Hostname: page-component-586b7cd67f-l7hp2 Total loading time: 0 Render date: 2024-11-24T10:48:56.490Z Has data issue: false hasContentIssue false

On Small Characteristic Algebraic Tori in Pairing-Based Cryptography

Published online by Cambridge University Press:  01 February 2010

R. Granger
Affiliation:
University of Bristol, Department of Computer Science, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom, [email protected]
D. Page
Affiliation:
University of Bristol, Department of Computer Science, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom, [email protected], http://www.cs.bris.ac.uk/~page/
M. Stam
Affiliation:
EPFL – IC –LACAL, Station 14, INJ 3.33, CH-1015 Lausanne, Switzerland, [email protected]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

The value ot the late pairing on an elliptic curve over a finite field may be viewed as an element of an algebraic torus. Using this simple observation, we transfer techniques recently developed for torus-based cryptography to pairing-based cryptography, resulting in more efficient computations, and lower bandwidth requirements. To illustrate the efficacy of this approach, we apply the method to pairings on supersingular elliptic curves in characteristic three.

Type
Research Article
Copyright
Copyright © London Mathematical Society 2006

References

1. Barreto, P., Galbraith, S., Héigeartaigh, C. Ó and Scott, M., ‘Efficient pairing computation on supersingular abelian varieties’, Cryptology ePrint Archive, Report 2004/375, http://eprint.iacr.org/2004/375.Google Scholar
2. Barreto, P., Kim, H., Lynn, B. and Scott, M., ‘Efficient algorithms for pairing-based cryptosyste’, Advances in cryptology (CRYPTO 2002), Lecture Notes in Comput. Sci. 2442 (Springer, 2002) 354368.CrossRefGoogle Scholar
3. Boneh, D. and Boyen, X., ‘Efficient selective-ID secure identity-based encryption without random oracles’, Advances in cryptology (EUROCRYPT 2004), Lecture Notes in Comput. Sci. 3027 (Springer, 2004) 223238.CrossRefGoogle Scholar
4. Boneh, D., Boyen, X. and Shacham, H., ‘Short group signatures’, Advances in cryptology (CRYPTO 2004), Lecture Notes in Comput. Sci. 3152 (Springer, 2004) 4155.CrossRefGoogle Scholar
5. Boneh, D. and Franklin, M., ‘Identity-based encryption from the Weil pairing’, SIAM J. Comput., 32 (2003) 586615.CrossRefGoogle Scholar
6. Boneh, D., Lynn, B. and Shacham, H., ‘Short signatures from the Weil pairing’, Advances in cryptology (ASIACRYPT 2001), Lecture Notes in Comput. Sci. 2248 (Springer, 2001) 514532.CrossRefGoogle Scholar
7. Bosma, W., Hutton, J. and Verheul, E., ‘Looking beyond XTR’, Advances in cryptology (ASIACRYPT2002), Lecture Notes in Comput. Sci. 2501 (Springer, 2002) 4663.Google Scholar
8. Clark, W. and Liang, J., ‘On arithmetic weight for a general radix representation of integers’, IEEE Trans. Inform. Theory 19 (1973) 823826.CrossRefGoogle Scholar
9. Cohen, H., Mivaji, A. and Ono, T., ‘Efficient elliptic curve exponentiation using mixed coordinates’, Advances in cryptology (ASIACRYPT 1998), Lecture Notes in Comput. Sci. 1514 (Springer, 1998) 5165.Google Scholar
10. Coppersmith, D., ‘Evaluating logarithms in GF(2n)’, 16th ACM Symp. Theory of Computing (1984) 201–107.Google Scholar
11. Coppersmith, D., ‘Fast evaluation of logarithms in fields of characteristic two’, IEEE Trans. Inform. Theory, 30 (July 1984) 587594.CrossRefGoogle Scholar
12. Dutta, R., Barua, R. and Sarkar, P., ‘Pairing-based cryptographic protocols: a survey’, Cryptology ePrint Archive, Report 2004/064, http://eprint.iacr.org/2004/064.CrossRefGoogle Scholar
13. Duursma, I. and Lee, H., ‘Tate pairing implementation for hyperelliptic curves y2 = xp − x + d’, Advances in cryptology (ASIACRYPT 2003), Lecture Notes in Comput. Sci. 2894 (Springer, 2003) 111123.CrossRefGoogle Scholar
