Paper 2016/403

On Instantiating Pairing-Based Protocols with Elliptic Curves of Embedding Degree One

Sanjit Chatterjee, Alfred Menezes, and Francisco Rodriguez-Henriquez

Abstract

Since the discovery of identity-based encryption schemes in 2000, bilinear pairings have been used in the design of hundreds of cryptographic protocols. The most commonly used pairings are constructed from elliptic curves over finite fields with small embedding degree. These pairings can have different security, performance, and functionality characteristics, and were therefore classified into Types 1, 2, 3 and 4. In this paper, we observe that this conventional classification is not applicable to pairings from elliptic curves with embedding degree one. It is important to understand the security, efficiency, and functionality of these pairings in light of recent attacks on certain pairings constructed from elliptic curves with embedding degree greater than one. We define three kinds of pairings from elliptic curves with embedding degree one, discuss some subtleties with using them to implement pairing-based protocols, and provide an estimated cost of implementing them on modern processors.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
ajmeneze @ uwaterloo ca
History
2016-11-11: revised
2016-04-25: received
See all versions
Short URL
https://ia.cr/2016/403
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/403,
      author = {Sanjit Chatterjee and Alfred Menezes and Francisco Rodriguez-Henriquez},
      title = {On Instantiating Pairing-Based Protocols with Elliptic Curves of Embedding Degree One},
      howpublished = {Cryptology ePrint Archive, Paper 2016/403},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/403}},
      url = {https://eprint.iacr.org/2016/403}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.