Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

Yasuyuki Nogami; Yumi Sakemi; Hidehiro Kato; Masataka Akane; Yoshitaka Morikawa

doi:10.1587/transfun.E92.A.1859

Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

Yasuyuki Nogami, Yumi Sakemi, Hidehiro Kato, Masataka Akane, Yoshitaka Morikawa

Research output: Contribution to journal › Article

4 Citations (Scopus)

Abstract

It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log₂ r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log₂ r⌋ to ⌊log₂(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log ₂χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

Original language	English
Pages (from-to)	1859-1867
Number of pages	9
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E92-A
Issue number	8
DOIs	https://doi.org/10.1587/transfun.E92.A.1859
Publication status	Published - Aug 2009

Fingerprint

Pairing

Curve

Integer

Optimization

Polynomials

Tate Pairing

Lower bound

Euler Function

Frobenius

Elliptic Curves

Trace

Optimise

Iteration

Polynomial

Simulation

Keywords

Ate pairing
Miller's algorithm

ASJC Scopus subject areas

Electrical and Electronic Engineering
Computer Graphics and Computer-Aided Design
Applied Mathematics
Signal Processing

Cite this

Nogami, Y., Sakemi, Y., Kato, H., Akane, M., & Morikawa, Y. (2009). Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E92-A(8), 1859-1867. https://doi.org/10.1587/transfun.E92.A.1859

Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve. / Nogami, Yasuyuki; Sakemi, Yumi; Kato, Hidehiro; Akane, Masataka; Morikawa, Yoshitaka.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E92-A, No. 8, 08.2009, p. 1859-1867.

Research output: Contribution to journal › Article

Nogami, Y, Sakemi, Y, Kato, H, Akane, M & Morikawa, Y 2009, 'Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve', IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E92-A, no. 8, pp. 1859-1867. https://doi.org/10.1587/transfun.E92.A.1859

Nogami Y, Sakemi Y, Kato H, Akane M, Morikawa Y. Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2009 Aug;E92-A(8):1859-1867. https://doi.org/10.1587/transfun.E92.A.1859

Nogami, Yasuyuki ; Sakemi, Yumi ; Kato, Hidehiro ; Akane, Masataka ; Morikawa, Yoshitaka. / Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve. In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2009 ; Vol. E92-A, No. 8. pp. 1859-1867.

@article{38167fa017684b2f8208aaed203c1bad,

title = "Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve",

abstract = "It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log2 r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log2 r⌋ to ⌊log2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable {"}χ.{"} For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.",

keywords = "Ate pairing, Miller's algorithm",

author = "Yasuyuki Nogami and Yumi Sakemi and Hidehiro Kato and Masataka Akane and Yoshitaka Morikawa",

year = "2009",

month = "8",

doi = "10.1587/transfun.E92.A.1859",

language = "English",

volume = "E92-A",

pages = "1859--1867",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "8",

}

TY - JOUR

T1 - Integer variable χ-based cross twisted Ate pairing and its optimization for Barreto-Naehrig curve

AU - Nogami, Yasuyuki

AU - Sakemi, Yumi

AU - Kato, Hidehiro

AU - Akane, Masataka

AU - Morikawa, Yoshitaka

PY - 2009/8

Y1 - 2009/8

N2 - It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log2 r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log2 r⌋ to ⌊log2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

AB - It is said that the lower bound of the number of iterations of Miller's algorithm for pairing calculation is log2 r/φ(k), where φ(·) is the Euler's function, r is the group order, and k is the embedding degree. Ate pairing reduced the number of the loops of Miller's algorithm of Tate pairing from ⌊log2 r⌋ to ⌊log2(t-1)⌋, where t is the Frobenius trace. Recently, it is known to systematically prepare a pairing-friendly elliptic curve whose parameters are given by a polynomial of integer variable "χ." For such a curve, this paper gives integer variable χ-based Ate (Xate) pairing that achieves the lower bound. In the case of the well-known Barreto-Naehrig pairing-friendly curve, it reduces the number of loops to ⌊log 2χ⌋. Then, this paper optimizes Xate pairing for Barreto-Naehrig curve and shows its efficiency based on some simulation results.

KW - Ate pairing

KW - Miller's algorithm

UR - http://www.scopus.com/inward/record.url?scp=84881008209&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84881008209&partnerID=8YFLogxK

U2 - 10.1587/transfun.E92.A.1859

DO - 10.1587/transfun.E92.A.1859

M3 - Article

AN - SCOPUS:84881008209

VL - E92-A

SP - 1859

EP - 1867

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 8

ER -

Access to Document

10.1587/transfun.E92.A.1859