Paper 2016/130

On the Computation of the Optimal Ate Pairing at the 192-bit Security Level

Loubna Ghammam and Emmanuel Fouotsa

Abstract

Barreto, Lynn and Scott elliptic curves of embedding degree 12 denoted BLS12 have been proven to present fastest results on the implementation of pairings at the 192-bit security level [1]. The computation of pairings in general involves the execution of the Miller algorithm and the final exponentiation. In this paper, we improve the complexity of these two steps up to 8% by searching an appropriate parameter. We compute the optimal ate pairing on BLS curves of embedding degree 12 and we also extend the same analysis to BLS curves with embedding degree 24. Furthermore, as many pairing based protocols are implemented on memory constrained devices such as SIM or smart cards, we describe an efficient algorithm for the computation of the final exponentiation less memory intensive with an improvement up to 25% with respect to the previous work.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Keywords
BLS curvesOptimal Ate pairingfinal exponentiationmemory resourcesMiller loop.
Contact author(s)
ghammam loubna @ yahoo fr
History
2016-02-15: received
Short URL
https://ia.cr/2016/130
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/130,
      author = {Loubna Ghammam and Emmanuel Fouotsa},
      title = {On the Computation of the Optimal Ate Pairing at the 192-bit Security Level},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/130},
      year = {2016},
      url = {https://eprint.iacr.org/2016/130}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.