Search Results

You are looking at 1 - 10 of 40 items :

  • "Tate pairing" x
  • Applied Mathematics x
Clear All

arithmetic on Hessian curves Public Key Cryptography – PKC 2010 Paris 2010 Lecture Notes in Comput. Sci. 6056 Springer Berlin 2010 243 260 9 D. Freeman, M. Scott and E. Teske, A taxonomy of pairing-friendly elliptic curves, J. Cryptology 23 (2010), 2, 224–280. Freeman D. Scott M. Teske E. A taxonomy of pairing-friendly elliptic curves J. Cryptology 23 2010 2 224 280 10 G. Frey, M. Müller and H. Rück, The tate pairing and the discrete logarithm applied to elliptic curve cryptosystems, IEEE Trans. Inform. Theory 45 (1999), 5, 1717–1719. Frey G. Müller M. Rück H. The tate

Abstract

This paper proposes the computation of the Tate pairing, Ate pairing and its variations on the special Jacobi quartic elliptic curve Y2=dX4+Z4. We improve the doubling and addition steps in Miller's algorithm to compute the Tate pairing. We use the birational equivalence between Jacobi quartic curves and Weierstrass curves, together with a specific point representation to obtain the best result to date among curves with quartic twists. For the doubling and addition steps in Miller's algorithm for the computation of the Tate pairing, we obtain a theoretical gain up to 27% and 39%, depending on the embedding degree and the extension field arithmetic, with respect to Weierstrass curves and previous results on Jacobi quartic curves. Furthermore and for the first time, we compute and implement Ate, twisted Ate and optimal pairings on the Jacobi quartic curves. Our results are up to 27% more efficient compared to the case of Weierstrass curves with quartic twists.

this pairing in cryptographic applications. Keywords. Tate pairing, Weil pairing, self-pairing, pairing based cryptography. 2010 Mathematics Subject Classification. 14G50, 11T71, 11G20, 14Q05. 1 Introduction A pairing is a non-degenerate bilinear map e W G1 G2 7! GT where G1;G2;GT are cyclic groups of prime order r (the first two are usually written additively, and the third multiplicatively). Such groups are found from elliptic or hyperelliptic curves and the pairing is usually the Tate–Lichtenbaum pairing or one of its variants. Pairings have found many

. Scott M. Faster squaring in the cyclotomic subgroup of sixth degree extensions Public Key Cryptography PKC 2010 Lecture Notes in Comput. Sci. 6056 Springer Berlin 2010 209 223 11 L. Hu, J. Dong and D. Pei, Implementation of cryptosystems based on Tate pairing, J. Comput. Sci. Tech. 20 (2005), 2, 264–269. Hu L. Dong J. Pei D. Implementation of cryptosystems based on Tate pairing J. Comput. Sci. Tech. 20 2005 2 264 269 12 M. Joye and J. J. Quisquater, Efficient computation of full Lucas sequences, Electron. Lett. 36 (1996), 6, 537–538. Joye M. Quisquater J. J

For which groups (of the same prime order p) used in cryp- tographic protocols and which values i, 1 ≤ i ≤ p− 1, do efficient algorithms for computing ei exist? More generally, G can be E[m]; for the Tate pairing, efficient algorithms with performance comparable to that of RSA have been found [21]. 9.1.3 Cocyclic codes Many good error-correcting block codes (see Chapter 3.2.1) are derived from v× v matrices M with entries in a commutative ring R with unity, which have in addition some internal structure. The rows themselves may form the code. For example, the rows

letting the ®- nite subgroup H 1f ;S…K;T † on T be the exact annihilator of H 1f ;S…K ;T† under the Tate pairing. This respects minimally rami®ed structures for p3 l; by [1], Proposition 3.8 it also respects crystalline structures if T nZl Ql is deRham. 1.1.5. Archimedean structures. We brie¯y consider the archimedean case. Let K denote either R or C and let T be an l-adic GK -module. The cohomology group H 1…K ;T† is trivial, so that there is only one choice for the ®nite/singular structure, unless K ˆ R and l ˆ 2. We refer to [37], Remark 1.3.7 for the natural

.6, states that if the abelian variety AF has semistable ordinary reduction at all the primes of F above p then the p-adic height pairing on AF defined using the unit-root splitting and the one of Mazur-Tate coincide. Let us now describe the idea of the proof. p-adic height pairings are the Qp-valued counterparts of the real-valued Néron-Tate height pairings on abelian varieties. As the Néron-Tate pairings they can be decomposed into local contributions, one for each finite place of the ground field F . At the places not dividing p, these local contributions are

the Cassels–Tate pairing equals that of the Artin–Verdier pairing ½a2; b 0, where b 0 A H 1 U ;TZ=nZðM Þ is a preimage of a 0. A diagram chasing now shows that a2 comes from ðcvÞ A L v AS H 1 kv;TZ=nZðMÞ . It follows that ½a2; b 0 equals the sum of the local pairings hcv; b 0viv for v A S, where b 0 v is the image of b 0 in H 1 kv;TZ=nZðM Þ . Our assumption that ha; a 0i ¼ 0 for all a 0 A D1ðU ;M Þ½n thus implies that ðcvÞ satisfies the assumptions of the lemma, and hence up to modifying it by an element of L v AS H0ðkv;MÞ (which does not change a), we may

field in one variable over a finite field, provided that one ignores the p-primary torsion part of the groups under consideration, where p ¼ char k. We leave the verification of this to the readers. 6. Comparison with the Cassels-Tate pairing In this section, we give a definition of the pairing of Theorem 0.2 purely in terms of Galois cohomology and show that in the case M ¼ ½0! A it reduces to the classical Cassels-Tate pairing for abelian varieties. The idea is to use the diminished cup-product construction discovered by Poonen and Stoll (see [20], pp. 1117