Journal of Mathematical Cryptology

Factor-4 and 6 compression of cyclotomic subgroups of and

Koray Karabina
  • Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1. E-mail:
Published Online: 2010-07-08 | DOI: https://doi.org/10.1515/jmc.2010.001


Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields 𝔽2 m and 𝔽3 m, respectively, have been used to implement pairing-based cryptographic protocols. The pairing values lie in certain prime-order subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m – 3m + 1, respectively, of the multiplicative groups and . It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the prime-order subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54% speed up over the fastest previously known exponentiation algorithm that uses factor-6 compressed representations.

Keywords.: Finite field compression; cyclotomic subgroups; pairing-based cryptography

Received: 2009-02-02

Revised: 2009-11-27

Published Online: 2010-07-08

Published in Print: 2010-07-01

Citation Information: Journal of Mathematical Cryptology, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, DOI: https://doi.org/10.1515/jmc.2010.001.

