Cryptology ePrint Archive: Report 2007/390

Implementing Cryptographic Pairings over Barreto-Naehrig Curves

Augusto Jun Devegili and Michael Scott and Ricardo Dahab

Abstract: In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard 32-bit PC and on a 32-bit smartcard. First we introduce a sub-family of such curves with a particularly simple representation. Next we consider the issues that arise in the efficient implementation of field arithmetic in $\F_{p^{12}}$, which is crucial to good performance. Various optimisations are suggested, including a novel approach to the `final exponentiation', which is faster and requires less memory than the methods previously recommended.

Category / Keywords: implementation /

Publication Info: Corrected and Improved version of paper from Pairing 2007, Tokyo, Japan, LNCS 4575

Date: received 4 Oct 2007, last revised 31 Oct 2008

Contact author: mike at computing dcu ie

Available format(s): PDF | BibTeX Citation

Note: An implementation error resulting in inflated execution times has been fixed. Use of projective coordinates improves Ate pairing timings.

Version: 20081031:125500 (All versions of this report)

Short URL: ia.cr/2007/390

Discussion forum: Show discussion | Start new discussion