Paper 2011/465

Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings

Craig Costello, Kristin Lauter, and Michael Naehrig

Abstract

Barreto-Lynn-Scott (BLS) curves are a stand-out candidate for implementing high-security pairings. This paper shows that particular choices of the pairing-friendly search parameter give rise to four subfamilies of BLS curves, all of which offer highly efficient and implementation- friendly pairing instantiations. Curves from these particular subfamilies are defined over prime fields that support very efficient towering options for the full extension field. The coefficients for a specific curve and its correct twist are automat- ically determined without any computational effort. The choice of an extremely sparse search parameter is immediately reflected by a highly efficient optimal ate Miller loop and final exponentiation. As a resource for implementors, we give a list with examples of implementation-friendly BLS curves through several high-security levels.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Pairing-friendlyhigh-security pairingsBLS curves.
Contact author(s)
craig costello @ qut edu au
History
2011-10-14: last of 4 revisions
2011-08-29: received
See all versions
Short URL
https://ia.cr/2011/465
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2011/465,
      author = {Craig Costello and Kristin Lauter and Michael Naehrig},
      title = {Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings},
      howpublished = {Cryptology ePrint Archive, Paper 2011/465},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/465}},
      url = {https://eprint.iacr.org/2011/465}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.