Paper 2005/139

Scaling security in pairing-based protocols

Michael Scott

Abstract

In number theoretic cryptography there is always the problem of scaling-up security to a higher level. This usually means increasing the size of the modulus, from, say 1024 bits to 2048 bits. In pairing-based cryptography however another option is available, keeping the modulus constant and increasing instead the embedding degree. This has a big potential advantage in smart-card and embedded applications -- security can be scaled up while continuing to use the same sized calculations. For example a cryptographic co-processor which does 512-bit modular multiplications can be directly re-used in the higher security setting. Here we investigate the scaling-up issue in the context of prime characteristic non-supersingular elliptic curves. We also confirm the observation that at higher levels of security a slightly modified Weil pairing becomes more efficient than the Tate pairing.

Note: Updated and corrected

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Pairing-based cryptosystems
Contact author(s)
mike @ computing dcu ie
History
2006-02-24: revised
2005-05-12: received
See all versions
Short URL
https://ia.cr/2005/139
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/139,
      author = {Michael Scott},
      title = {Scaling security in pairing-based protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/139},
      year = {2005},
      url = {https://eprint.iacr.org/2005/139}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.