Implementing cryptographic pairings at standard security levels

Andreas Enge (INRIA Bordeaux - Sud-Ouest; IMB); J\'er\^ome Milan; (INRIA Futurs)

arXiv:1407.5953·math.NT·July 23, 2014

Implementing cryptographic pairings at standard security levels

Andreas Enge (INRIA Bordeaux - Sud-Ouest, IMB), J\'er\^ome Milan, (INRIA Futurs)

PDF

TL;DR

This paper demonstrates efficient implementation of cryptographic pairings at standard security levels, identifying suitable curves and algorithms for optimal performance in cryptographic applications.

Contribution

It provides a comprehensive implementation framework for cryptographic pairings, including curve selection, algorithm optimization, and security level recommendations.

Findings

01

Existence of optimal ate and twisted ate pairings for various security levels

02

Efficient evaluation methods for pairings using Miller's algorithm and addition-subtraction chains

03

Guidelines for selecting appropriate curves and pairings for different security requirements

Abstract

This study reports on an implementation of cryptographic pairings in a general purpose computer algebra system. For security levels equivalent to the different AES flavours, we exhibit suitable curves in parametric families and show that optimal ate and twisted ate pairings exist and can be efficiently evaluated. We provide a correct description of Miller's algorithm for signed binary expansions such as the NAF and extend a recent variant due to Boxall et al. to addition-subtraction chains. We analyse and compare several algorithms proposed in the literature for the final exponentiation. Finally, we ive recommendations on which curve and pairing to choose at each security level.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.