Efficient optimal ate pairing at 128-bit security level

Md Al Amin Khandaker; Yuki Nanjo; Loubna Ghammam; Sylvain Duquesne; Yasuyuki Nogami; Yuta Kodera

doi:10.1007/978-3-319-71667-1_10

Efficient optimal ate pairing at 128-bit security level

Md Al Amin Khandaker, Yuki Nanjo, Loubna Ghammam, Sylvain Duquesne, Yasuyuki Nogami, Yuta Kodera

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller’s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller’s algorithm to experimentally verify Barbulescu et al.’s estimation. The result shows that Miller’s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne’s conclusion for 128-bit security.

Original language	English
Title of host publication	Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings
Publisher	Springer Verlag
Pages	186-205
Number of pages	20
Volume	10698 LNCS
ISBN (Print)	9783319716664
DOIs	https://doi.org/10.1007/978-3-319-71667-1_10
Publication status	Published - Jan 1 2017
Event	18th International Conference on Cryptology in India, INDOCRYPT 2017 - Chennai, India Duration: Dec 10 2017 → Dec 13 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10698 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	18th International Conference on Cryptology in India, INDOCRYPT 2017
Country	India
City	Chennai
Period	12/10/17 → 12/13/17

Fingerprint

Keywords

KSS-16 curve
Optimal-Ate pairing
Sparse multiplication

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Khandaker, M. A. A., Nanjo, Y., Ghammam, L., Duquesne, S., Nogami, Y., & Kodera, Y. (2017). Efficient optimal ate pairing at 128-bit security level. In Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings (Vol. 10698 LNCS, pp. 186-205). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10698 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-71667-1_10

Efficient optimal ate pairing at 128-bit security level. / Khandaker, Md Al Amin; Nanjo, Yuki; Ghammam, Loubna; Duquesne, Sylvain; Nogami, Yasuyuki; Kodera, Yuta.

Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. Vol. 10698 LNCS Springer Verlag, 2017. p. 186-205 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10698 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Khandaker, MAA, Nanjo, Y, Ghammam, L, Duquesne, S, Nogami, Y & Kodera, Y 2017, Efficient optimal ate pairing at 128-bit security level. in Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. vol. 10698 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10698 LNCS, Springer Verlag, pp. 186-205, 18th International Conference on Cryptology in India, INDOCRYPT 2017, Chennai, India, 12/10/17. https://doi.org/10.1007/978-3-319-71667-1_10

Khandaker MAA, Nanjo Y, Ghammam L, Duquesne S, Nogami Y, Kodera Y. Efficient optimal ate pairing at 128-bit security level. In Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. Vol. 10698 LNCS. Springer Verlag. 2017. p. 186-205. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-71667-1_10

Khandaker, Md Al Amin ; Nanjo, Yuki ; Ghammam, Loubna ; Duquesne, Sylvain ; Nogami, Yasuyuki ; Kodera, Yuta. / Efficient optimal ate pairing at 128-bit security level. Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. Vol. 10698 LNCS Springer Verlag, 2017. pp. 186-205 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9e4b6720f04a46fda37dad959f7c5491,

title = "Efficient optimal ate pairing at 128-bit security level",

abstract = "Following the emergence of Kim and Barbulescu{\textquoteright}s new number field sieve (exTNFS) algorithm at CRYPTO{\textquoteright}16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller{\textquoteright}s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller{\textquoteright}s algorithm to experimentally verify Barbulescu et al.{\textquoteright}s estimation. The result shows that Miller{\textquoteright}s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne{\textquoteright}s conclusion for 128-bit security.",

keywords = "KSS-16 curve, Optimal-Ate pairing, Sparse multiplication",

author = "Khandaker, {Md Al Amin} and Yuki Nanjo and Loubna Ghammam and Sylvain Duquesne and Yasuyuki Nogami and Yuta Kodera",

year = "2017",

month = jan

day = "1",

doi = "10.1007/978-3-319-71667-1_10",

language = "English",

isbn = "9783319716664",

volume = "10698 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "186--205",

booktitle = "Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings",

note = "18th International Conference on Cryptology in India, INDOCRYPT 2017 ; Conference date: 10-12-2017 Through 13-12-2017",

}

TY - GEN

T1 - Efficient optimal ate pairing at 128-bit security level

AU - Khandaker, Md Al Amin

AU - Nanjo, Yuki

AU - Ghammam, Loubna

AU - Duquesne, Sylvain

AU - Nogami, Yasuyuki

AU - Kodera, Yuta

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller’s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller’s algorithm to experimentally verify Barbulescu et al.’s estimation. The result shows that Miller’s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne’s conclusion for 128-bit security.

AB - Following the emergence of Kim and Barbulescu’s new number field sieve (exTNFS) algorithm at CRYPTO’16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller’s algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller’s algorithm to experimentally verify Barbulescu et al.’s estimation. The result shows that Miller’s algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne’s conclusion for 128-bit security.

KW - KSS-16 curve

KW - Optimal-Ate pairing

KW - Sparse multiplication

UR - http://www.scopus.com/inward/record.url?scp=85037848576&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037848576&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-71667-1_10

DO - 10.1007/978-3-319-71667-1_10

M3 - Conference contribution

AN - SCOPUS:85037848576

SN - 9783319716664

VL - 10698 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 186

EP - 205

BT - Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings

PB - Springer Verlag

T2 - 18th International Conference on Cryptology in India, INDOCRYPT 2017

Y2 - 10 December 2017 through 13 December 2017

ER -

Access to Document

10.1007/978-3-319-71667-1_10