Paper 2008/404

Pairing with Supersingular Trace Zero Varieties Revisited

Emanuele Cesena

Abstract

A Trace Zero Variety is a specific subgroup of the group of the divisor classes on a hyperelliptic curve $C/\F_q$, which are rational over a small degree extension $\F_{q^r}$ of the definition field. Trace Zero Varieties (\tzv) are interesting for cryptographic applications since they enjoy properties that can be exploited to achieve fast arithmetic and group construction. Furthermore, supersingular \tzv allows to achieve higher MOV security per bit than supersingular elliptic curves, thus making them interesting for applications in pairing-based cryptography. In this paper we survey algorithms in literature for computing bilinear pairings and we present a new algorithm for the Tate pairing over supersingular \tzv, which exploits the action of the $q$-Frobenius. We give explicit examples and provide experimental results for supersingular \tzv defined over fields of characteristic 2. Moreover, in the same settings, we propose a more efficient variant of the Silverberg's point compression algorithm.

Metadata
Available format(s)
PDF PS
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
trace zero varietysupersingular elliptic curvetate pairingmiller function
Contact author(s)
emanuele cesena @ gmail com
History
2008-09-24: received
Short URL
https://ia.cr/2008/404
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/404,
      author = {Emanuele Cesena},
      title = {Pairing with Supersingular Trace Zero Varieties Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/404},
      year = {2008},
      url = {https://eprint.iacr.org/2008/404}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.