Cryptology ePrint Archive: Report 2016/130

On the Computation of the Optimal Ate Pairing at the 192-bit Security Level

Loubna Ghammam and Emmanuel Fouotsa

Abstract: Barreto, Lynn and Scott elliptic curves of embedding degree 12 denoted BLS12 have been proven to present fastest results on the implementation of pairings at the 192-bit security level [1]. The computation of pairings in general involves the execution of the Miller algorithm and the nal exponentiation. In this paper, we improve the complexity of these two steps up to 8% by searching an appropriate parameter. We compute the optimal ate pairing on BLS curves of embedding degree 12 and we also extend the same analysis to BLS curves with embedding degree 24. Furthermore, as many pairing based protocols are implemented on memory constrained devices such as SIM or smart cards, we describe an ecient algorithm for the computation of the nal exponentiation less memory intensive with an improvement up to 25% with respect to the previous work.

Category / Keywords: BLS curves, Optimal Ate pairing, nal exponentiation, memory resources, Miller loop.

Date: received 13 Feb 2016

Contact author: ghammam loubna at yahoo fr

Available format(s): PDF | BibTeX Citation

Version: 20160215:192836 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]