Cryptology ePrint Archive: Report 2012/072

Particularly Friendly Members of Family Trees

Craig Costello

Abstract: The last decade has witnessed many clever constructions of parameterized families of pairing-friendly elliptic curves that now enable implementors targeting a particular security level to gather suitable curves in bulk. However, choosing the best curves from a (usually very large) set of candidates belonging to any particular family involves juggling a number of efficiency issues, such as the nature of binomials used to construct extension fields, the hamming-weight of key pairing parameters and the existence of compact generators in the pairing groups. In light of these issues, two recent works considered the best families for k=12 and k=24 respectively, and detailed subfamilies that offer very efficient pairing instantiations. In this paper we closely investigate the other eight attractive families with 8 \leq k <50, and systematically sub-divide each family into its family tree, branching off until concrete subfamilies are highlighted that simultaneously provide highly-efficient solutions to all of the above computational issues.

Category / Keywords: pairing-friendly curves, subfamilies, pairing implementation

Date: received 18 Feb 2012

Contact author: craig costello at qut edu au

Available formats: PDF | BibTeX Citation

Version: 20120223:133344 (All versions of this report)

Discussion forum: Show discussion | Start new discussion