Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

Masataka Akane; Yasuyuki Nogami; Yoshitaka Morikawa

doi:10.1587/transfun.E92.A.508

Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

Masataka Akane, Yasuyuki Nogami, Yoshitaka Morikawa

Research output: Contribution to journal › Article › peer-review

25 Citations (Scopus)

Abstract

This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y² = x³ + a, a ∈ F_p. For the curve, an isomorphic substitution from G₂ C E(F_p¹²) into G ₂ in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G₂ and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

Original language	English
Pages (from-to)	508-516
Number of pages	9
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E92-A
Issue number	2
DOIs	https://doi.org/10.1587/transfun.E92.A.508
Publication status	Published - Feb 2009

Keywords

Ate pairing
Fast computing
Subfield arithmetic operation
Twist

ASJC Scopus subject areas

Signal Processing
Computer Graphics and Computer-Aided Design
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1587/transfun.E92.A.508

Cite this

@article{27ed14e02b7c43f0b8bb853fbe1b514f,

title = "Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve",

abstract = "This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2 = x3 + a, a ∈ Fp. For the curve, an isomorphic substitution from G2 C E(Fp12) into G 2 in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.",

keywords = "Ate pairing, Fast computing, Subfield arithmetic operation, Twist",

author = "Masataka Akane and Yasuyuki Nogami and Yoshitaka Morikawa",

year = "2009",

month = feb,

doi = "10.1587/transfun.E92.A.508",

language = "English",

volume = "E92-A",

pages = "508--516",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "2",

}

TY - JOUR

T1 - Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

AU - Akane, Masataka

AU - Nogami, Yasuyuki

AU - Morikawa, Yoshitaka

PY - 2009/2

Y1 - 2009/2

N2 - This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2 = x3 + a, a ∈ Fp. For the curve, an isomorphic substitution from G2 C E(Fp12) into G 2 in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

AB - This paper presents implementation techniques of fast Ate pairing of embedding degree 12. In this case, we have no trouble in finding a prime order pairing friendly curve E such as the Barreto-Naehrig curve y2 = x3 + a, a ∈ Fp. For the curve, an isomorphic substitution from G2 C E(Fp12) into G 2 in subfield-twisted elliptic curve E(Fp2 ) speeds up scalar multiplications over G2 and wipes out denominator calculations in Miller's algorithm. This paper mainly provides about 30% improvement of the Miller's algorithm calculation using proper subfield arithmetic operations. Moreover, we also provide the efficient parameter settings of the BN curves. When p is a 254-bit prime, the embedding degree is 12, and the processor is Pentium4 (3.6 GHz), it is shown that the proposed algorithm computes Ate pairing in 13.3 milli-seconds including final exponentiation.

KW - Ate pairing

KW - Fast computing

KW - Subfield arithmetic operation

KW - Twist

UR - http://www.scopus.com/inward/record.url?scp=70449513811&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70449513811&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.508

DO - 10.1587/transfun.E92.A.508

M3 - Article

AN - SCOPUS:70449513811

VL - E92-A

SP - 508

EP - 516

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 2

ER -

Fast Ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this