On Instantiating Pairing-Based Protocols with Elliptic Curves of Embedding Degree One

Sanjit Chatterjee; Alfred Menezes; Francisco Rodriguez-Henriquez

Paper 2016/403

On Instantiating Pairing-Based Protocols with Elliptic Curves of Embedding Degree One

Sanjit Chatterjee, Alfred Menezes, and Francisco Rodriguez-Henriquez

Abstract

Since the discovery of identity-based encryption schemes in 2000, bilinear pairings have been used in the design of hundreds of cryptographic protocols. The most commonly used pairings are constructed from elliptic curves over finite fields with small embedding degree. These pairings can have different security, performance, and functionality characteristics, and were therefore classified into Types 1, 2, 3 and 4. In this paper, we observe that this conventional classification is not applicable to pairings from elliptic curves with embedding degree one. It is important to understand the security, efficiency, and functionality of these pairings in light of recent attacks on certain pairings constructed from elliptic curves with embedding degree greater than one. We define three kinds of pairings from elliptic curves with embedding degree one, discuss some subtleties with using them to implement pairing-based protocols, and provide an estimated cost of implementing them on modern processors.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint. MINOR revision.
Contact author(s): ajmeneze @ uwaterloo ca
History: 2016-11-11: revised; 2016-04-25: received; See all versions
Short URL: https://ia.cr/2016/403
License: CC BY

BibTeX

@misc{cryptoeprint:2016/403,
      author = {Sanjit Chatterjee and Alfred Menezes and Francisco Rodriguez-Henriquez},
      title = {On Instantiating Pairing-Based Protocols with Elliptic Curves of Embedding Degree One},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/403},
      year = {2016},
      url = {https://eprint.iacr.org/2016/403}
}