Narcisse Bang Mbiang, Emmanuel Fouotsa, Diego F. Aranha
{"title":"Computing the optimal ate pairing over elliptic curves with embedding degrees 54 and 48 at the 256-bit security level","authors":"Narcisse Bang Mbiang, Emmanuel Fouotsa, Diego F. Aranha","doi":"10.1504/ijact.2020.10027563","DOIUrl":null,"url":null,"abstract":"Due to recent advances in the computation of finite fields discrete logarithms, the Barreto-Lynn-Scott family of elliptic curves of embedding degree 48 became suitable for instantiating pairing-based cryptography at the 256-bit security level. Observing the uncertainty around determining the constants that govern the best approach for computing discrete logarithms, Scott and Guillevic consider pairing-friendly elliptic curves of embedding degree higher than 50, and discovered a new family of elliptic curves with embedding degree 54. This work aims at investigating the theoretical and practical cost of both the Miller algorithm and the final exponentiation in the computation of the optimal ate pairing on the two aforementioned curves. Both our theoretical results, based on the operation counts of base-field operations, and our experimental observations collected from a real implementation, confirm that BLS48 curves remain the faster curve in the computation of the optimal ate pairing at the 256-bit security level.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Appl. Cryptogr.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijact.2020.10027563","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
Due to recent advances in the computation of finite fields discrete logarithms, the Barreto-Lynn-Scott family of elliptic curves of embedding degree 48 became suitable for instantiating pairing-based cryptography at the 256-bit security level. Observing the uncertainty around determining the constants that govern the best approach for computing discrete logarithms, Scott and Guillevic consider pairing-friendly elliptic curves of embedding degree higher than 50, and discovered a new family of elliptic curves with embedding degree 54. This work aims at investigating the theoretical and practical cost of both the Miller algorithm and the final exponentiation in the computation of the optimal ate pairing on the two aforementioned curves. Both our theoretical results, based on the operation counts of base-field operations, and our experimental observations collected from a real implementation, confirm that BLS48 curves remain the faster curve in the computation of the optimal ate pairing at the 256-bit security level.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
