Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

Yasuyuki Nogami; Yumi Sakemi; Hidehiro Kato; Masataka Akane; Yoshitaka Morikawa

doi:10.1587/transfun.E92.A.1859

Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

Yasuyuki Nogami, Yumi Sakemi, Hidehiro Kato, Masataka Akane, Yoshitaka Morikawa

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log₂ r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log₂ r⌋ to ⌊log₂(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log ₂χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

Original language	English
Pages (from-to)	1859-1867
Number of pages	9
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E92-A
Issue number	8
DOIs	https://doi.org/10.1587/transfun.E92.A.1859
Publication status	Published - Aug 2009

Keywords

Ate pairing
Miller's algorithm

ASJC Scopus subject areas

Signal Processing
Computer Graphics and Computer-Aided Design
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1587/transfun.E92.A.1859

Cite this

@article{38167fa017684b2f8208aaed203c1bad,

title = "Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve",

abstract = "It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log2 r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log2 r⌋ to ⌊log2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable {"}χ.{"} For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.",

keywords = "Ate pairing, Miller's algorithm",

author = "Yasuyuki Nogami and Yumi Sakemi and Hidehiro Kato and Masataka Akane and Yoshitaka Morikawa",

year = "2009",

month = aug,

doi = "10.1587/transfun.E92.A.1859",

language = "English",

volume = "E92-A",

pages = "1859--1867",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "8",

}

TY - JOUR

T1 - Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

AU - Nogami, Yasuyuki

AU - Sakemi, Yumi

AU - Kato, Hidehiro

AU - Akane, Masataka

AU - Morikawa, Yoshitaka

PY - 2009/8

Y1 - 2009/8

N2 - It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log2 r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log2 r⌋ to ⌊log2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

AB - It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log2 r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log2 r⌋ to ⌊log2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

KW - Ate pairing

KW - Miller's algorithm

UR - http://www.scopus.com/inward/record.url?scp=84881008209&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84881008209&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.1859

DO - 10.1587/transfun.E92.A.1859

M3 - Article

AN - SCOPUS:84881008209

VL - E92-A

SP - 1859

EP - 1867

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 8

ER -

Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this