Paper 2007/390

Implementing Cryptographic Pairings over Barreto-Naehrig Curves

Augusto Jun Devegili, Michael Scott, and Ricardo Dahab

Abstract

In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard 32-bit PC and on a 32-bit smartcard. First we introduce a sub-family of such curves with a particularly simple representation. Next we consider the issues that arise in the efficient implementation of field arithmetic in $\F_{p^{12}}$, which is crucial to good performance. Various optimisations are suggested, including a novel approach to the `final exponentiation', which is faster and requires less memory than the methods previously recommended.

Note: An implementation error resulting in inflated execution times has been fixed. Use of projective coordinates improves Ate pairing timings.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Corrected and Improved version of paper from Pairing 2007, Tokyo, Japan, LNCS 4575
Contact author(s)
mike @ computing dcu ie
History
2008-10-31: revised
2007-10-04: received
See all versions
Short URL
https://ia.cr/2007/390
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/390,
      author = {Augusto Jun Devegili and Michael Scott and Ricardo Dahab},
      title = {Implementing Cryptographic Pairings over Barreto-Naehrig Curves},
      howpublished = {Cryptology ePrint Archive, Paper 2007/390},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/390}},
      url = {https://eprint.iacr.org/2007/390}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.