{"title":"BN曲线上配对最终幂的内存节省计算","authors":"S. Duquesne, Loubna Ghammam","doi":"10.1515/gcc-2016-0006","DOIUrl":null,"url":null,"abstract":"Abstract Tate pairing computation is made of two steps. The first one, the Miller loop, is an exponentiation in the group of points of an elliptic curve. The second one, the final exponentiation, is an exponentiation in the multiplicative group of a large finite field extension. In this paper, we describe and improve efficient methods for computing the hardest part of this second step for the most popular curves in pairing-based cryptography, namely Barreto–Naehrig curves. We present the methods given in the literature and their complexities. However, the necessary memory resources are not always given whereas it is an important constraint in restricted environments for practical implementations. Therefore, we determine the memory resources required by these known methods and we present new variants which require less memory resources (up to 37 %). Moreover, some of these new variants are providing algorithms which are also more efficient than the original ones.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"27 1","pages":"75 - 90"},"PeriodicalIF":0.1000,"publicationDate":"2016-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"Memory-saving computation of the pairing final exponentiation on BN curves\",\"authors\":\"S. Duquesne, Loubna Ghammam\",\"doi\":\"10.1515/gcc-2016-0006\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Tate pairing computation is made of two steps. The first one, the Miller loop, is an exponentiation in the group of points of an elliptic curve. The second one, the final exponentiation, is an exponentiation in the multiplicative group of a large finite field extension. In this paper, we describe and improve efficient methods for computing the hardest part of this second step for the most popular curves in pairing-based cryptography, namely Barreto–Naehrig curves. We present the methods given in the literature and their complexities. However, the necessary memory resources are not always given whereas it is an important constraint in restricted environments for practical implementations. Therefore, we determine the memory resources required by these known methods and we present new variants which require less memory resources (up to 37 %). Moreover, some of these new variants are providing algorithms which are also more efficient than the original ones.\",\"PeriodicalId\":41862,\"journal\":{\"name\":\"Groups Complexity Cryptology\",\"volume\":\"27 1\",\"pages\":\"75 - 90\"},\"PeriodicalIF\":0.1000,\"publicationDate\":\"2016-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Groups Complexity Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1515/gcc-2016-0006\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"MATHEMATICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Groups Complexity Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1515/gcc-2016-0006","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"MATHEMATICS","Score":null,"Total":0}
Memory-saving computation of the pairing final exponentiation on BN curves
Abstract Tate pairing computation is made of two steps. The first one, the Miller loop, is an exponentiation in the group of points of an elliptic curve. The second one, the final exponentiation, is an exponentiation in the multiplicative group of a large finite field extension. In this paper, we describe and improve efficient methods for computing the hardest part of this second step for the most popular curves in pairing-based cryptography, namely Barreto–Naehrig curves. We present the methods given in the literature and their complexities. However, the necessary memory resources are not always given whereas it is an important constraint in restricted environments for practical implementations. Therefore, we determine the memory resources required by these known methods and we present new variants which require less memory resources (up to 37 %). Moreover, some of these new variants are providing algorithms which are also more efficient than the original ones.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
