x-superoptimal pairings on elliptic curves with odd prime embedding degrees: BW13-P310 and BW19-P286

IF 0.6 4区工程技术 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

Applicable Algebra in Engineering Communication and Computing Pub Date : 2023-02-16 DOI:10.1007/s00200-023-00596-5

Emmanuel Fouotsa, Laurian Azebaze Guimagang, Raoul Ayissi

{"title":"x-superoptimal pairings on elliptic curves with odd prime embedding degrees: BW13-P310 and BW19-P286","authors":"Emmanuel Fouotsa, Laurian Azebaze Guimagang, Raoul Ayissi","doi":"10.1007/s00200-023-00596-5","DOIUrl":null,"url":null,"abstract":"<div>The choice of the elliptic curve for a given pairing based protocol is primordial. For many cryptosystems based on pairings such as group signatures and their variants (EPID, anonymous attestation, etc) or accumulators, operations in the first pairing group \\(\\mathbb {G}\\) of points of the elliptic curve is more predominant. At 128-bit security level two curves BW13-P310 and BW19-P286 with odd embedding degrees 13 and 19 suitable for super optimal pairing have been recommended for such pairing based protocols. But a prime embedding degree (\\(k=13;19\\)) eliminates some important optimisation for the pairing computation. However The Miller loop length of the superoptimal pairing is the half of that of the optimal ate pairing but involve more exponentiations that affect its efficiency. In this work, we successfully develop methods and construct algorithms to efficiently evaluate and avoid heavy exponentiations that affect the efficiency of the superoptimal pairing. This leads to the definition of new bilinear and non degenerate pairing on BW13-P310 and BW19-P286 called x-superoptimal pairing where its Miller loop is about \\(15.3 \\%\\) and \\(39.8 \\%\\) faster than the one of the optimal ate pairing previously computed on BW13-P310 and BW19-P286 respectively.</div>","PeriodicalId":50742,"journal":{"name":"Applicable Algebra in Engineering Communication and Computing","volume":"36 2","pages":"153 - 171"},"PeriodicalIF":0.6000,"publicationDate":"2023-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s00200-023-00596-5.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applicable Algebra in Engineering Communication and Computing","FirstCategoryId":"5","ListUrlMain":"https://link.springer.com/article/10.1007/s00200-023-00596-5","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

The choice of the elliptic curve for a given pairing based protocol is primordial. For many cryptosystems based on pairings such as group signatures and their variants (EPID, anonymous attestation, etc) or accumulators, operations in the first pairing group \(\mathbb {G}\) of points of the elliptic curve is more predominant. At 128-bit security level two curves BW13-P310 and BW19-P286 with odd embedding degrees 13 and 19 suitable for super optimal pairing have been recommended for such pairing based protocols. But a prime embedding degree (\(k=13;19\)) eliminates some important optimisation for the pairing computation. However The Miller loop length of the superoptimal pairing is the half of that of the optimal ate pairing but involve more exponentiations that affect its efficiency. In this work, we successfully develop methods and construct algorithms to efficiently evaluate and avoid heavy exponentiations that affect the efficiency of the superoptimal pairing. This leads to the definition of new bilinear and non degenerate pairing on BW13-P310 and BW19-P286 called x-superoptimal pairing where its Miller loop is about \(15.3 \%\) and \(39.8 \%\) faster than the one of the optimal ate pairing previously computed on BW13-P310 and BW19-P286 respectively.

查看原文本刊更多论文

奇素数嵌入度椭圆曲线BW13-P310和BW19-P286上的x超优配对

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Applicable Algebra in Engineering Communication and Computing 工程技术-计算机：跨学科应用

CiteScore

2.90

自引率

14.30%

发文量

审稿时长

>12 weeks

期刊介绍： Algebra is a common language for many scientific domains. In developing this language mathematicians prove theorems and design methods which demonstrate the applicability of algebra. Using this language scientists in many fields find algebra indispensable to create methods, techniques and tools to solve their specific problems. Applicable Algebra in Engineering, Communication and Computing will publish mathematically rigorous, original research papers reporting on algebraic methods and techniques relevant to all domains concerned with computers, intelligent systems and communications. Its scope includes, but is not limited to, vision, robotics, system design, fault tolerance and dependability of systems, VLSI technology, signal processing, signal theory, coding, error control techniques, cryptography, protocol specification, networks, software engineering, arithmetics, algorithms, complexity, computer algebra, programming languages, logic and functional programming, algebraic specification, term rewriting systems, theorem proving, graphics, modeling, knowledge engineering, expert systems, and artificial intelligence methodology. Purely theoretical papers will not primarily be sought, but papers dealing with problems in such domains as commutative or non-commutative algebra, group theory, field theory, or real algebraic geometry, which are of interest for applications in the above mentioned fields are relevant for this journal. On the practical side, technology and know-how transfer papers from engineering which either stimulate or illustrate research in applicable algebra are within the scope of the journal.