14. ElGamal, T., ‘A public key cryptosystem and a signature scheme based on discrete logarithms’, IEEE Trans. Inform. Theory 31 (1985) 469472.Google Scholar
15. Frey, G. and Ruck, H., ‘A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves’, Math. Comput. 62 (1994) 865874.Google Scholar
16. Galbraith, S., Supersingular curves in cryptography’, Advances in cryptology (ASIACRYPT 2001), Lecture Notes in Comput. Sci. 2248 (Springer, 2001) 495513.CrossRefGoogle Scholar
17. Galbraith, S., Harrison, K. and Soldera, D., ‘Implementing the Tate pairing’, Proc. ANTS V, Lecture Notes in Comput. Sci. 2369 (2002) 324337.Google Scholar
18. Gallant, R., Lambert, J. and Vanstone, S., ‘Faster point multiplication on elliptic curves with efficient endomorphisms’, Advances in cryptology (CRYPTO 2001), Lecture Notes in Comput. Sci. 2139 (Springer, 2001) 190200.CrossRefGoogle Scholar
19. Gao, S., ‘Normal bases over finite fields’, PhD Thesis, Waterloo University, 1993.Google Scholar
20. Gaudry, P., ‘Index calculus for abelian varieties and the elliptic curve discrete logarithm problem’, Cryptology ePrint Archive, Report 2004/073, http://eprint.iacr.org/2004/073.Google Scholar
21. Gentry, C., ‘Certificate-based encryption and the certificate revocation problem’, Advances in cryptology (EUROCRYPT 2003), Lecture Notes in Comput. Sci. 2656 (Springer, 2003) 272293.CrossRefGoogle Scholar
22. Golle, P. and Juels, A., ‘Dining cryptographers revisited’, Advances in cryptology (EUROCRYPT 2004), Lecture Notes in Comput. Sci. 3027 (Springer, 2004) 456473.CrossRefGoogle Scholar
23. Granger, R., ‘Estimates for discrete logarithm computations in finite fields of small characteristic’, Cryptography and coding, Lecture Notes in Comput. Sci. 2898 (Springer, 2003) 190206.CrossRefGoogle Scholar
24. Granger, R., Holt, A., Page, D., Smart, N. and Vercauteren, F., ‘Function field sieve in characteristic three’, Proc. ANTS VI, Lecture Notes in Comput. Sci. 3076 (Springer, 2004) 223234.Google Scholar
25. Granger, R., Page, D. and Stam, M., ‘A Comparison of CEILIDH and XTR’, Proc. ANTS VI, Lecture Notes in Comput. Sci. 3076 (Springer, 2004) 235249.Google Scholar
26. Granger, R., Page, D. and Stam, M., ‘On small characteristic algebraic tori in pairing-based cryptography’, Cryptology ePrint Archive, Report 2004/132, http://eprint.iacr.org/2004/132.Google Scholar
27. Harrison, K., Page, D. and Smart, N.P., ‘Software implementation of finite fields of characteristic three, for use in pairing based cryptosysteins’, LMS J. Comput. Math., 5 (2002) 181193. http://www.lms.ac.Uk/jcm/5/lms2002-002.Google Scholar
28. Hess, F., ‘Efficient identity based signature schemes based on pairings’, Selected areas in cryptography (SAC 2002), Lecture Notes in Comput. Sci. 2595 (Springer, 2003) 310324.CrossRefGoogle Scholar
29. Joux, A., ‘A one round protocol for tripartite Diffie–Hellman’, Proc. ANTS IV, Lecture Notes in Comput. Sci. 1838 (Springer, 2000) 385394.Google Scholar
30. Koblitz, N., ‘An elliptic curve implementation of the finite field digital signature algorithm’, Advances in cryptology (CRYPTO 98), Lecture Notes in Comput. Sci. 1462 (Springer, 1998) 327337.CrossRefGoogle Scholar
31. Kwon, S., ‘Efficient Tate pairing computation for elliptic curves over binary fields’, Proc. ACISP 2005, Lecture Notes in Comput. Sci. 3574 (Springer, 2005) 134145.Google Scholar
32. Lenstra, A., ‘Using cyclotomic polynomials to construct efficient discrete logarithm cryptosystems over finite fields’, Proc. ACISP97, Lecture Notes in Comput. Sci. 1270 (Springer, 1997) 127138.Google Scholar
33. Lenstra, A. and Verheul, E., ‘The XTR public key system’, Advances in cryptology (CRYPTO 2000), Lecture Notes in Comput. Sci. 1880 (Springer, 2000) 119.CrossRefGoogle Scholar
