Institutional Repository
| analysis of optimum pairing products at high security levels | |
| Zhang Xusheng; Lin Dongdai | |
| 2012 | |
| Conference Name | 13th International Conference on Cryptology in India, INDOCRYPT 2012 |
| Source | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Pages | 412-430 |
| Conference Date | December 9, 2012 - December 12, 2012 |
| Conference Place | Kolkata, India |
| Indexed Type | EI |
| ISSN | 0302-9743 |
| ISBN | 9783642349300 |
| Department | (1) Institute of Software Chinese Academy of Sciences Beijing 100190 China; (2) University of Chinese Academy of Sciences Beijing 100049 China; (3) Institute of Information Engineering Chinese Academy of Sciences Beijing 100093 China |
| English Abstract | In modern pairing implementations, considerable researches target at the optimum pairings at different security levels. However, in many cryptographic protocols, computing products or quotients of pairings is needed instead of computing single pairings. In this paper, we mainly analyze the computations of fast pairings on Kachisa-Schaefer-Scott curves with embedding degree 16 (KSS16) for the 192-bit security and Barreto-Lynn-Scott curves with embedding degree 27 (BLS27) for the 256-bit security, and then compare the cost estimations for implementing products and quotients of pairings at the 192 and 256-bit security levels. Being different from implementing single pairings, our results show that KSS16 curves could be most efficient for computing products or quotients of pairings for the 192-bit security; and for the 256-bit security, BLS27 curves might be more efficient for computing products of no less than 25 pairings, otherwise BLS24 curves are much more efficient. In addition, for the fast pairing computation on BLS27 curves, we propose faster Miller formulas in both affine and projective coordinates on curves with only cubic twist and embedding degree divisible by 3. © Springer-Verlag 2012.; In modern pairing implementations, considerable researches target at the optimum pairings at different security levels. However, in many cryptographic protocols, computing products or quotients of pairings is needed instead of computing single pairings. In this paper, we mainly analyze the computations of fast pairings on Kachisa-Schaefer-Scott curves with embedding degree 16 (KSS16) for the 192-bit security and Barreto-Lynn-Scott curves with embedding degree 27 (BLS27) for the 256-bit security, and then compare the cost estimations for implementing products and quotients of pairings at the 192 and 256-bit security levels. Being different from implementing single pairings, our results show that KSS16 curves could be most efficient for computing products or quotients of pairings for the 192-bit security; and for the 256-bit security, BLS27 curves might be more efficient for computing products of no less than 25 pairings, otherwise BLS24 curves are much more efficient. In addition, for the fast pairing computation on BLS27 curves, we propose faster Miller formulas in both affine and projective coordinates on curves with only cubic twist and embedding degree divisible by 3. © Springer-Verlag 2012. |
| Keyword | Cryptography |
| Sponsorship | Defence Research and Developement Organization (D.R.D.O.); Google Inc.; Microsoft Research; National Board of Higher Mathematics (N.B.H.M.); Reserve Bank of India (R.B.I.); Tata Consultancy Services (T.C.S.) |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/15823 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Zhang Xusheng,Lin Dongdai. analysis of optimum pairing products at high security levels[C],2012:412-430. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment