Welcome to the resource topic for 2024/517
Title:
Fast pairings via biextensions and cubical arithmetic
Authors: Damien Robert
Abstract:Biextensions associated to line bundles on abelian varieties allows to reinterpret the usual Weil, Tate, Ate, optimal Ate, \ldots, pairings as monodromy pairings. We introduce a cubical arithmetic, derived from the canonical cubical torsor structure of these line bundles, to obtain an efficient arithmetic of these biextensions.
This unifies and extends Miller’s standard algorithm to compute pairings along with other algorithms like elliptic nets and theta functions, and allows to adapt these algorithms to pairings on any model of abelian varieties with a polarisation \Phi_D, as long as we have an explicit theorem of the square for D.
In particular, we give explicit formulas for the arithmetic of the biextension (and cubical torsor structure) associated to the divisor D=2(0_E) on an elliptic curve. We derive very efficient pairing formulas on elliptic curves and Kummer lines. Notably for generic pairings on Montgomery curves, our cubical biextension ladder algorithm to compute pairings costs only 15M by bits, which as far as I know is faster than any pairing doubling formula in the literature.
ePrint: https://eprint.iacr.org/2024/517
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .