Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves

Diego F.  Aranha; Jean-Luc Beuchat; Jérémie Detrey; Nicolas Estibals

Paper 2010/559

Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves

Diego F. Aranha, Jean-Luc Beuchat, Jérémie Detrey, and Nicolas Estibals

Abstract

This article presents a novel pairing algorithm over supersingular genus- $2$ binary hyperelliptic curves. Starting from Vercauteren's work on optimal pairings, we describe how to exploit the action of the $2^{3 m}$ -th power Verschiebung in order to reduce the loop length of Miller's algorithm even further than the genus- $2$ $η_{T}$ approach. As a proof of concept, we detail an optimized software implementation and an FPGA accelerator for computing the proposed optimal Eta pairing on a genus- $2$ hyperelliptic curve over , which satisfies the recommended security level of bits. These designs achieve favourable performance in comparison with the best known implementations of -bit-security Type-1 pairings from the literature.

Note: Updated version, incorporating remarks and comments from anonymous Eurocrypt and CT-RSA reviewers.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. Unknown where it was published
Keywords: Optimal Eta pairing supersingular genus-2 curve software implementation FPGA implementation
Contact author(s): Jeremie Detrey @ loria fr
History: 2011-11-23: last of 3 revisions; 2010-11-03: received; See all versions
Short URL: https://ia.cr/2010/559
License: CC BY

BibTeX

@misc{cryptoeprint:2010/559,
      author = {Diego F.  Aranha and Jean-Luc Beuchat and Jérémie Detrey and Nicolas Estibals},
      title = {Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/559},
      year = {2010},
      url = {https://eprint.iacr.org/2010/559}
}