Institutional Repository
| efficient pairing computation on ordinary elliptic curves of embedding degree 1 and 2 | |
| Zhang Xusheng; Lin Dongdai | |
| 2011 | |
| Conference Name | Cryptography and Coding 13th IMA International Conference, IMACC 2011 |
| Source | Cryptography and Coding |
| Pages | 309-326 |
| Conference Date | 2011 |
| Conference Place | Oxford UK |
| Indexed Type | SPRINGER ; EI |
| ISSN | 0302-9743 |
| ISBN | 978-3-642-25515-1 |
| Department | SKLOIS Institute of Software Chinese Academy of Sciences Beijing China |
| English Abstract | In pairing-based cryptography, most researches are focused on elliptic curves of embedding degrees greater than six, but less on curves of small embedding degrees, although they are important for pairing-based cryptography over composite-order groups. This paper analyzes efficient pairings on ordinary elliptic curves of embedding degree 1 and 2 from the point of shortening Miller’s loop. We first show that pairing lattices presented by Hess can be redefined on composite-order groups. Then we give a simpler variant of the Weil pairing lattice which can also be regarded as an Omega pairing lattice, and extend it to ordinary curves of embedding degree 1. In our analysis, the optimal Omega pairing, as the super-optimal pairing on elliptic curves of embedding degree 1 and 2, could be more efficient than Weil and Tate pairings. On the other hand, elliptic curves of embedding degree 2 are also very useful for pairings on elliptic curves over RSA rings proposed by Galbraith and McKee. So we analyze the construction of such curves over RSA rings, and redefine pairing lattices over RSA rings. Specially, modified Omega pairing lattices over RSA rings can be computed without knowing the RSA trapdoor. Furthermore, for keeping the trapdoor secret, we develop an original idea of evaluating pairings without leaking the group order.; In pairing-based cryptography, most researches are focused on elliptic curves of embedding degrees greater than six, but less on curves of small embedding degrees, although they are important for pairing-based cryptography over composite-order groups. This paper analyzes efficient pairings on ordinary elliptic curves of embedding degree 1 and 2 from the point of shortening Miller’s loop. We first show that pairing lattices presented by Hess can be redefined on composite-order groups. Then we give a simpler variant of the Weil pairing lattice which can also be regarded as an Omega pairing lattice, and extend it to ordinary curves of embedding degree 1. In our analysis, the optimal Omega pairing, as the super-optimal pairing on elliptic curves of embedding degree 1 and 2, could be more efficient than Weil and Tate pairings. On the other hand, elliptic curves of embedding degree 2 are also very useful for pairings on elliptic curves over RSA rings proposed by Galbraith and McKee. So we analyze the construction of such curves over RSA rings, and redefine pairing lattices over RSA rings. Specially, modified Omega pairing lattices over RSA rings can be computed without knowing the RSA trapdoor. Furthermore, for keeping the trapdoor secret, we develop an original idea of evaluating pairings without leaking the group order. |
| Keyword | Miller’ s Algorithm – Composite Order Pairing – Omega Pairing Lattices – Rsa Ring |
| Sponsorship | The Institute of Mathematics and its Applications; Cryptomathic Ltd.; Hewlett-Packard Laboratories; Vodafone Ltd. |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16235 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Zhang Xusheng,Lin Dongdai. efficient pairing computation on ordinary elliptic curves of embedding degree 1 and 2[C],2011:309-326. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment