Welcome to the resource topic for 2019/814
Title:
Faster Subgroup Checks for BLS12-381
Authors: Sean Bowe
Abstract:Pairing-friendly elliptic curve constructions provide two elliptic curve groups which are both of prime order q and usually each have a nontrivial cofactor h. Due to the way these curves are typically constructed, endomorphisms can be applied to perform fast cofactor multiplication. However, cofactor multiplication is sometimes insufficient for dealing with cofactors, such as with malleability attacks. In this brief note, we describe efficient techniques for checking that points exist within the correct q-order subgroups of the BLS12-381 elliptic curve construction, which is the focus of standardization for pairing-based protocols. Instead of multiplying by q and comparing the point with the identity, we use endomorphisms to eliminate the q-torsion while modifying (but not killing) the h-torsion components. The result can then be compared against the identity.
ePrint: https://eprint.iacr.org/2019/814
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .