Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Groups Complexity Cryptology

Managing Editor: Shpilrain, Vladimir / Weil, Pascal

Editorial Board: Ciobanu, Laura / Conder, Marston / Eick, Bettina / Elder, Murray / Fine, Benjamin / Gilman, Robert / Grigoriev, Dima / Ko, Ki Hyoung / Kreuzer, Martin / Mikhalev, Alexander V. / Myasnikov, Alexei / Perret, Ludovic / Roman'kov, Vitalii / Rosenberger, Gerhard / Sapir, Mark / Thomas, Rick / Tsaban, Boaz / Capell, Enric Ventura / Lohrey, Markus


CiteScore 2018: 0.80

SCImago Journal Rank (SJR) 2018: 0.368
Source Normalized Impact per Paper (SNIP) 2018: 1.061

Mathematical Citation Quotient (MCQ) 2017: 0.32

Online
ISSN
1869-6104
See all formats and pricing
More options …

Memory-saving computation of the pairing final exponentiation on BN curves

Sylvain Duquesne / Loubna Ghammam
  • IRMAR, UMR CNRS 6625, University of Rennes 1, France; and Laboratory of electronic and microelectronic, FSM, University of Monastir, Tunisia
  • Email
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
Published Online: 2016-04-09 | DOI: https://doi.org/10.1515/gcc-2016-0006

Abstract

Tate pairing computation is made of two steps. The first one, the Miller loop, is an exponentiation in the group of points of an elliptic curve. The second one, the final exponentiation, is an exponentiation in the multiplicative group of a large finite field extension. In this paper, we describe and improve efficient methods for computing the hardest part of this second step for the most popular curves in pairing-based cryptography, namely Barreto–Naehrig curves. We present the methods given in the literature and their complexities. However, the necessary memory resources are not always given whereas it is an important constraint in restricted environments for practical implementations. Therefore, we determine the memory resources required by these known methods and we present new variants which require less memory resources (up to 37 %). Moreover, some of these new variants are providing algorithms which are also more efficient than the original ones.

Keywords: BN curves; Tate pairing; final exponentiation; memory resources; addition chain

MSC: 11G07; 14G50; 14Q20; 94A60

References

  • 1

    D. F. Aranha, P. S. L. M. Barreto, P. Longa and J. E. Ricardini, The realm of the pairings, Selected Areas in Cryptography (SAC 2013), Lecture Notes in Comput. Sci. 8282, Springer, Berlin (2014), 3–25. Google Scholar

  • 2

    D. F. Aranha, K. Karabina, P. Longa, C. H. Gebotys and J. López, Faster explicit formulas for computing pairings over ordinary curves, Advances in Cryptology (EUROCRYPT 2011), Lecture Notes in Comput. Sci. 6632, Springer, Berlin (2011), 48–68. Google Scholar

  • 3

    P. S. L. M. Barreto and M. Naehrig, Pairing-friendly elliptic curves of prime order, Selected Areas in Cryptography (SAC 2005), Lecture Notes in Comput. Sci. 3897, Springer, Berlin (2006), 319–331. Google Scholar

  • 4

    J. Beuchat, J. E. González-Díaz, S. Mitsunari, E. Okamoto, F. Rodríguez-Henríquez and T. Teruya, High-speed software implementation of the optimal Ate pairing over Barreto–Naehrig curves, Pairing-Based Cryptography (Pairing 2010), Lecture Notes in Comput. Sci. 6487, Springer, Berlin (2010), 21–39. Google Scholar

  • 5

    H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen and F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography, Discrete Math. Appl. (Boca Raton), Chapman & Hall/CRC, Boca Raton, 2006. Google Scholar

  • 6

    A. J. Devegili, M. Scott and R. Dahab, Implementing cryptographic pairings over Barreto–Naehrig curves, Pairing-Based Cryptography (Pairing 2007), Lecture Notes in Comput. Sci. 4575, Springer, Berlin (2007), 197–207. Google Scholar

  • 7

    S. Duquesne and L. Ghammam, https://cloud.sagemath.com/projects/332de229-174f-4d90-ae79-ca9d3b0fc1f7/files/Algorithms.sagews.

  • 8

    L. Fuentes-Castaneda, E. Knapp and F. Rodriguez-Henriquez, Faster hashing to 𝔾2, Selected Areas in Cryptography (SAC 2011), Lecture Notes in Comput. Sci. 7118, Springer, Berlin (2012), 412–430. Google Scholar

  • 9

    R. Granger, D. Page and N. P. Smart, High security pairing-based cryptography revisited, Algorithmic Number Theory Symposium (ANTS-VII), Lecture Notes in Comput. Sci. 4076, Springer, Berlin (2006), 480–494. Google Scholar

  • 10

    R. Granger and M. Scott, Faster squaring in the cyclotomic subgroup of sixth degree extensions, Public Key Cryptography (PKC 2010), Lecture Notes in Comput. Sci. 6056, Springer, Berlin (2010), 209–223. Google Scholar

  • 11

    L. Hu, J. Dong and D. Pei, Implementation of cryptosystems based on Tate pairing, J. Comput. Sci. Tech. 20 (2005), 2, 264–269. Google Scholar

  • 12

    M. Joye and J. J. Quisquater, Efficient computation of full Lucas sequences, Electron. Lett. 36 (1996), 6, 537–538. Google Scholar

  • 13

    M. Joye and S. Yen, The montgomery powering ladder, Cryptographic Hardware and Embedded Systems (CHES 2002), Lecture Notes in Comput. Sci. 2523, Springer, Berlin (2003), 291–302. Google Scholar

  • 14

    P. L. Montgomery, Speeding the Pollard and elliptic curve methods of factorization, Math. Comp. 48 (1987), 177, 243–264. Google Scholar

  • 15

    Y. Nogami, M. Akane, Y. Sakemi, H. Katou and Y. Morikawa, Integer variable chi-based Ate pairing, Pairing-Based Cryptography (Pairing 2008), Lecture Notes in Comput. Sci. 5209, Springer, Berlin (2008), 178–191. Google Scholar

  • 16

    J. Olivos, On vectorial addition chains, J. Algorithms 2 (1981), 1, 13–21. Google Scholar

  • 17

    M. Scott and P. S. L. M. Barreto, Compressed pairings, Advances in cryptology (CRYPTO 2004), Lecture Notes in Comput. Sci. 3152, Springer, Berlin (2004), 140–156. Google Scholar

  • 18

    M. Scott, N. Benger, M. Charlemagne, L. J. D. Perez and E. J. Kachisa, On the final exponentiation for calculating pairings on ordinary elliptic curves, Pairing-Based Cryptography (Pairing 2009), Lecture Notes in Comput. Sci. 5671, Springer, Berlin (2009), 78–88. Google Scholar

  • 19

    A. Sghaier, L. Ghammam, M. Zeghid, S. Duquesne, L. B. Abdelghani and M. Machhout, Area-efficient hardware implementation of the optimal Ate pairing over BN curves, IACR Cryptol. ePrint Arch. 2015 (2015), Paper No. 1100. Google Scholar

  • 20

    I. Smeets, A. K. Lenstra, H. Lenstra, L. Lovász and P. van Emde Boas, The history of the LLL-algorithm, The LLL Algorithm – Survey and Applications, Inf. Secur. Cryptography, Springer, Dordrecht (2010), 1–17. Google Scholar

  • 21

    M. Stam and A. K. Lenstra, Efficient subgroup exponentiation in quadratic and sixth degree extensions, Cryptographic Hardware and Embedded Systems (CHES 2002), Lecture Notes in Comput. Sci. 2523, Springer, Berlin (2002), 318–332. Google Scholar

  • 22

    T. Unterluggauer and E. Wenger, Efficient pairings and ECC for embedded systems, Cryptographic Hardware and Embedded Systems (CHES 2014), Lecture Notes in Comput. Sci. 8731, Springer, Berlin (2014), 298–315. Google Scholar

  • 23

    The Sage Development Team, Sage Mathematics Software (Version SageMathCloud), 2015, https://cloud.sagemath.com/.

About the article

Received: 2015-03-25

Published Online: 2016-04-09

Published in Print: 2016-05-01


Funding Source: Association Nationale de la Recherche et de la Technologie

Award identifier / Grant number: ANR-12-BS01-0010-01 “PEACE”

Funding Source: Association Nationale de la Recherche et de la Technologie

Award identifier / Grant number: ANR-12-INSE-0014 “SIMPATIC”

Funding Source: Association Nationale de la Recherche et de la Technologie

Award identifier / Grant number: ANR-11-LABX-0020-01 “Centre Henri Lebesgue”

This work was supported in part by French projects ANR-12-BS01-0010-01 “PEACE”, ANR-12-INSE-0014 “SIMPATIC”, ANR-11-LABX-0020-01 “Centre Henri Lebesgue” and by the LIRIMA MACISA project.


Citation Information: Groups Complexity Cryptology, Volume 8, Issue 1, Pages 75–90, ISSN (Online) 1869-6104, ISSN (Print) 1867-1144, DOI: https://doi.org/10.1515/gcc-2016-0006.

Export Citation

© 2016 by De Gruyter.Get Permission

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

[1]
Anissa Sghaier, Medien Zeghid, Loubna Ghammam, Sylvain Duquesne, Mohsen Machhout, and Hassan Yousif Ahmed
Microprocessors and Microsystems, 2018
[2]
Emmanuel Fouotsa
Arab Journal of Mathematical Sciences, 2018
[3]
Loubna Ghammam and Emmanuel Fouotsa
Journal of Applied Mathematics and Computing, 2018
[4]
Sylvain Duquesne, Nadia El Mrabet, Safia Haloui, and Franck Rondepierre
Applicable Algebra in Engineering, Communication and Computing, 2017

Comments (0)

Please log in or register to comment.
Log in