ISCAS OpenIR
analysis of optimum pairing products at high security levels
Zhang Xusheng; Lin Dongdai
2012
会议名称13th International Conference on Cryptology in India, INDOCRYPT 2012
会议录名称Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
页码412-430
会议日期December 9, 2012 - December 12, 2012
会议地点Kolkata, India
收录类别EI
ISSN0302-9743
ISBN9783642349300
部门归属(1) Institute of Software Chinese Academy of Sciences Beijing 100190 China; (2) University of Chinese Academy of Sciences Beijing 100049 China; (3) Institute of Information Engineering Chinese Academy of Sciences Beijing 100093 China
摘要In modern pairing implementations, considerable researches target at the optimum pairings at different security levels. However, in many cryptographic protocols, computing products or quotients of pairings is needed instead of computing single pairings. In this paper, we mainly analyze the computations of fast pairings on Kachisa-Schaefer-Scott curves with embedding degree 16 (KSS16) for the 192-bit security and Barreto-Lynn-Scott curves with embedding degree 27 (BLS27) for the 256-bit security, and then compare the cost estimations for implementing products and quotients of pairings at the 192 and 256-bit security levels. Being different from implementing single pairings, our results show that KSS16 curves could be most efficient for computing products or quotients of pairings for the 192-bit security; and for the 256-bit security, BLS27 curves might be more efficient for computing products of no less than 25 pairings, otherwise BLS24 curves are much more efficient. In addition, for the fast pairing computation on BLS27 curves, we propose faster Miller formulas in both affine and projective coordinates on curves with only cubic twist and embedding degree divisible by 3. © Springer-Verlag 2012.; In modern pairing implementations, considerable researches target at the optimum pairings at different security levels. However, in many cryptographic protocols, computing products or quotients of pairings is needed instead of computing single pairings. In this paper, we mainly analyze the computations of fast pairings on Kachisa-Schaefer-Scott curves with embedding degree 16 (KSS16) for the 192-bit security and Barreto-Lynn-Scott curves with embedding degree 27 (BLS27) for the 256-bit security, and then compare the cost estimations for implementing products and quotients of pairings at the 192 and 256-bit security levels. Being different from implementing single pairings, our results show that KSS16 curves could be most efficient for computing products or quotients of pairings for the 192-bit security; and for the 256-bit security, BLS27 curves might be more efficient for computing products of no less than 25 pairings, otherwise BLS24 curves are much more efficient. In addition, for the fast pairing computation on BLS27 curves, we propose faster Miller formulas in both affine and projective coordinates on curves with only cubic twist and embedding degree divisible by 3. © Springer-Verlag 2012.
关键词Cryptography
主办者Defence Research and Developement Organization (D.R.D.O.); Google Inc.; Microsoft Research; National Board of Higher Mathematics (N.B.H.M.); Reserve Bank of India (R.B.I.); Tata Consultancy Services (T.C.S.)
语种英语
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/15823
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Zhang Xusheng,Lin Dongdai. analysis of optimum pairing products at high security levels[C],2012:412-430.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Zhang Xusheng]的文章
[Lin Dongdai]的文章
百度学术
百度学术中相似的文章
[Zhang Xusheng]的文章
[Lin Dongdai]的文章
必应学术
必应学术中相似的文章
[Zhang Xusheng]的文章
[Lin Dongdai]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。