Abstract
As one of problems that guarantee the security of pairing-based cryptography, pairing inversion problem is studied. Some recent works have reduced fixed argument pairing inversion (FAPI) problem to exponentiation inversion (EI) problem. According to the results, FAPI problem is solved if EI problem of exponent (qk - 1)/Φk (q) is solved, where q, k, and r are the characteristic, embedding degree, and order of pairing group, respectively. Φk(x) is the cyclotomic polynomial of order k. This paper shows an approach for reducing the exponent of EI problem to q - 1 especially on Ate pairing. For many embedding degrees, it is considerably reduced from the previous result (qk - 1)/Φk(q). After that, the difficulty of the reduced EI problem is discussed based on the distribution of correct (q - 1)-th roots on a small example.
| Original language | English |
|---|---|
| Pages (from-to) | 240-249 |
| Number of pages | 10 |
| Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Volume | 8639 LNCS |
| DOIs | |
| Publication status | Published - Jan 1 2014 |
| Event | 9th International Workshop on Security, IWSEC 2014 - Hirosaki, Japan Duration: Aug 27 2014 → Aug 29 2014 |
Keywords
- Barreto-Naehrig curve
- pairing inversion problem
- trace
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)