Cryptology ePrint Archive: Report 2013/119

Speeding up Ate Pairing Computation in Affine Coordinates

Duc-Phong Le and Chik How Tan

Abstract: At Pairing 2010, Lauter et al's analysis showed that Ate pairing computation in affine coordinates may be much faster than projective coordinates at high security levels. In this paper, we further investigate techniques to speed up Ate pairing computation in affine coordinates. On the one hand, we improve Ate pairing computation over elliptic curves admitting an even twist by describing an $4$-ary Miller algorithm in affine coordinates. This technique allows us to trade one multiplication in the full extension field and one field inversion for several multiplications in a smaller field. On the other hand, we investigate pairing computations over elliptic curves admitting a twist of degree $3$. We propose new fast explicit formulas for Miller function that are comparable to formulas over even twisted curves. We further analyze pairing computation on cubic twisted curves by proposing efficient subfamilies of pairing-friendly elliptic curves with embedding degrees $k = 9$, and $15$. These subfamilies allow us not only to obtain a very simple form of curve, but also lead to an efficient arithmetic and final exponentiation.

Category / Keywords: Ate pairing computation, final exponentiation, affine coordinates, cubic twisted curves, pairing-friendly elliptic curves

Original Publication (with minor differences): ICISC 2012
DOI: 10.1007/978-3-642-37682-5_19

Date: received 27 Feb 2013, last revised 26 Jun 2015

Contact author: tslld at nus edu sg

Available format(s): PDF | BibTeX Citation

Version: 20150626:074428 (All versions of this report)

Short URL: ia.cr/2013/119

Discussion forum: Show discussion | Start new discussion