Polynomials for  Ate Pairing and $\mathbf{Ate}_{i}$ Pairing

Zhitu Su; Hui Li; JianFeng Ma

Paper 2008/202

Polynomials for Ate Pairing and ${Ate}_{i}$ Pairing

Zhitu Su, Hui Li, and JianFeng Ma

Abstract

The irreducible factor $r (x)$ of $Φ_{k} (u (x))$ and $u (x)$ are often used in constructing pairing-friendly curves. $u (x)$ and $u_{c} \equiv u (x)^{c} (\mod r (x))$ are selected to be the Miller loop control polynomial in Ate pairing and ${Ate}_{i}$ pairing. In this paper we show that when $4 | k$ or the minimal prime which divides $k$ is larger than $2$ , some $u (x)$ and $r (x)$ can not be used as curve generation parameters if we want pairing to be efficient. We also show that the Miller loop length can not reach the bound when we use the factorization of to generate elliptic curves.

Metadata

Available format(s): PDF PS
Category: Public-key cryptography
Publication info: Published elsewhere. Unknown where it was published
Contact author(s): ztsu @ mail xidian edu cn
History: 2008-05-12: received
Short URL: https://ia.cr/2008/202
License: CC BY

BibTeX

@misc{cryptoeprint:2008/202,
      author = {Zhitu Su and Hui Li and JianFeng Ma},
      title = {Polynomials for  Ate Pairing and $\mathbf{Ate}_{i}$ Pairing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/202},
      year = {2008},
      url = {https://eprint.iacr.org/2008/202}
}

Paper 2008/202

Polynomials for Ate Pairing and Atei Pairing

Abstract

Metadata

Polynomials for Ate Pairing and ${Ate}_{i}$ Pairing