’s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller’s algorithm to experimentally verify Barbulescu et al.’s estimation. The result shows that Miller’s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne’s conclusion for 128-bit security.

Original languageEnglish
Title of host publicationProgress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings
EditorsArpita Patra, Nigel P. Smart
PublisherSpringer Verlag
Pages186-205
Number of pages20
ISBN (Print)9783319716664
DOIs
Publication statusPublished - 2017
Event18th International Conference on Cryptology in India, INDOCRYPT 2017 - Chennai, India
Duration: Dec 10 2017Dec 13 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10698 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other18th International Conference on Cryptology in India, INDOCRYPT 2017
CountryIndia
CityChennai
Period12/10/1712/13/17

Keywords

  • KSS-16 curve
  • Optimal-Ate pairing
  • Sparse multiplication

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Efficient optimal ate pairing at 128-bit security level'. Together they form a unique fingerprint.

  • Cite this

    Khandaker, M. A. A., Nanjo, Y., Ghammam, L., Duquesne, S., Nogami, Y., & Kodera, Y. (2017). Efficient optimal ate pairing at 128-bit security level. In A. Patra, & N. P. Smart (Eds.), Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings (pp. 186-205). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10698 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-71667-1_10