Paper 2008/202

Polynomials for Ate Pairing and $\mathbf{Ate}_{i}$ Pairing

Zhitu Su, Hui Li, and JianFeng Ma

Abstract

The irreducible factor $r(x)$ of $\mathrm{\Phi}_{k}(u(x))$ and $u(x) $ are often used in constructing pairing-friendly curves. $u(x)$ and $u_{c} \equiv u(x)^{c} \pmod{r(x)}$ are selected to be the Miller loop control polynomial in Ate pairing and $\mathrm{Ate}_{i}$ pairing. In this paper we show that when $4|k$ or the minimal prime which divides $k$ is larger than $2$, some $u(x)$ and $r(x)$ can not be used as curve generation parameters if we want $\mathrm{Ate}_{i}$ pairing to be efficient. We also show that the Miller loop length can not reach the bound $\frac{\mathrm{log_{2}r}}{\varphi(k)}$ when we use the factorization of $\mathrm{\Phi}_{k}(u(x))$ to generate elliptic curves.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
ztsu @ mail xidian edu cn
History
2008-05-12: received
Short URL
https://ia.cr/2008/202
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/202,
      author = {Zhitu Su and Hui Li and JianFeng Ma},
      title = {Polynomials for  Ate Pairing and $\mathbf{Ate}_{i}$ Pairing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/202},
      year = {2008},
      url = {https://eprint.iacr.org/2008/202}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.