[Resource Topic] 2016/130: On the Computation of the Optimal Ate Pairing at the 192-bit Security Level

Welcome to the resource topic for 2016/130

Title:
On the Computation of the Optimal Ate Pairing at the 192-bit Security Level

Authors: Loubna Ghammam, Emmanuel Fouotsa

Abstract:

Barreto, Lynn and Scott elliptic curves of embedding degree 12 denoted BLS12 have been proven to present fastest results on the implementation of pairings at the 192-bit security level [1]. The computation of pairings in general involves the execution of the Miller algorithm and the final exponentiation. In this paper, we improve the complexity of these two steps up to 8% by searching an appropriate parameter. We compute the optimal ate pairing on BLS curves of embedding degree 12 and we also extend the same analysis to BLS curves with embedding degree 24. Furthermore, as many pairing based protocols are implemented on memory constrained devices such as SIM or smart cards, we describe an efficient algorithm for the computation of the final exponentiation less memory intensive with an improvement up to 25% with respect to the previous work.

ePrint: https://eprint.iacr.org/2016/130

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .