Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

Masataka Akane; Yasuyuki Nogami; Yoshitaka Morikawa

doi:10.1587/transfun.E92.A.508

Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

Masataka Akane, Yasuyuki Nogami, Yoshitaka Morikawa

Research output: Contribution to journal › Article

21 Citations (Scopus)

Abstract

This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y² = x³ + a, a ∈ F_p. For the curve, an isomorphic substitution from G₂ C E(F_p ¹²) into G ₂ in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G₂ and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

Original language	English
Pages (from-to)	508-516
Number of pages	9
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E92-A
Issue number	2
DOIs	https://doi.org/10.1587/transfun.E92.A.508
Publication status	Published - Feb 2009

Fingerprint

Subfield

Pairing

Elliptic Curves

Curve

Scalar multiplication

Exponentiation

Denominator

Substitution reactions

Substitution

Speedup

Isomorphic

Keywords

Ate pairing
Fast computing
Subfield arithmetic operation
Twist

ASJC Scopus subject areas

Electrical and Electronic Engineering
Computer Graphics and Computer-Aided Design
Applied Mathematics
Signal Processing

Cite this

Akane, M., Nogami, Y., & Morikawa, Y. (2009). Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E92-A(2), 508-516. https://doi.org/10.1587/transfun.E92.A.508

Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. / Akane, Masataka; Nogami, Yasuyuki; Morikawa, Yoshitaka.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E92-A, No. 2, 02.2009, p. 508-516.

Research output: Contribution to journal › Article

Akane, M, Nogami, Y & Morikawa, Y 2009, 'Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve', IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E92-A, no. 2, pp. 508-516. https://doi.org/10.1587/transfun.E92.A.508

Akane M, Nogami Y, Morikawa Y. Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2009 Feb;E92-A(2):508-516. https://doi.org/10.1587/transfun.E92.A.508

Akane, Masataka ; Nogami, Yasuyuki ; Morikawa, Yoshitaka. / Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2009 ; Vol. E92-A, No. 2. pp. 508-516.

@article{27ed14e02b7c43f0b8bb853fbe1b514f,

title = "Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve",

abstract = "This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2 = x3 + a, a ∈ Fp. For the curve, an isomorphic substitution from G2 C E(Fp 12) into G 2 in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30{\%} improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.",

keywords = "Ate pairing, Fast computing, Subfield arithmetic operation, Twist",

author = "Masataka Akane and Yasuyuki Nogami and Yoshitaka Morikawa",

year = "2009",

month = "2",

doi = "10.1587/transfun.E92.A.508",

language = "English",

volume = "E92-A",

pages = "508--516",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "2",

}

TY - JOUR

T1 - Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

AU - Akane, Masataka

AU - Nogami, Yasuyuki

AU - Morikawa, Yoshitaka

PY - 2009/2

Y1 - 2009/2

N2 - This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2 = x3 + a, a ∈ Fp. For the curve, an isomorphic substitution from G2 C E(Fp 12) into G 2 in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

AB - This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2 = x3 + a, a ∈ Fp. For the curve, an isomorphic substitution from G2 C E(Fp 12) into G 2 in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

KW - Ate pairing

KW - Fast computing

KW - Subfield arithmetic operation

KW - Twist

UR - http://www.scopus.com/inward/record.url?scp=70449513811&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70449513811&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.508

DO - 10.1587/transfun.E92.A.508

M3 - Article

VL - E92-A

SP - 508

EP - 516

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 2

ER -

Access to Document

10.1587/transfun.E92.A.508