Paper 2011/465
Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings
Craig Costello, Kristin Lauter, and Michael Naehrig
Abstract
Barreto-Lynn-Scott (BLS) curves are a stand-out candidate for implementing high-security pairings. This paper shows that particular choices of the pairing-friendly search parameter give rise to four subfamilies of BLS curves, all of which offer highly efficient and implementation- friendly pairing instantiations. Curves from these particular subfamilies are defined over prime fields that support very efficient towering options for the full extension field. The coefficients for a specific curve and its correct twist are automat- ically determined without any computational effort. The choice of an extremely sparse search parameter is immediately reflected by a highly efficient optimal ate Miller loop and final exponentiation. As a resource for implementors, we give a list with examples of implementation-friendly BLS curves through several high-security levels.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Pairing-friendlyhigh-security pairingsBLS curves.
- Contact author(s)
- craig costello @ qut edu au
- History
- 2011-10-14: last of 4 revisions
- 2011-08-29: received
- See all versions
- Short URL
- https://ia.cr/2011/465
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2011/465,
author = {Craig Costello and Kristin Lauter and Michael Naehrig},
title = {Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings},
howpublished = {Cryptology ePrint Archive, Paper 2011/465},
year = {2011},
note = {\url{https://eprint.iacr.org/2011/465}},
url = {https://eprint.iacr.org/2011/465}
}
