Paper 2015/192

Memory-saving computation of the pairing final exponentiation on BN curves

Sylvain DUQUESNE and Loubna GHAMMAM

Abstract

In this paper, we describe and improve efficient methods for computing the hard part of the final exponentiation of pairings on Barreto-Naehrig curves. Thanks to the variants of pairings which decrease the length of the Miller loop, the final exponentiation has become a significant component of the overall calculation. Here we exploit the structure of BN curves to improve this computation. We will first present the most famous methods in the literature that en- sure the computing of the hard part of the final exponentiation. We are particularly interested in the memory resources necessary for the implementation of these methods. Indeed, this is an important constraint in restricted environments. More precisely, we are studying Devegili et al. method, Scott et al. addition chain method and Fuentes et al. method. After recalling these methods and their complexities, we determine the number of required registers to compute the final result, because this is not always given in the literature. Then, we will present new versions of these methods which require less memory resources (up to 37%). Moreover, some of these variants are providing algorithms which are also more efficient than the original ones.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
BN curvesTate pairingfinal exponentiationmemory resourcesaddition chain.
Contact author(s)
ghammam loubna @ yahoo fr
History
2015-03-04: received
Short URL
https://ia.cr/2015/192
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/192,
      author = {Sylvain DUQUESNE and Loubna GHAMMAM},
      title = {Memory-saving computation of the pairing final exponentiation on {BN} curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/192},
      year = {2015},
      url = {https://eprint.iacr.org/2015/192}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.