34. López, J. and Dahab, R., ‘High speed software multiplication in ’, Progress in cryptography (INDOCRYPT 2000), Lecture Notes in Comput. Sci. 1977 (Springer, 2000) 203212.CrossRefGoogle Scholar
35. Menezes, A.J., Oorschot, P.C. van and Vanstone, S.A., Handbook of applied cryptography (CRC Press, 1997).Google Scholar
36. Miller, V., ‘Short programs for functions on curves’, unpublished manuscript, 1986, available from http://crypto.stanford.edu/miller/miller.pdf.Google Scholar
37. Ning, P. and Yin, Y.L., ‘Efficient software implementation for finite field multiplication in normal basis’, Information and communications security (ICICS), Lecture Notes in Comput. Sci. 2229 (Springer, 2001) 177188.CrossRefGoogle Scholar
38. Nöcker, M., ‘Data structures for parallel exponentiation in finite fields’, PhD Thesis, Universität Paderborn, 2001.Google Scholar
39. Pohlig, G. and Hellman, M., ‘An improved algorithm for computing discrete logarithms over GF(p) and its cryptographic significance’, IEEE Trans. Inform. Theory 24 (1978) 106110.Google Scholar
40. Masoleh, A. Reyhani- and Hasan, M.A., ‘Fast normal basis multiplication using general purpose processors’, Selected areas in cryptography (SAC 2001), Lecture Notes in Comput. Sci. 2259 (Springer, 2001) 230244.CrossRefGoogle Scholar
41. Rubin, K. and Silverberg, A., ‘Supersingular abelian varieties in cryptology’, Advances in cryptology (CRYPTO 2002), Lecture Notes in Comput. Sci. 2442 (Springer, 2002) 336353.CrossRefGoogle Scholar
42. Rubin, K. and Silverberg, A., ‘Torus-based cryptography’, Advances in cryptology (CRYPTO 2003), Lecture Notes in Comput. Sci. 2729 (Springer, 2003) 349365.CrossRefGoogle Scholar
43. Rubin, K. and Silverberg, A., ‘Using primitive subgroups to do more with fewer bits’, Algorithm number theory (ANTS-VI), Lecture Notes in Comput. Sci. 3076 (Springer, 2004) 1841.CrossRefGoogle Scholar
44. Sakai, R., Ohgishi, K. and Kasahara, M., ‘Cryptosystems based on pairings’, Symposium on Cryptography and Information Security 2000 (SCIS2000), Okinawa. Japan. Jan 26–28, 2000.Google Scholar
45. Scott, M., ‘Authenticated ID-based key exchange and remote log-in with insecure token and PIN number’, Cryptology ePrint Archive, Report 2002/164, http://eprint.iacr.org/2002/164.Google Scholar
46. Scott, M. and Barreto, P., ‘Compressed pairings’, Advances in cryptology (CRYPTO 2004), Lecture Notes in Comput. Sci. 3152 (Springer, 2004) 140156.CrossRefGoogle Scholar
47. Semaev, I., ‘Summation polynomials and the discrete logarithm problem on elliptic curves’, Cryptology ePrint Archive, Report 2004/031, http://eprint.iacr.org/2004/031.Google Scholar
48. Silverman, J., The arithmetic of elliptic curves, Grad. Texts in Math. 106 (Springer, 1986).CrossRefGoogle Scholar
49. Smith, P. and Skinner, C., ‘A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms’, Advances in cryptology (ASIACRYPT 1995), Lecture Notes in Comput. Sci. 917 (Springer, New York, 1995) 357364.Google Scholar
50. Solinas, J.A., ‘Low-weight binary representations for pairs of integers’, University of Waterloo, Technical Report CORR 2001-41.Google Scholar
51. Stam, M. and Lenstra, A., ‘Speeding up XTR’, Advances in cryptology (ASIACRYPT 2001), Lecture Notes in Comput. Sci. 2248 (Springer, 2001) 125143.CrossRefGoogle Scholar
52. Stam, M. and Lenstra, A., ‘Efficient subgroup exponentiation in quadratic and sixth degree extensions’, Cryptographic hardware and embedded systems (CHES 2002), Lecture Notes in Comput. Sci. 2523 (Springer, 2002) 318332.CrossRefGoogle Scholar
53. Straus, E.G., ‘Problems and solutions: (5125) Addition chains of vectors’, Amer. Math. Monthly 71 (1964) 806808.Google Scholar
54. Voskresenskiĭ, V.E., Algebraic groups and their birational invariants, Transl. Math. Monogr. 179 (Amer. Math. Soc., Providence, RI, 1998).Google Scholar