2011
DOI: 10.1007/978-3-642-20465-4_5
|View full text |Cite
|
Sign up to set email alerts
|

Faster Explicit Formulas for Computing Pairings over Ordinary Curves

Abstract: Abstract. We describe e cient formulas for computing pairings on ordinary elliptic curves over prime elds. First, we generalize lazy reduction techniques, previously considered only for arithmetic in quadratic extensions, to the whole pairing computation, including towering and curve arithmetic. Second, we introduce a new compressed squaring formula for cyclotomic subgroups and a new technique to avoid performing an inversion in the nal exponentiation when the curve is parameterized by a negative integer. The … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

1
188
0
2

Year Published

2014
2014
2020
2020

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 135 publications
(191 citation statements)
references
References 30 publications
1
188
0
2
Order By: Relevance
“…Our results are more than 2 times faster than Bernstein et al's implementation using a Montgomery curve over F p [5] on the targeted x64 processors. In comparison with curvebased implementations on genus 2 curves or binary curves, we observe that our results are between 24%-26% faster than the genus 2 implementation by Bos et al [8], and between 19%-24% faster than the implementation by Oliveira et al [35] based on a binary GLS curve using the 2-GLV method 1 . Only the recent implementation by Bernstein et al [4], which uses the same genus 2 Kummer surface employed by Bos et al [8], is able to achieve a performance that is comparable to this work, with a result that is slightly slower on the Intel Ivy Bridge processor.…”
Section: Resultsmentioning
confidence: 47%
See 2 more Smart Citations
“…Our results are more than 2 times faster than Bernstein et al's implementation using a Montgomery curve over F p [5] on the targeted x64 processors. In comparison with curvebased implementations on genus 2 curves or binary curves, we observe that our results are between 24%-26% faster than the genus 2 implementation by Bos et al [8], and between 19%-24% faster than the implementation by Oliveira et al [35] based on a binary GLS curve using the 2-GLV method 1 . Only the recent implementation by Bernstein et al [4], which uses the same genus 2 Kummer surface employed by Bos et al [8], is able to achieve a performance that is comparable to this work, with a result that is slightly slower on the Intel Ivy Bridge processor.…”
Section: Resultsmentioning
confidence: 47%
“…6) if lazy reduction could be exploited in the curve arithmetic. This has been proven to be useful to formulas for the Weierstrass form [1], but unfortunately the technique cannot be advantageously exploited in the most efficient formulas for twisted Edwards (in this case, one should set rdcn = TRUE ). Squaring over F p 2 is computed using the complex method.…”
Section: Quadratic Extension Field Arithmeticmentioning
confidence: 99%
See 1 more Smart Citation
“…Therefore, researchers started to implement optimized pairing operations for desktop computers [1,6], for smart phones [20,31], and as dedicated hardware modules [16,24]. Cost-sensitive embedded applications however simply do not have the budget for such powerful application processors or 130-180 kGE of dedicated hardware.…”
Section: Introductionmentioning
confidence: 99%
“…These limitations motivated us to be the first to implement constant-runtime, side-channel protected optimal-Ate pairings using Barreto-Naehrig (BN) curves [4] on an ARM Cortex-M0+ [2,3] microprocessor 1 . The respective pairing runtime of 993 ms seems very promising as it is several times faster than related work 2 , but might be insufficient for interactive protocols as well.…”
Section: Introductionmentioning
confidence: 99%