This paper gives a method to compute eta pairings in a way which avoids the requirement for a final exponentiation. The method does not lead to any improvement in the speed of pairing implementation. However, it seems appropriate to re-evaluate the security of pairing based cryptography in light of these new ideas. A multivariate attack on the pairing inversion problem is proposed and analysed. Our findings support the belief that pairing inversion is a hard computational problem.
Category / Keywords: foundations / pairings Date: received 15 May 2006 Contact author: coheig at gmail com Available formats: PDF | BibTeX Citation Version: 20060516:193252 (All versions of this report) Discussion forum: Show discussion | Start new discussion